SLA

Service Level Agreement

We respect user privacy and carefully protect all personal data according to global privacy laws and best practices.

1. GENERAL

1.1           In accordance with the terms of the Agreement, the parties acknowledge and agree that the Service Levels (as described below) set out in this Service Level Addendum shall apply in respect of the Services (as defined in the terms and conditions attached to the order form signed by Customer). Where this Service Level Addendum specifies that:

(a)             an adjustment is made to a Fee (as defined in the Terms and Conditions) ; or

(b)             a Service Credit (as defined below) is available,

in each case as a result of the Company failing to achieve a Service Level in respect of the Services it has agreed to provide to Customer, this adjustment or Service Credit shall only apply to the fees charged by the Company.

1.2           Unless otherwise defined in this Service Level Addendum, all capitalized terms shall have the meanings given to them in clause 7 below (Definitions) .

2. SERVICE LEVELS AND SERVICE CREDITS

2.1           The Company shall provide the Customer the Services in accordance with:

(c)             the Terms and Conditions; and

(d)             the applicable Service Levels agreed for the Services, as set out in this Service Level Addendum.

2.2           If a Service Level is not achieved, Customer may be entitled to apply for a Service Credit by notifying its account manager at the Company via email (with sufficient detail necessary to identify the affected Service and Service Level) within 60 days of the end of the calendar month for which a Service Credit is sought.

2.3           Customer will not be entitled to a Service Credit in respect of any failure to achieve a Service Level where such failure results directly or indirectly from:

(a)             breach of the Terms and Conditions by Customer and/or its affiliates and personnel;

(b)             acts or omissions of third parties;

(c)             failures resulting from Customer’s software, equipment, technology or third-party equipment for which the Company is not responsible under the Terms and Conditions; or

(d)             a Force Majeure Event.

2.4           If a Service Level is not achieved and the same subject matter is the cause of failing to achieve another Service Level, Customer is not entitled to duplicate Service Credits for the same subject matter. In such cases,  Company will apply the highest available Service Credit.

2.5           The maximum Service Credit for any given calendar month, will not exceed 10% of the total Fees paid to the Company for that calendar month.

3. API AVAILABILITY

3.1           API Availability Service Level (Table 1)

ElementDescriptionMeasurementMetric
API AvailabilityMeasures the full availability of the Relevant APIs responding in a timely manner.System UptimeSystem Uptime:Service Credit:
   99.95% – 99.99%0%
   98.5% –99.94%0.5%
   97.5% –98.5%1.0%
   95% – 97.4%1.5%
   < 95%2.0%

3.2           API Availability Service Credit

(a)             In the event that the Company fails to achieve 99.95% System Uptime for API Availability (the “API Availability Service Level”) for at least three consecutive calendar months, Customer will be entitled to request a Service Credit in respect of each calendar month during which the API Availability Service Level was not met.

(b)             Any Service Credit shall not be carried over from the relevant calendar months in any circumstances.

(c)             Customer shall notify the Company immediately of any downtime of the Relevant API which it experiences by email. Customer shall provide all reasonably requested co-operation in investigating and resolving any such downtime.

4. SECURITY MANAGEMENT

4.1            Security Management 

In the event of a Security Incident affecting Customer, the Company will notify Customer of such Security Incident as soon as reasonably practicable, and in any event within 5 days (or such shorter period as required by Applicable Law) after an incident is classified by the Company as a Security Incident. the Company shall notify Customer of any material changes to the information provided in the initial notification of the Security Incident.

5. INCIDENT MANAGEMENT

5.1           Target Response Times and Target Resolution Times

Customer must notify the Company immediately by email to report any suspected event that may have an adverse impact on the Services. Where the Company determines that a suspected event constitutes an Incident:

(a)             the Company shall use commercially reasonable efforts to respond to Incidents within the Target Resolution Times as per Table 2 below. The Target Response Times are applicable when an Incident is notified during Business Hours. If an Incident is notified outside Business Hours, the Target Response Times shall run from 9.00am on the first Business Day following receipt of such notice by the Company; and

(b)             Target Response Times and Target Resolution Times shall only apply when Customer has notified the Incident to the Company as set out in this paragraph.

Where the Company believes that an Incident has been resolved, the Company will confirm to Customer that it considers the Incident resolved. If Customer does not agree that the Incident is resolved, then Customer will notify the Company of its objection and the parties will discuss any outstanding actions required to resolve the Incident. Unless Customer raises an objection, the time that the Incident is deemed to have been resolved will be the time at which Customer is notified pursuant to this paragraph.

5.2           Severity Level

The Severity Level of an Incident will be determined by the Company in its sole discretion (acting reasonably and in good faith) with reference to the following factors:

(a)             Customer’s own assessment of the severity of the Incident, as notified to the Company (the “Customer Assessment”);

(b)             the level of impact an Incident has or is expected to have on the operation of the affected Services; and

(c)             the level of impact an Incident has or is expected to have on Customer.

If the Company disagrees with Customer Assessment, it will notify Customer as soon as reasonably practicable giving reasonable detail on why it disagrees with Customer Assessment.

5.3           Notification of Major Incidents and Critical Incidents

The Company will notify Customer as soon as reasonably practicable (and in any event within 4 hours of an Incident constituting MIM-S1 (as set out in Table 2 below) (a “Critical Incident”) and 4 hours of an Incident constituting MIM-S2 (as set out in Table 2 below) (a “Major Incident”) after becoming aware of any such Critical Incident or Major Incident that affects Customer and which has not been reported by Customer to the Company.

