Service Level Agreement
Effective 2026-05-30. We'll update this page as commitments change — see /changelog for history.
1. Availability commitments
| Surface | Monthly uptime | Notes |
|---|---|---|
| Lead-capture form on dojo sites | 99.95% | Hosted on Vercel edge — five-nines minus single-region failure |
| Public dojo websites | 99.95% | Same edge tier |
| /client dashboard | 99.9% | Auth + DB roundtrip — Vercel + Supabase |
| Public REST API (/api/v1/*) | 99.9% | Same as dashboard |
| Stripe checkout | 99.95% | Stripe dependency |
| Ad reporting + AI features | 99.5% | Depends on Anthropic / Meta / Google APIs |
Live status: /status shows 90-day uptime + recent incidents. SLA credits accrue automatically when monthly uptime drops below target on any surface.
2. Support response times
- · Critical (platform down for you, lead form broken, dashboard inaccessible): same-day response, target resolution < 4 business hours.
- · High (specific feature broken, integration error): same-day response, target resolution < 1 business day.
- · Normal (questions, edits, configuration help): < 1 business day response, target resolution < 3 business days.
- · Feature requests: response within 1 week; we ship or decline with rationale.
Business hours = Mon–Fri 7am–6pm Pacific. Critical issues escalate outside business hours; lower priorities wait. Channel: kenny@hyder.me — direct to founder, no ticket queue.
3. Data + privacy commitments
- · Data residency: customer data lives in Supabase's us-west-2 region. We don't replicate or transfer to other regions without explicit consent.
- · Data ownership: your leads, content, and configuration are yours. Self-serve CSV export at
/client/<slug>/activity/export.csv. Domain stays in your registrar. - · Encryption: TLS 1.3 in transit, AES-256 at rest (Supabase + Vercel defaults). Stripe handles all PCI scope — we never see card numbers.
- · Audit trail: every staff and system action against a dojo is logged to
9dm_activitiesand exportable. - · Subprocessors: Vercel (hosting), Supabase (DB + auth), Stripe (payments), Resend (email), Twilio (SMS, optional), Anthropic (AI). Each with their own SOC 2 / GDPR posture.
4. Incident handling
- · Status updates posted publicly at /status within 15 minutes of detection for major incidents.
- · Post-incident review (root cause + remediation) within 5 business days for major incidents.
- · Direct email to affected customers within 1 business hour for outages exceeding 30 minutes.
5. SLA credits
If we miss an availability target in a given month, credits apply automatically against the next invoice:
- · 99.9% – 99.0% monthly uptime: 10% credit on the SKU(s) affected.
- · 99.0% – 95.0%: 25% credit.
- · < 95.0%: 50% credit, and you can cancel mid-term with full refund of unused prepaid time.
Credits are not granted for issues caused by you (DNS misconfiguration, ad platform suspension, payment failure) or by third-party outages we depend on but don't control (Meta, Google, Anthropic). We'll still help you triage.
6. What this isn't
- · We aren't SOC 2 Type II audited yet. Target: report available Q2 2027.
- · We aren't HIPAA-eligible. Don't store PHI.
- · We aren't GDPR DPA-signed yet for EU subjects; on request we'll execute a standard one within 2 business days.
- · No 24/7 support phone line. The founder is reachable directly during business hours; outside hours, critical-tier issues page automatically.