Yes, Tanda stores data at rest using the AES-256 encryption standard. More can be read here.

Yes. All communications with Tanda are encrypted during transport. The supported protocols, options, and ciphers are below. The protocol and cipher selected are the best the client's browser will support. Encryption terminates at the load balancer. However, Tanda is currently undertaking a project to ensure there is end-to-end encryption in transit.
​

Protocols: Protocol-TLSv1.2

Options: Server Order Preference

Ciphers: ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES128-SHA, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA, AES128-GCM-SHA256, AES128-SHA256, AES128-SHA, AES256-GCM-SHA384, AES256-SHA256, AES256-SHA
​ 

Yes. Tanda creates an encrypted backup every night to protect against data loss. To maintain a strong Disaster Resilience posture, we take a backup of all data once every 24 hours. We classify these backups as cold data. These are retained for 7 days only.
​
Tanda is also able to restore in a granular 5-minute incremental format referred to as point-in-time backups. We retain 35 days of point-in-time backups, meaning we can guarantee that in the face of system-wide data corruption, we can revert to a period 5 minutes prior to the corruption event.
​

Tanda has an RPO of up to 24 hours in case of a major incident (such as the database being deleted), and up to 5 minutes in the event of a minor incident (such as data corruption)

Tanda has an RTO of 8 hours. 

Tanda tests DR continuously, at least weekly.
​