5.4           Critical Incident Reports

Within 15 Business Days following the discovery of a Critical Incident, the Company shall submit a report to Customer in respect of such Critical Incident (a “Critical Incident Report”). Critical Incident Reports shall contain at least the following information:

(a)             a summary of the Critical Incident;

(b)             a Root Cause Analysis;

(c)             where reasonably practicable, a description of the expected impact of the Critical Incident on Customer; and

(d)             a description of the remedial measures taken to address the root cause and consequences of the Critical Incident.

5.5           Major Incident Management Service Level (Table 2)

Severity

Level

Description

Target Response

Times

Target Resolution

Times

Severity Level 1 (MIM-S1)An Incident with very high impact that significantly impacts the core functionality, availability and performance of the Services to Customer.<= 4 hours<= 8 hours
Severity Level 2 (MIM-S2)An Incident with significant impact that materially impacts the core functionality, availability and performance of the Services to Customer<= 4 hours<= 24 hours
Severity Level 3 (MIM-S3)An Incident with low impact that (partly) impacts the core functionality, availability and performance of part of the Services to Customer.<= 24 hoursTo be agreed with Customer on a case-by-case basis 

6. OPERATIONS 

6.1           Target Response Times

The Company shall use commercially reasonable efforts to respond to an Operational Request within the Target Response Times as per Table 3 below. The Target Response Times are measured as the time taken from receipt by the Company of such Operational Request by Customer logging a report with the Company. The Target Response Times are applicable when an Operational Request is received during Business Hours and Target Response Times shall not run on non-Business Days. If an Operational Request is received outside Business Hours, the Target Response Times shall run from 9.00am on the first Business Day following receipt of such Operational Request by the Company.

Operations Service Levels (Table 3)

CategoryDescriptionTarget Response Time
Customer support and disputesThe Company will provide support when Customer notified the Company of the need for support.The Company will endeavor to respond to Customer questions or issues within 24 hours during Business Days in more than 95% of cases in respect of each calendar month. Where no Operational Requests are received during a calendar month, the Operations Service Level shall be treated as having been achieved in that calendar month. 

6.2           Operations Service Level Remedy

If the Company fails to meet the Operations Service Level in respect of a particular calendar month, Company will provide to Customer a summary of its proposed continuous improvement program relating to operations (which may include seeking to hire more staff, review or improve existing processes). In this event, the Company will be required to report to Customer on a monthly basis its performance against such program until the Company is able to achieve the Operations Service Level for at least three consecutive calendar months.

7. DEFINITIONS

In this Service Level Addendum, the following definitions have the corresponding meaning:

API Availability Service Level has the meaning set out in Clause3.2;

Business Hours means 9.00am to 5.00pm on any day that is a business day;

Critical Incident has the meaning set out in Clause 5.3;

Emergency Maintenance means steps taken by the Company to correct elements of the Platform that are likely to cause a high severity disruption to or outage in the Services provided by the Company and which, in the Company’s  sole discretion, require immediate action;

Force Majeure Event means any event beyond Company’s reasonable control, which include, but are not limited to, acts of God, acts of government, flood, fire, earthquake, civil unrest, acts of terror, strikes or labor problems, computer, internet, or telecommunications failures, delays or network intrusions, or denial of service and any other degradations of the Service caused by third parties.

Incident means a singular event or a series of linked events unplanned by the Company which has or will likely have an adverse impact on the integrity, availability, confidentiality and/or authenticity of the Services;

Major Incident has the meaning set out in Clause 5.3;

Operational Request means any request made by Customer relating to operational matters, including, but not limited to Customer onboarding, transaction screening and review, financial operations, feature or setting enablement, merchant risk and underwriting, and/or general Customer support requests;

Permitted Downtime means all times during which the Relevant API or Service is not available due to:

(a)      planned maintenance or downtime as notified to Customer via email not less than ten (10) business days prior to the start of such maintenance or downtime;

(b)      Emergency Maintenance;

(c)      problems caused by circumstances outside the Company’s  reasonable control (including Force Majeure Events and problems caused by Customer or by telecommunications, internet services, software or hardware not provided or controlled by the Company); and

(d)      problems caused by acts or omissions of Customer, its affiliates or personnel (including Customer’s failure to implement updates to the Platform.

Relevant API means the subset of APIs utilised by Customer in order to access the Services;

Root Cause Analysis means an assessment conducted by the Company through a process of investigation to determine the primary cause, and any other contributing causes, of an Incident;

Security Incident means an Incident resulting in unauthorized access to, use, modification of, disclosure of, or deletion of Confidential Information or Personal Data in breach of the Agreement or applicable data protection laws;

Service Credit means the credit that Customer is eligible to request pursuant to this Service Level Addendum if there is a failure to achieve a Service Level. A Service Credit is calculated by multiplying the applicable percentage set out in [Table 1 of] this Service Level Addendum by the Service Fees Customer incurs for the affected Services for the applicable calendar month. Service Credits will be applied as a payment into Customer’s account.

Service Level means the service levels set out in this Service Level Addendum;

Severity Level means the number indicating the severity classification of an Incident as set out in Table 2 in this Service Level Addendum;

System Uptime means, with respect to a calendar month, the Total Actual Uptime divided by Total Possible Uptime;

Total Actual Uptime means the amount of time during the relevant calendar month, measured in minutes, during which Customer has the ability to access the Services and the Platform  calculated by reference to the platform performance report provided to Customer, sourced from the Company’s observability tooling; and

Total Possible Uptime means the number of minutes in the relevant calendar month, less any Permitted Downtime.

  • Products
  • Use cases
  • Company
  • Resources
  • Pricing