1. Overview
This Service Level Agreement (SLA) describes the service targets Friam aims to provide to subscribed customers. It covers platform availability, support response times, data processing, and incident management.
This SLA sets out our service targets and good-faith operational aims. It is not a contractual guarantee or warranty of uninterrupted service, and the service credits in §7 are offered at our discretion as a goodwill gesture, not as a contractual entitlement. Nothing in this SLA affects your statutory rights.
This SLA applies to the AgentGuard agent app, the public Trust pages, the customer-verify flow, the WordPress plugin services, and the API. It does not apply to third-party services accessed independently by users (for example, your own website hosting or your CRM).
2. Platform availability
2.1 Uptime target
We target 99.5% monthly uptime for the AgentGuard platform, measured across the agent app, the public Trust pages, the customer-verify flow, the API, and the background worker fleet. This equates to a maximum of approximately 3 hours and 39 minutes of unplanned downtime per month.
Our infrastructure runs on AWS (eu-west-2, London region) with managed PostgreSQL configured for automated backups, point-in-time recovery, and connection pooling, plus Redis for the BullMQ worker queues.
2.2 Scheduled maintenance
Scheduled maintenance windows are communicated at least 48 hours in advance via email. Where possible, maintenance is performed during low-usage hours (typically 02:00–06:00 GMT). Scheduled maintenance does not count toward the uptime calculation.
2.3 Exclusions
The following are excluded from uptime calculations:
- Scheduled maintenance windows communicated in advance
- Force majeure events (natural disasters, widespread internet outages, government actions)
- Failures caused by the customer’s own systems, internet connection, or browser
- DNS propagation delays outside our control
- Outages of upstream public registers (HMRC, Companies House, OFSI) we mirror — though we maintain cached copies so most checks survive a brief upstream outage
3. Support response times
3.1 Support channels
Support is available via email at legal@everyguard.uk. P1 incidents are treated as urgent and worked as soon as they are detected or reported; non-P1 enquiries are handled during business hours.
3.2 Response time targets
| Priority | Description | Initial response | Resolution target |
|---|---|---|---|
| P1 — Critical | Platform fully unavailable, public Trust pages down, or data breach | 1 hour | 4 hours |
| P2 — High | Major feature unavailable (compliance scan, customer-verify, training) | 4 hours | 1 business day |
| P3 — Medium | Feature degraded but workaround available | 1 business day | 3 business days |
| P4 — Low | General enquiry, feature request, or cosmetic issue | 2 business days | Best effort |
Business hours are Monday to Friday, 09:00–17:30 GMT/BST, excluding English bank holidays.
4. Data processing
4.1 Compliance scans
Free public scans complete within 60 seconds for ~95% of agent websites; longer for sites that need a Playwright fallback. Scheduled monthly re-scans of subscribers run within 24 hours of the scheduled slot.
4.2 Customer-verify flow
Identity-document checks complete within 60 seconds end-to-end under normal conditions. Sanctions / PEP screening completes in under one second.
4.3 Email and SMS delivery
Transactional emails (training invitations, magic-link auth, scan completion notifications) are queued for delivery within 60 seconds of being triggered. Actual delivery depends on the recipient’s mail server. SMS delivery typically completes within 15 seconds via Twilio.
4.4 WordPress plugin data
Trust-page data served to WordPress plugin installations is cached and refreshed periodically. Changes made in the agent dashboard are reflected on the agent’s website within 1 hour under normal conditions.
5. Data backup and recovery
5.1 Backups
- Database: Automated daily snapshots with point-in-time recovery capability, retained for 7 days
- File storage (S3): Stored on Amazon S3, which replicates objects redundantly across multiple facilities
- Configuration: Application code and configuration are version-controlled in source control
- Signed compliance documents: Retained for the 5-year MLR 2017 retention floor
5.2 Recovery objectives
| Metric | Target |
|---|---|
| Recovery Point Objective (RPO) | 1 hour (point-in-time recovery) |
| Recovery Time Objective (RTO) | 4 hours |
6. Incident management
6.1 Incident classification
Incidents are classified by impact and urgency using the priority matrix in §3.2. We monitor service health and act on issues that are detected or reported.
6.2 Communication during incidents
- P1 incidents: Affected users notified within 1 hour of detection, with updates every 2 hours until resolution
- P2 incidents: Affected users notified within 4 hours if the issue is expected to persist beyond 1 business day
- Post-incident: A root-cause summary is provided to affected parties within 5 business days for P1 and P2 incidents
6.3 Escalation
If you believe an incident is not being addressed appropriately, contact legal@everyguard.uk with the subject line “SLA Escalation” and a description of the issue. Escalations are reviewed by senior management within 1 business day.
7. Service credits
If monthly uptime falls below our 99.5% target, affected subscription customers may request a goodwill service credit, which we will apply at our discretion to their next invoice:
| Monthly uptime | Service credit |
|---|---|
| 99.0% – 99.4% | 5% of monthly fee |
| 95.0% – 98.9% | 10% of monthly fee |
| Below 95.0% | 25% of monthly fee |
Service credits must be requested within 30 days of the affected month. Credits are capped at 25% of the monthly fee and are applied as account credit, not cash refunds.
8. Changes to this SLA
We may update this SLA from time to time to reflect improvements to our service. Material changes (for example, reducing uptime commitments) will be communicated at least 30 days in advance via email. The latest version is always available at this URL.