← All guides

Neon branches are not backups (and when they are enough)

Branches share the parent's storage and account. What branches solve brilliantly, and the three risks they can't cover.

What a branch actually is

A Neon branch is a copy-on-write fork of cluster state — instant, cheap, wonderful for previews, migration testing, and short-window incident forensics. It is not a copy of your data: it shares underlying storage with its parent, inside the same project, account, and platform.

Three risks branches don't cover

1. Account-level events — compromise, suspension, deletion take branches too.
2. Time depth — branch-from-history is bounded by your plan's restore window.
3. Platform risk — any Neon-wide incident affects primary and branches equally. Low probability; the whole point of backups is surviving low-probability events.

Enough or not?

A weekend prototype: branches plus an occasional manual dump is fine. Anything with customers or compliance: add independent, encrypted, restore-tested archives off-platform. They cost less than the meeting where you'd explain their absence.

Whatever tool made your backup, the only way to know it works is to restore it. Firedrill does that automatically for every backup — or try a one-off free drill on a dump you already have.

A backup you've never restored is a hope, not a backup.

Firedrill restore-tests every backup it takes — on real infrastructure, with the report to prove it.