Service Level Agreement (SLA)

PREAMBLE

This Service Level Agreement ("SLA") applies to [Service Name] provided by [Company Name] to Customer [Customer Name], effective [Date]. SLA is incorporated into the Master Service Agreement ("MSA") dated [Date]. Legal Framework: GDPR Art. 28-32 (Data Processing), E-Commerce Directive 2000/31 (Service Availability).

1. SERVICE AVAILABILITY

1.1 Uptime Commitment: Provider shall maintain Service uptime of [99.9%] per calendar month (measured UTC), excluding Scheduled Maintenance.

Uptime Level	Monthly Downtime Allowance	Service Credit
99.9% - 99.5%	43 minutes - 3.6 hours	10% monthly fees
99.5% - 98.0%	3.6 - 14.4 hours	25% monthly fees
<98.0%	>14.4 hours	50% monthly fees

1.2 Scheduled Maintenance: [Sundays 02:00-06:00 UTC], max [4 hours/month], not counted towards uptime calculation. Emergency maintenance performed without advance notice if security threatened.

1.3 Measurement: Uptime measured from Provider's monitoring systems; if Customer monitoring differs, Provider's records control unless Customer disputes within 5 days with documented evidence.

2. RESPONSE & RESOLUTION TIMES

Severity	Definition	Initial Response	Target Resolution
P1 (Critical)	Service completely unavailable for >10% users	[30 min]	[4 hours]
P2 (Major)	Significant functionality impaired for >25% users	[2 hours]	[8 hours]
P3 (Normal)	Minor issue, Service functional	[24 hours]	[48 hours]
P4 (Low)	Documentation, feature request	[2 business days]	[Next sprint]

2.1 Response SLA Requirements per GDPR Art. 33-34: For P1/P2 incidents involving personal data: Provider shall notify Customer within 24 hours if data security breach suspected, enabling Customer to notify supervisory authority within 72 hours.

3. PERFORMANCE METRICS

3.1 API Response Time: 99% of requests return within [500ms]; 99.9% within [2 seconds].

3.2 Dashboard Availability: [99.5%] uptime (measured separately from API).

3.3 Data Processing (GDPR Art.28): Provider processes personal data only per Customer's documented instructions, maintains data processing records, ensures access controls limit staff to need-to-know basis.

4. SERVICE CREDITS

4.1 Credit Calculation: Service Credit = (Monthly fees × Credit %) / 30 days × number of days with uptime shortfall.

4.2 Credit Request: Customer must submit within 30 days of incident with documentation of downtime. Provider responds within 15 days with credit approval or denial.

4.3 Maximum Liability: Total Service Credits in any 12-month period shall not exceed [12 months of fees] (capped per MSA limitation clause).

4.4 Sole Remedy: Service Credits are Customer's exclusive remedy for SLA breaches; Customer waives all other claims for damages.

5. EXCLUSIONS (NOT COUNTED AS DOWNTIME)

Service not responsible for:

- Customer's internet connection failures
- Third-party service outages (hosting provider, DNS, payment gateway) - unless Provider failed to use redundant vendors
- Customer-side application errors or misconfiguration
- Attacks requiring Customer-configured firewall rules (DDoS mitigation)
- Force majeure (natural disasters, wars, pandemics per MSA Sec. X)
- Scheduled maintenance performed per notification

6. ESCALATION & SUPPORT

6.1 Support Channels: Email: [support@company.com] | Phone: [+49 ... / +1 ...] | Status Page: [status.company.com]

6.2 Escalation: P1 incidents escalate to engineering manager within [15 min]; P2 within [1 hour].

CRITICAL: SLA guarantees effort/response times, NOT guaranteed resolution. Force majeure events exclude liability. Service Credits are sole remedy and do not constitute acknowledgment of breach.

Effective: [Date] | Version: 1.0 | Review Date: [Date + 12 months]