Dokaz

Backup verification as a service

Your backups are untested until something restores them.

Dokaz restores your database backups in an isolated sandbox on a schedule, proves the data really came back, and signs the result — so a broken backup shows up in a report, not an outage.

Start free View pricing

No card required · Postgres supported today

app.dokaz.io/drills/a1f9c2

production-primary

Daily drill · pg_dump -Fc · 4.2 GB

passed

Restore time

2m 14s

Rows verified

4.2M

Assertions

6 / 6

Evidence

Signed

provisionfetchrestoreassertreportteardown

How it works

A drill, start to finish

1

Connect a database

Point Dokaz at the dump your backup job already produces. We never touch your production database.

2

Dokaz runs the drill

On your schedule we spin up an isolated sandbox, restore the dump, and run your assertions: row counts, required tables, no-null checks.

3

Collect signed evidence

Every drill produces a signed PDF and an immutable audit entry — the proof auditors and customers ask to see.

New to backup drilling? Read the full explainer →

Auditor-grade evidence

Proof, not a green checkmark

A backup job that "succeeded" only tells you a file was written. Dokaz proves the file restores — and hands you a cryptographically signed report, retained for seven years, with a live tamper-check.

  • An Ed25519-signed PDF for every drill
  • An immutable audit log of every drill and download
  • Seven-year retention, encrypted at rest
Dokaz
Verified

Backup Verification Report

Database
production-primary
Drill completed
2026-05-22 04:11 UTC
Result
All 6 assertions passed
Retain until
2033-05-22

Signature

ed25519:9f2c4b…a17b · valid

Capabilities

Built for teams that get audited

Scheduled drills

Verification runs on a cadence you set, so a broken backup is caught in days — not during a recovery.

A real assertion suite

Go past "it restored": assert row counts, table and column existence, and non-null constraints on the restored data.

Signed PDF evidence

Every drill is cryptographically signed, retained for seven years, and verifiable with a live tamper-check.

Immutable audit log

Every drill, download, and account change is recorded — the trail SOC 2 and HIPAA reviewers expect.

API and webhooks

A versioned JSON API and signed webhooks push drill results straight into your own tooling and alerts.

No production access

Dokaz verifies the dumps you already have. It never needs a connection to your live database.

FAQ

Questions, answered

Does Dokaz need access to my production database? +

No. Dokaz only reads the backup dumps you register. It never connects to your live database.

Which databases are supported? +

PostgreSQL today — every pg_dump format: plain, custom, tar, and directory archives. MySQL and MongoDB are on the roadmap.

Where do drills run? +

In an isolated, ephemeral sandbox that is destroyed the moment the drill finishes. The working copy of your dump is deleted with it.

What do I actually get? +

A signed PDF report and an immutable audit entry for every drill, retained for seven years — the evidence SOC 2 and HIPAA reviewers ask for.

Can I get drill results in my own tools? +

Yes. A versioned JSON API and signed webhooks push results straight into your alerting and dashboards.

Stop guessing about your backups

Run your first drill in minutes. Free to start, no card required.

Create an account See plans