Disaster Recovery and Incident Response
A public summary of HauliK continuity and incident handling. Sensitive technical details are not published.
Last updated: 3 June 2026
Transparency without overclaiming
HauliK maintains documented disaster recovery and incident response procedures, including an initial tabletop exercise completed on 3 June 2026. Recovery times may vary depending on the nature of the incident and third-party provider availability, unless otherwise agreed in writing.
1. What the Plan Covers
- Supabase outage, database corruption, storage access failure and bucket exposure scenarios;
- Vercel outage, failed deployment and domain/DNS issues;
- compromised admin or dispatcher accounts, leaked keys and suspected unauthorised access;
- Stripe webhook or billing disruption;
- mobile app broken-release recovery and app-store dependency handling;
- personal data breach assessment, evidence preservation and communication steps.
2. Incident Response Phases
HauliK's internal process follows detection, triage, containment, eradication, recovery and post-incident review. For serious incidents, the plan includes first 15 minute, first hour, first 24 hour and first 72 hour checklists.
3. Backup and Recovery Dependencies
HauliK relies on managed providers including Supabase, Vercel, Stripe, email providers, Expo/EAS, app stores, DNS and customer internet/mobile networks. Recovery times depend on the provider, incident type, available backups, customer impact and any required security investigation.
We do not publish guaranteed RTO or RPO values unless a separate customer contract expressly includes them.
4. Customer Communication
If an incident materially affects customer access, customer data or core operation, MAT MAD LTD aims to provide clear updates using available channels such as email, in-app/dashboard messaging or direct account contact. The timing and content of updates depends on what has been verified.
5. Personal Data Breach Handling
Where a suspected incident may involve personal data, HauliK will assess what happened, what data may be affected, who may be affected, whether there is likely risk to individuals, and whether controller/customer, ICO, individual, insurer or legal notifications should be considered.
Customers remain controllers for much of their fleet, driver and operational data. MAT MAD LTD will support affected customers with relevant information where HauliK acts as processor.
6. What Is Not Public
We do not publish sensitive implementation details such as exact backup commands, keys, storage policy internals, privileged account details, exploit information or internal runbooks.
7. Contact
Report urgent security or incident concerns to info@matmad.co.uk. See also our Security page and Service Availability Policy.