Planbox Cloud Service Level Agreement (Cloud SLA)

vSeptember 2023

The purpose of this document is to define the service levels that Supplier will endeavor to provide for the maintenance and support of the Application that Customer has obtained a subscription to pursuant to the Master Services Agreement (“MSA”) between Customer and Supplier or other written agreement between Customer and Supplier governing Customer’s access to and use of the Application (the MSA or other applicable agreement, the “Agreement”) and this document (the “SLA”) is hereby incorporated by reference into the Agreement. Capitalized terms not otherwise defined herein have the meaning set forth in the Supplier’s then-current standard form of MSA applicable to the Application.

  1. Application Administration. Supplier will make commercially reasonable efforts to provide the following during the applicable Subscription Term in accordance with this SLA:
    • Technical Support. Online and telephone support during coverage hours, 24×7 access to support portal
    • Service Management. Client activation, security monitoring, change control, problem management, and escalation procedures
    • Application Administration. Application configuration, deployment, support, monitoring, response, repair, tuning and capacity planning
    • Data backup and retention. Backups of Customer Data stored within the Application

    Customer is responsible for purchase and maintenance of its own equipment, hardware and access, including but not limited to network and data connection, to establish a connection to the Internet.

  2. Service Measures
    1. Supplier will make commercially reasonable efforts to meet the following for each Application:
      Measurement Definition Supplier SLA
      Software Availability The periods of time that the Application is Available for use by the Customer not including scheduled downtime. “Availability” or “Available” means that the Application is accessible to Authorized Users for use in accordance with the applicable Documentation, excluding regularly scheduled maintenance windows. Available in all material respects 99.5% average over a month (calculated on a 24 x 7 x 365 basis, other than Scheduled Downtime (defined below) and other than any period of downtime that lasts 5 continuous minutes or less).
      Backups Service Supplier shall conduct weekly back-ups. Database backups are performed nightly. Backup files are retained for 30 days.
      Restoration of Services In the event of a major disaster, such as flooding of the hosting facility or an earthquake that destroys the infrastructure or as otherwise deemed necessary by Supplier. Backup will be restored within 24 hours.
      Problem Response Time Response time will be calculated by dividing the numbers of calls responded to in two hours or less divided by the total number of calls received for the month. 90% of calls responded to in two hours or less during primary coverage.
      Supplier is targeting a 90% compliance rate that every issue / call will be responded to in two hours or less during primary coverage hours.
    2. Exceptions to Service Levels. The Availability of the Application and the Supplier’s obligations with respect to the other service measures set forth herein may be subject to limitations, delays, and other problems inherent to the general use of the Internet and other public networks or caused by Customer, Authorized Users or third parties. Supplier is not responsible for any delays or other damage resulting from problems outside of Supplier’s control. Without limiting the foregoing, the following are exceptions to Supplier’s obligations under this SLA:
      1. a failure or malfunction resulting from scripts, data, applications, equipment, or services provided and/or performed by Customer;
      2. outages initiated by Supplier or its third party suppliers at the request or direction of Customer for maintenance, back up, or other purposes;
      3. outages occurring as a result of any actions or omissions taken by Supplier or its third party Suppliers at the request or direction of Customer;
