We store our database(s) using Heroku's services for Postgres. We use standard- and premium-tier instances of Postgres that include dataclips, continuous protection/rollbacks, encryption (at rest) and up to 25 retained backups. Continuous protection provides us a 4-day rollback of any changes made to our databases.
We take automatic daily backups giving us up to 25 days of backups. Daily backups are stored in Heroku's cloud service and are encrypted. Access is restricted to our lead developers as part of their role in managing and maintaining our services.
We take manual fortnightly backups and retain at least the most recent 4, providing 56 day protection. These are stored offline on encrypted storage within the UK/EU accessible only by our lead developer.
User account information excluding passwords is stored in our main database(s) and covered by the same backup protections. Passwords are stored by our security provider Auth0 and never leave Auth0's systems. We do not backup passwords. In the event of data loss resulting in loss of password data, we will contact affected users and provide a secure password reset mechanism.