Recover.is is a backup platform engineered around the assumption that everything else has already failed — the customer has been ransomwared, the cloud account is compromised, the prod database has been dropped, or a subpoena landed in a friendlier jurisdiction. v1 ships **Recover Archive**, WORM-immutable storage with hash-chained audit evidence and daily Merkle roots, where retention policies are enforced at the gateway and not even the operator can delete data inside its lock window.
Three-layer architecture: the **Recover.is** application layer (this launch) — customer dashboard, S3 gateway, control plane, audit, metering, worker — running on top of **Atlas**, the underlying compute/storage/Kubernetes/managed-Postgres platform, all hosted in **Iceland** on 100% renewable power, inside the EEA but outside the EU and outside the reach of the US CLOUD Act. The S3 gateway is SigV4-compatible with envelope encryption (per-object DEKs wrapped by KEKs in OpenBao); audit events are append-only with a verifiable hash chain.
MVP shipped in beta on 2026-05-02 after Phase 12 deployed the full stack to a production VM — control plane, admin console, customer dashboard, gateway, and worker — with OIDC via Authentik, evidence-verifier and KEK-rotation smokes wired into CI, and a full S3 conformance suite. v1.0.0-rc cut; running through human UAT toward GA. Recover Active (hot S3 with time-machine Revert) and Dark Buckets (Chaum blind-signature anonymous storage) are later milestones.