walwardenPricingProofBlogRoadmapDocsSign inStart free

Backup independence for Postgres — across every provider you run.

Walwarden runs scheduled backups of your Supabase and Neon databases into storage you own, with signed restore evidence your SOC 2 auditor accepts — with AWS RDS/Aurora on the roadmap. This page tracks exactly what ships today, what ships next, and what we do not claim — so copy and code stay in lockstep.

Shipping today

  • WorkOS-backed sign-in (magic link + 6-digit passcode), with first-user onboarding to a fresh team. (#17)
  • Postgres control plane with hash-chained Audit chain, append-only by SQL trigger. (#18)
  • Production deploy on Fly.io (control plane + worker), at walwarden.com, with credential firewall. (#19)
  • Dashboard hero: per-team RPO + loss window + restore readiness card. (#49)
  • Per-database Recoverability detail page: RPO target/observed, missed schedules, restore-drill outcomes. (#50)
  • Operator-driven restore via the walwarden CLI: dashboard issues a short-lived token, pg_restore runs on your machine, every state transition lands on the audit chain. (#251)
  • Offline Evidence bundle verifier CLI: Ed25519-signed Manifest, public-key publish, verifies without phoning home. (#52)
  • Cron schedule builder with timezone selection. (#53)
  • Members page: invite-by-email, admin/member roles, pending → active upgrade on first sign-in. (#56)
  • Friendly auth-error UX: typed AuthError → on-page error card instead of a Next.js stack trace. (#30)

Shipping next

  • AWS RDS / Aurora as a protected-database providerPhase 1.5 — Supabase and Neon ship today. The provider schema keeps the RDS/Aurora enum ready, but the backup path has not shipped, so we do not claim RDS/Aurora as a current provider.
  • Automated restore drills (ephemeral targets)Drill scheduling and the drill state machine exist in the product today, but ephemeral drill targets have not shipped — restore drills are operator-driven via the CLI.
  • Logical recovery windowsPlanned customer feature. The proof lane already covers full baseline snapshots, supported transaction tailing, restore replay, schema-change resnapshot, cursor-gap fail-closed behavior, and unsupported-shape rejection. Live disposable Neon/Supabase proof and product enablement must land before this becomes a customer-facing recovery-window claim. (#436)
  • BYO Google Cloud Storage / Backblaze B2 destinationsPhase 1.5+. v0 supports customer-owned AWS S3 only; the destination boundary is generic so additional providers slot in.
  • Walwarden-managed storage tier (no bring-your-own S3)Low-friction onboarding: walwarden provisions and operates the bucket, so you never hand-edit an IAM trust policy. Honest tradeoff — managed mode means walwarden holds the dump bytes, which weakens the "backup independence from a provider you do not fully trust" wedge; BYO S3 stays the trust-boundary-strongest path. Not yet shipped; the data model carries the mode but managed creates are gated off until provisioning automation and the storage/egress pricing passthrough land. (#200)
  • WorkOS SSO / SCIM provisioningPaid-tier feature. Multi-team sign-in falls back to the user’s primary team today. (#95)
  • Evidence bundle viewer in the control planeToday the offline verifier CLI is the canonical surface; an in-app viewer ships next. (#58)

What we do NOT claim today

  • Managed-provider true PITR, continuous backup, or zero-data-loss recovery.
  • Customer-facing logical recovery windows until live managed-provider proof and product enablement land.
  • HIPAA BAA-signing.
  • SOC 2 Type II attestation on walwarden itself.
  • In-place restore for managed Postgres (Supabase, Neon) — managed-Postgres restore is always new-database + cutover; in-place is self-hosted only.
  • Backup of Postgres instances larger than 500 GB compressed dump in v0 (verification economics break above that size).

Logical recovery windows stay out of customer claims until live managed-provider proof exists; physical PITR stays a provider-native capability, not a Walwarden promise.

Walwarden roadmap — what ships today, what ships next