      4. outages resulting from Customer’s equipment and/or third party equipment not within the sole control of Supplier;
      5. events resulting from an interruption or shut down of the Application due to circumstances reasonably believed by Suppler to be a significant threat to the normal operation of the Application, the facility from which the Application is provided, or access to or integrity of data (e.g., a hacker or a virus attack);
      6. outages due to system administration, commands, file transfers performed by Customer representatives;
      7. other activities Customer directs, denial of service attacks, natural disasters, changes resulting from government, political, or other regulatory actions or court orders, strikes or labor disputes, acts of civil disobedience, acts of war, or other events caused by circumstances beyond Supplier’s reasonable control
      8. Customer’s negligence or breach of its material obligations under this SLA, the Agreement, or any other agreement between Customer and Supplier; and
      9. lack of availability or untimely response time of Customer to respond to incidents that require its participation for source identification and/or resolution.
      10. use of unsupported, untested and unverified versions of browsers, operating systems and applications as defined by Planbox – Client Software And Systems Requirements document.
    3. Priority Levels. If the Application is not accessible as specified in Section 2.1 (an “Issue”), Supplier will use reasonable efforts to correct the Issue with a level of effort commensurate with the severity of the Issue. Supplier and Customer will comply with the following resolution procedures for all Issues reported by Customer:
      1. Notice of Issue. If Customer encounters an Issue, Customer must sufficiently define the Issue in a written notice to Supplier. After receipt of written notice of an Issue from Customer, Supplier will notify Customer if Supplier cannot identify the cause of the Issue. If Supplier cannot identify the cause of the Issue, Customer will provide additional information regarding the Issue as Supplier may request in order to assist Supplier with identifying the cause of the Issue. Customer will provide a separate written notice for each Issue encountered by Customer. All notices pursuant to this SLA may be provided via email.
      2. Issue Classification. In its notice of an Issue, Customer will reasonably classify for Supplier the initial priority of the Issue. Customer will use the nature of the Issue and Customer’s business situation to initially classify each Issue. Customer will classify each Issue in accordance with the severity classification table below. To the extent that Supplier disagrees with any Issue classification provided by Customer, Supplier will promptly advise Customer of the revised classification of any Issue.
      3. Response Time. Supplier will use reasonable efforts to respond to each of Customer’s written notices of an Issue within the period set forth in severity classification table below. Response time is the elapsed time between Customer’s first report of an identified Issue and the provision of a plan for resolution by a Supplier technical contact.
      4. Expedited Response Time. To the extent that Customer may seek Supplier to respond to any written notice of an Issue within a time period other than as set forth in the table below, Customer may request such response and Supplier may elect to provide such additional services to Customer on terms and conditions as the parties may agree upon in writing (which may include, without limitation, additional costs and expenses payable by Customer to Supplier in connection with such any expedited services). Notwithstanding the foregoing, Supplier will have no obligation to enter into any such agreement with respect to any such additional services. To the extent that the parties enter into any such agreement, Supplier will invoice Customer for, and Customer will pay, any such additional amounts as set forth in this Agreement (unless otherwise agreed upon by the parties in writing).

