Unless you've done manual backups yourself and/or enabled backups for that volume, there's nothing Railway can do.

Thanks for the response. I'd like to request engineering escalation on this rather than closing the thread.

Per Railway's April 29, 2026 blog post on the PocketOS incident (https://blog.railway.com/p/your-ai-wants-to-nuke-your-database), Railway maintains offsite "disaster backups" for Postgres volumes regardless of whether user-configured backups are enabled. That post explicitly notes Railway recovered PocketOS's data via these disaster backups even when the user had no backups configured.

This is a paid Pro plan production database for an active SMB (children's science education franchise serving Atlantic Canada). I have shell access to the container, the snapshot is preserved, and I have an open ticket. I'm asking for the same disaster-snapshot check Jake described in that blog post.

Happy to provide service ID, project ID, exact UTC timestamp of the DROP, or any other identifying info via private channel.

Thanks for the detailed explanation — the distinction between infrastructure-layer and application-layer events makes sense, and I appreciate the honest reply rather than a generic "no backups, sorry." I have a snapshot of the pgdata captured before any restart and an active recovery effort underway via WAL decode. Closing this thread.

Feedback for the team: it would significantly help SMB customers if Railway's Postgres template shipped with at least one of (a) a default destructive-DDL event trigger, (b) a default pg_dump-to-S3 sidecar service, or (c) clearer language in the docs that the Backups feature does NOT protect against in-database DROP operations. The PocketOS blog post arguably created the impression that Railway protects against more than it does. Happy to provide more detail if useful.