Service Level Agreement

Enterprise-Grade Reliability

Our commitments to uptime, performance, security, and support for your compliance operations

Effective: February 1, 2026 · Version 1.0

Platform Availability Performance Support Response Times Data Security Data Retention Incident Response Backup & Recovery Compliance

Platform Availability

99.9%

Uptime Target

<44m

Max Downtime/Month

24/7

Monitoring

Scheduled Maintenance: Planned maintenance windows are Sundays 02:00-06:00 UTC with 72-hour advance notice. Maintenance typically completes within 30 minutes with zero downtime deployments.

Exclusions: Force majeure events, third-party provider outages (Supabase, Azure), and customer-initiated actions are excluded from uptime calculations.

Credits: If monthly uptime falls below 99.9%, affected Enterprise customers receive service credits: 99.0-99.9% = 10% credit, 95.0-99.0% = 25% credit, below 95.0% = 50% credit.

Performance SLAs

Metric	Target	Measurement
API Response Time	<500ms p95	95th percentile of all API requests
Dashboard Load Time	<2 seconds	Time to interactive on standard connection
Compliance Scan	<30 seconds	Full 215 check scan completion
AI Answer Generation	<15 seconds	Per question with knowledge base search
Document Upload Processing	<60 seconds	Chunking + embedding for standard PDF (<50 pages)

Support Response Times

Priority	Enterprise (Custom)	Business ($4,999)	Free Trial
P1 Critical Service unavailable, data loss risk	1 hour	4 hours	24 hours
P2 High Feature degraded, workaround available	4 hours	8 hours	48 hours
P3 Normal Minor issue, no business impact	8 hours	24 hours	72 hours
P4 Low Feature request, general question	24 hours	48 hours	Best effort

Enterprise customers also receive a dedicated account manager and quarterly business reviews. Support hours: Monday-Friday 9:00-18:00 in customer's timezone. P1 issues supported 24/7 for Enterprise.

Data Security Guarantees

Tenant Isolation

192 Row Level Security (RLS) policies enforce database-level tenant isolation across 119 tables. Customer data is physically isolated even application bugs cannot cause cross-tenant data leakage.

AI Data Safety

All AI features use Azure OpenAI with contractual zero data retention. Your prompts and responses are never stored by Microsoft or used for model training. PII is detected and redacted before processing.

Encryption

All data encrypted in transit via TLS 1.3. Data at rest encrypted with AES-256 via Supabase infrastructure. Integration credentials stored with field-level encryption.

Access Control

Role-based access control (RBAC) with owner, admin, reviewer, editor, and viewer roles. API key scoping with fine-grained permissions. Rate limiting per endpoint.

Data Retention Policy

Data Type	Retention Period	Notes
Audit Logs	7 years	Immutable, tamper-proof with cryptographic signatures
Compliance Evidence	5 years	SHA-256 hash integrity verification
Monitoring Scan Results	2 years	Historical trend analysis and reporting
Questionnaire Responses	Account lifetime	Deleted within 30 days of account closure
Knowledge Base Documents	Account lifetime	Customer controls upload/deletion at any time

Right to Deletion: Customers may request complete data deletion at any time. All data (including backups) is purged within 30 days of a verified deletion request, as required by GDPR Article 17.

Incident Response

<15 min

Detection Time

<1 hour

Customer Notification

Every 2hr

Status Updates

<48 hours

Root Cause Analysis

Severity Classification: Incidents are classified as Critical (full outage), Major (feature degradation), Minor (cosmetic/non-blocking), or Informational (no customer impact).

Communication: Enterprise customers are notified via their preferred channel (email, Slack, PagerDuty). Status updates posted to our status page for all customers.

Post-Incident: A blameless Root Cause Analysis (RCA) is published within 48 hours for Critical/Major incidents, including remediation steps to prevent recurrence.

Backup & Disaster Recovery

Recovery Point Objective (RPO)

<1 hour

Maximum data loss window

Recovery Time Objective (RTO)

<4 hours

Maximum time to restore service

Backup Schedule: Continuous WAL archiving with point-in-time recovery. Daily full snapshots retained for 30 days. Weekly snapshots retained for 90 days.

Geographic Redundancy: Database replicated across multiple availability zones. Backups stored in geographically separate region from primary.

Testing: Disaster recovery procedures tested quarterly. Recovery drills documented and results available to Enterprise customers on request.

Compliance & Certifications

SOC 2 Type II

Trust Services Criteria

204 checks

ISO 27001

Information Security Management

102 checks

PCI-DSS

Payment Card Industry

40 checks

GDPR

EU Data Protection

14 checks

HIPAA

Healthcare Data Protection

10 checks

21 CFR Part 11

Pharma Electronic Records

Full support

DueVault.ai runs 215 automated compliance checks continuously across 9 security categories. Our platform helps customers achieve and maintain compliance not just check boxes. For compliance documentation or audit inquiries, contact our sales team.

This Service Level Agreement is effective as of February 1, 2026 (Version 1.0).

DueVault.ai reserves the right to update this SLA with 30 days' advance notice. Changes will be posted on this page with an updated version number.

View Pricing Security Contact Sales