      Priority 4The Issue causes minor loss of service or is a minor error. The impact is an inconvenience that may require a workaround to restore functionality or is a minor error, incorrect behavior, or a documentation error that does not impede the operation of a system.24 hour during primary coverage hours5 days or mutually agreed to timeSupplier will work with Customer to mutually prioritize and schedule resolutions into regular release cycles.

      Priority Level Issue Description Initial Response SLA Target Resolution Time SLA Commitment
      Priority 1 The Issue causes complete loss of service or use of the Application cannot reasonably continue as a feature or function does not allow completion of work and its operation is mission critical to Customer’s business.
      Examples:

      1. Majority or all of the Authorized Users are unable to use the Application,
      2. Highly important reports (such as task management) cannot be generated,
      3. System crashes repeatedly after restart attempts.
      		 2 hours during Primary Coverage hours (two hours after hours if Customer has a current subscription to a 24 x 7 x 365 support plan) Worked on continuously until a solutions found, however, targeting an 8 hour resolution time or until a viable workaround can be applied The Issue will be worked on until fixed or a reasonable workaround is applied.
      Updates will be provided to Customer every 4 hours.
      Priority 2 A major Application function is experiencing a reproducible problem that causes a major inconvenience to the Customer. An acceptable workaround may or may not be available, however, operation can continue in a restricted fashion. The current release should be patched if a permanent workaround cannot be found and the next release is not imminent. 4 hour during Primary Coverage hours (4 hour after hours if Customer has a current subscription to a 24 x 7 x 365 support plan) 3 Business Days The Issue will be worked on until fixed or a reasonable workaround is applied.
      Updates will be provided at the end of every day.
      Priority 3 The Issue causes minor loss of service or is a minor error. The impact is an inconvenience that may require a workaround to restore functionality or is a minor error, incorrect behavior, or a documentation error that does not impede the operation of a system. 24 hour during primary coverage hours 5 days or mutually agreed to time Supplier will work with Customer to mutually prioritize and schedule resolutions into regular release cycles.
      Priority 4 The Issue is non-critical and does not significantly impact the user’s ability to use the application. These might include cosmetic issues, minor documentation discrepancies, or suggestions for future enhancements that don’t affect current functionality. 48 hours during primary coverage hours Integrated into future release cycles based on feasibility and priority Supplier will document, track, and consider the issue in product development and enhancement plans.
    4. Downtime/Maintenance. Supplier periodically adds, repairs, and upgrades the data center network, hardware and the Application and shall use commercially reasonable efforts to accomplish this without affecting the Customer’s access to the Application; however, repairs of an emergency or critical nature may result in the Application not being available for the Customer’s usage during the course of such repairs. Supplier reserves the right to take down the server(s) at the data center in order to conduct routine maintenance to both software and hardware according to the following protocols.
      Item Description Commitment
      1. Standard Maintenance Window As communicated to Customer by Supplier, not to exceed 20 hours per month. N/A
      2. Scheduled Uploads Regular planned uploads of new functionality will take place during the standard maintenance window. • Minimum of 10 days’ notice prior to the upload going into the production environment. The notice will be displayed on the main site where the Application is accessible.
      3. Scheduled Maintenance Routine, scheduled maintenance will performed inside the maintenance window. • A message will be displayed on the main site stating Supplier will be down.
      4. Non-Scheduled/ Emergency Maintenance May be performed outside the maintenance window and will be counted as unscheduled downtime. • Customer will be notified via a message on the main site stating the Application will be down.

      Periods the Application is unavailable as a result of Items 1, 2 and 3 are “Scheduled Downtime” and are not included in the calculation of Availability.

  3. Compatibility with New Third Party Software. Customer consents and acknowledges that prior to upgrading third party software, the Customer is solely responsible to verify and insure that such third party software is compatible with their current or future versions of the Application. The most significant applications that Customer should carefully check for compatibility before upgrading are: new versions of operating systems, report engines, business intelligence software, reporting tools, or any other third party tools used by or integrated with the Application. Supplier will not be responsible for any failures or malfunctions’ resulting from such upgrade and reserves the right not to provide support for such installations.
  4. Customer Obligations
    1. Trained Contacts. Customer will appoint up to two individuals within Customer’s organization to serve as primary contacts between Customer and Supplier with regards to the Application. Customer must initiate all requests through these contacts.
    2. Reasonable Assistance. Customer will provide Supplier with reasonable access to all necessary personnel to answer questions regarding Issues reported by Customer.
    3. Good Standing. The provision of the Application by Supplier during the term of this SLA is contingent upon Customer’s performance of its payment and other obligations under the Agreement. Supplier reserves the right, in addition to other remedies available, to suspend its provision of the Application for so long as Customer is not current with its obligations.
  5. Limitation of the SLA. The scope of coverage under this SLA expressly excludes the following:
    1. Maintenance and support for non-production environments and staging servers (sandboxes)
    2. Data migration
    3. Training
    4. Installation, configuration and technical support for Customer equipment or operating systems
    5. Technical support, consultation or problem resolution pertaining to software or applications other than those supplied by Supplier and described in this Agreement
    6. Resolution of problems resulting from negligence of users of the Application, including specifically incorrect data entry, use of altered data and failure to use the Application according to the instructions provided in the applicable user guide
    7. Support for development (Supplier SDK, Web pages, etc.), integration and custom reports, whether developed by Customer or any party other than Supplier
    8. Any alterations or additions, performed by parties other than Supplier, except for programs using product interfaces provided by Supplier
    9. Use of the Application on an operating environment other than that for which such the Application was designed, except as expressly prescribed in the user guide

    If Customer requires that a member of Supplier’s staff provide services pertaining to any of the above exclusions and Suppler agrees to provide such services, Customer hereby agrees to pay Supplier for these services according to the daily support service rate then in effect, prorated hourly.

