Development preview BackBy is still being tested. Do not rely on it yet for real emergencies or safety check-ins.

What that means

Resilience & auditability

No one should have to trust a single promise or a single server.

BackBy is designed so independent reviewers can check Plan history and so a service outage does not erase the only copy of what mattered. Several parts of that design still need production proof.

The design

Keep authority with people, and evidence in the open.

Backers—not BackBy—act

BackBy is not a dispatch center. Trusted people decide what to do using the instructions the Planner prepared.

No messaging switch

The server sends no SMS, email, or push and stores no contact list. Backer apps check for changes and can notify locally.

Append-only history

A change creates a new event instead of rewriting an old one. That makes silent alteration detectable when the audit system is fully deployed.

Mirrors and local encrypted copies

Public integrity files can be mirrored, while encrypted notes stay with the people who hold the keys.

Status, without spin

Designed, built, and proven are different words.

The table below summarizes the public-readiness document. The repository checklist remains authoritative.

ProtectionStatusWhat must happen next
Durable, replayable Plan storageDevelopmentRestart and multi-replica tests must pass without losing data.
Signed history and daily anchorsDevelopmentProduction signing and public verification need complete evidence.
Private Plan discoveryDevelopmentDiscovery must be capability-gated and avoid precise timing exposure.
Public mirrors and outage recoveryDevelopmentA restore drill and mirror verification report must succeed.
Private or offline map tilesLaterUntil then, optional maps stay off by default and warn before loading.

The claim we can make today

BackBy is designed for resilience. It has not yet proven public-release resilience.

Until the checklist is complete, a demo must be treated as a demo. People should not assume that a mirror, anchor, background notification, restore path, or legal safeguard is production-ready merely because it exists in the design.

Independent review is part of the product.

Security reviewers, SREs, legal advocates, and community technologists can inspect the open threat model, protocol, audit guide, and readiness criteria.

Review the public repository