Service Level Agreement (SLA)

For purposes of this SLA: Availability means the percentage of total minutes in a calendar month during which the covered production Service is capable of receiving and processing valid requests, excluding Excluded Downtime; Business Hours means the support hours stated in the applicable subscription or Order Form; Excluded Downtime has the meaning set out in Section 8; and Service Credit means a credit against future fees, calculated in accordance with Section 7.

Capitalized terms not defined in this SLA have the meaning given in the Terms, Order Form, or DPA, as applicable.

This SLA applies only to the standard production environment of the subscribed Service components that are generally available and included in the Customer's paid subscription. It covers the hosted platform operated by Numezis and the standard APIs and user interfaces supplied by Numezis as part of that production Service.

This SLA does not cover customer-managed networks, browser issues, unsupported devices, third-party integrations not supplied by Numezis, customer misconfiguration, custom code written by the Customer or a third party, or any deliverable, module, or environment that is expressly identified as beta, preview, pilot, sandbox, or non-production.

Unless a different commitment is expressly stated in an Order Form, Numezis targets a monthly Availability commitment of 99.9% for the covered production Service. Availability is measured over each full calendar month using Numezis' internal monitoring systems and incident records, which will govern absent manifest error.

An incident affects Availability only to the extent the covered production Service is materially unavailable for genuine use by the Customer and the condition is not attributable to Excluded Downtime. Partial degradation, latency, third-party dependency issues outside the defined service boundary, or issues affecting only a non-production feature may be handled under the support process without counting as Availability failure.

Numezis may perform routine, corrective, preventive, or security-related maintenance. Where planned maintenance is reasonably expected to cause material user impact or more than a brief interruption, Numezis will use commercially reasonable efforts to provide advance notice, typically at least 72 hours in advance.

Emergency maintenance may be carried out without prior notice where necessary to contain a security issue, preserve service stability, prevent data loss, or comply with a legal or infrastructure requirement. Numezis will provide follow-up communication as soon as reasonably practicable after such intervention.

Numezis seeks to schedule planned maintenance during lower-traffic periods. Maintenance windows announced in advance are treated as Excluded Downtime.

Support channels and escalation paths depend on the applicable subscription package or Order Form. Unless a different enterprise support model is contracted, support is delivered through email, in-product support channels, or another documented asynchronous channel.

Default initial response objectives are as follows:

• P1 Critical: full production outage or severe security event with no reasonable workaround for the Customer's critical operations. Target initial response: 1 hour. For customers without contracted 24/7 coverage, timing runs during Business Hours unless the issue concerns an active security emergency.
• P2 High: major degradation of core functionality affecting a substantial portion of users or a business-critical workflow. Target initial response: 4 Business Hours.
• P3 Medium: material but non-critical defect with workaround available. Target initial response: 1 Business Day.
• P4 Low: minor defect, cosmetic issue, documentation issue, or enhancement request. Target initial response: 2 Business Days.

Response targets are not resolution guarantees. Resolution timing depends on technical complexity, customer cooperation, dependency on third-party providers, and whether a workaround is available.

Numezis maintains incident triage, escalation, and communication processes designed to identify, contain, remediate, and document service-impacting events. Depending on severity, Numezis may use internal war-room procedures, change freezes, emergency maintenance, enhanced monitoring, and follow-up corrective actions.

For material production incidents, Numezis will use commercially reasonable efforts to provide status updates through support channels, the designated customer contact, or another reasonable communication mechanism. For high-severity incidents that materially affect multiple customers or core service continuity, Numezis may provide a post-incident summary or root-cause-oriented recap once operationally appropriate.

If the monthly Availability commitment is not met for a covered production Service, the Customer's sole monetary remedy under this SLA is a Service Credit, calculated on the monthly recurring fees attributable to the affected Service for the month in which the failure occurred. Unless the Order Form states otherwise, the default credit schedule is: 5% of monthly fees if Availability is below 99.9% but at or above 99.0%; 10% if below 99.0% but at or above 95.0%; and 15% if below 95.0%.

To receive a Service Credit, the Customer must submit a written claim within 30 days after the end of the affected month and include reasonable details sufficient to identify the incident and the impacted account. Credits are applied to future invoices and are not refundable, payable in cash, or cumulative across overlapping failures. No credit is available where the event qualifies as Excluded Downtime or where the Customer is in material payment default.

The following constitute Excluded Downtime and are not counted against the Availability commitment:

• planned maintenance announced in accordance with Section 4;
• emergency maintenance required to address urgent security or stability risks;
• force majeure events or events outside Numezis' reasonable control, including internet backbone failures, widespread cloud provider incidents, power outages outside Numezis' controlled environment, war, terrorism, or government action;
• failures caused by customer systems, customer networks, customer internet access, unsupported browsers or devices, or third-party software not supplied by Numezis;
• misuse of the Service, breach of Documentation, over-consumption beyond contracted limits, or Customer failure to follow security or configuration instructions;
• suspensions or restrictions imposed by Numezis under the contract for non-payment, abuse, legal risk, or security reasons; and
• Beta Services, pilots, previews, sandboxes, or non-production environments.

Numezis uses internal observability, logging, alerting, and operational review processes to supervise the health of the production Service. Those systems may include endpoint checks, infrastructure alerts, application telemetry, security monitoring, dependency monitoring, and incident logs.

Upon reasonable request and subject to confidentiality, security, and operational limitations, Numezis may provide summary information concerning material SLA incidents, support history, or availability performance. Numezis is not required to disclose raw logs, internal detection logic, penetration details, or information that could materially impair the security of the Service or other customers.

Numezis may update this SLA from time to time to reflect changes in support operations, infrastructure, security controls, measurement methodology, or commercial packaging. If a change materially reduces the service commitments applicable to an active paid subscription, Numezis will use commercially reasonable efforts to provide prior notice, unless immediate changes are required for legal, security, or abuse-prevention reasons.

The version in force is the version posted or otherwise made available by Numezis, except where an Order Form or signed addendum expressly fixes a different SLA version for a specified term.

This SLA forms part of the Agreement and is governed by the same law, dispute resolution mechanism, limitation framework, and liability exclusions set out in the Terms or applicable Order Form, unless mandatory law requires otherwise. In case of conflict, the Order Form controls over this SLA for customer-specific service commitments, and this SLA controls only for the specific support and availability matters it addresses.