  6. Disclaimers
    1. Security. The parties expressly recognize that it is impossible to maintain flawless security, but Supplier shall take reasonable steps to prevent security breaches in Supplier’s server interaction with Customer’s network, and security breaches in Supplier’s server interaction with resources or users outside of any firewall that may be built into Supplier’s server. Customer agrees that it will only access and use the Application via authorized access provided by Supplier (e.g. password protected access). Supplier’s Application and Data Access Control policies are available upon request.
    2. Downloading of Data or Files. The parties expressly recognize that Supplier cannot and does not guarantee or warrant that files available for downloading through the Application will be free of infection, viruses, worms, trojan horses or other code that manifests contaminating or destructive properties. Customer agrees that it shall be solely responsible for implementing sufficient procedures to satisfy Customer’s particular requirements for accuracy of data input and output, and for maintaining a separate means for the reconstruction of any lost data.
    3. Accuracy Disclaimer. Customer is solely responsible for the accuracy and integrity of its own data, reports, and documentation. Supplier or third parties may provide links to other web sites or resources as part of the Application. Supplier does not endorse and is not responsible for any data, software or other content available from such sites or resources. Customer acknowledges and agrees that Supplier shall not be liable, directly or indirectly, for any damage or loss relating to Customer’s use of or reliance on such data, software or other content.
  7. Terms of Use. In addition to the terms of the Agreement and any restrictions set forth therein, the following applies to Customer’s use of the Application and receipt of services hereunder. The examples of prohibited use set forth below are non-exclusive, and are provided as guidelines to Customer. Violation of the terms of this Section 7.1 is strictly prohibited. In the event of any actual or potential violation, Supplier reserves the right to suspend or terminate, either temporarily or permanently, any or all services provided by Supplier, to block any abusive activity, or to take any other actions deemed appropriate by Supplier in its sole discretion.
    1. Illegal Use. The Application may be used only for lawful purposes. The transmission, distribution, or storage of any information, data, or material in violation of any applicable law or regulation is prohibited. Without limitation of the foregoing, it is strictly prohibited to create, transmit, distribute, or store any information, data, or material which a) intentionally infringes any copyright, trademark, trade secret, or other intellectual property right (or after written notification of such infringement, fails to remedy same in a timely manner), b) is obscene or constitutes child pornography, c) is libelous, defamatory, hateful, or constitutes an illegal threat or abuse, d) violates export control laws or regulations, or e) encourages conduct that would constitute a criminal offense or give rise to civil liability.
    2. Circumvention of Security Measures. Violations of system or network security are prohibited, and may result in criminal and civil liability. Supplier will investigate potential security violations, and may notify applicable law enforcement agencies if violations are suspected. It is strictly prohibited to attempt to circumvent the authentication procedures or security of any host, network, network component, or account (i.e. “cracking”) to access data, accounts, or servers which the Customer (or its users) is not expressly permitted or authorized to access. This prohibition applies whether or not the attempted intrusion is successful, and includes unauthorized probes or scans performed with the intent to gather information on possible security weaknesses or exploitable configurations.
    3. Bandwidth Limits. To keep the system healthy and your account safe, Planbox limits the amount of bandwidth used per client. Please refer to Bandwidth Limits to view the limitations in various editions of Planbox Innovate.
    4. Attacks. Customer is prohibited from interfering or attempting to interfere with service to any other user, host, or network on the Internet (“denial of service attacks”). Examples of such prohibited activity include without limitation (a) sending massive quantities of data with the intent of filling circuits, overloading systems, and/or crashing hosts, (b) attempting to attack or disable any user, host, or site, or (c) using, distributing, or propagating any type of program, script, or command designed to interfere with the use, functionality, or connectivity of any Internet user, host, system, or site (for example, by propagating messages, via e-mail, Usenet posting, or otherwise, that contain computer worms, viruses, control characters or trojan horses).
    5. E-Mail. Customer is prohibited from engaging in improper use or distribution of e-mail over the Internet.