Service Level Agreement

Version 1.0 — Effective May 3, 2026

This Service Level Agreement ("SLA") sets the operational commitments Kalir provides to customers of the Kalir platform (External Attack Surface Management and Digital Risk Protection). It complements the Master Subscription Agreement and applies to all paid production tenants.

1. Platform Availability

Kalir commits to a Monthly Uptime Percentage of 99.5% for the production platform (web application, API, and core data plane), measured per calendar month.

Monthly Uptime Percentage = (Total minutes in month − Unplanned Downtime minutes) ÷ Total minutes in month, expressed as a percentage. Scheduled maintenance windows announced under Section 8 do not count as Unplanned Downtime.

2. Signal Detection & Notification Latency

Notification latency is measured from the moment a signal is collected by a Kalir collector until the corresponding alert is delivered to the customer's configured channel (web, email, Slack, or webhook).

  • Critical: ≤ 30 minutes — active credential leak, exposed secret on a critical asset.
  • High: ≤ 2 hours — phishing infrastructure targeting brand, executive impersonation.
  • Medium: ≤ 24 hours — hygiene findings, low-confidence mentions.
  • Low: ≤ 24 hours — informational signals, contextual enrichments.

3. Source Collection Frequency

  • Priority sources (leaks, underground, brand-critical): polled every 1 hour.
  • Standard sources (hygiene, public surface): polled every 6 hours.
  • Failed-source automatic recovery: hourly.

4. Support Response Times

Response time is the elapsed time between a customer ticket received through an authorized channel and Kalir's first substantive human response.

  • P1 — Critical (24/7): Platform unavailable or active confirmed breach signal. First response within 2 hours.
  • P2 — High (business hours): Major function degraded with no workaround. First response within 8 business hours.
  • P3 — Medium (business hours): Minor function impaired with workaround available. First response within 1 business day.
  • P4 — Low (business hours): Question, configuration request, feature inquiry. First response within 3 business days.

Business hours: Monday–Friday, 09:00–18:00 (America/Argentina/Buenos_Aires), excluding local holidays.

5. Data Protection, Backups & Recovery

  • Backup frequency: daily, encrypted at rest.
  • Backup retention: 30 days rolling.
  • Recovery Point Objective (RPO): 24 hours.
  • Recovery Time Objective (RTO): 8 hours.
  • Event & incident retention: 12 months.
  • Audit log retention: 24 months.

6. Security Commitments

  • TLS 1.2+ for data in transit; AES-256 for data at rest.
  • Strict tenant isolation enforced via PostgreSQL Row-Level Security.
  • Authentication via Auth0 with optional MFA enforcement per tenant.
  • Role-based access control (viewer / analyst / admin / platform admin).
  • Full audit trail of administrative and analyst actions, exportable on request.
  • Security incidents affecting customer data notified within 72 hours of confirmation.

7. Service Credits

If Kalir fails to meet the Monthly Uptime Percentage in a given calendar month, the customer is entitled to request a service credit applied against the next invoice:

  • Below 99.5% and at or above 99.0% — 5% of the monthly fee.
  • Below 99.0% and at or above 95.0% — 10% of the monthly fee.
  • Below 95.0% — 25% of the monthly fee.

Credit requests must be submitted in writing to support@kalir.io within 30 days of the end of the affected month, including the customer tenant identifier and relevant timestamps. Service credits are the customer's sole and exclusive remedy for any availability failure under this SLA.

8. Scheduled Maintenance

Kalir performs scheduled maintenance windows for upgrades, security patching, and infrastructure changes. Customers are notified at least 48 hours in advance via email to the designated technical contact and via the in-app status banner. Scheduled maintenance does not count toward Unplanned Downtime.

9. Incident Communication

  • Confirmed production incidents are communicated to designated technical contacts within 1 hour of detection.
  • Updates are issued at least every 2 hours during ongoing P1 incidents.
  • A post-incident report is delivered within 5 business days for any P1 incident.

10. Exclusions

The following are excluded from availability calculations and SLA commitments:

  • Scheduled maintenance windows announced per Section 8.
  • Force majeure events (natural disasters, war, government action, large-scale internet outages).
  • Failures of upstream third-party services outside Kalir's control (identity provider, cloud infrastructure, external intelligence sources, customer-side integrations).
  • Issues caused by customer configuration, customer-supplied code, customer credentials, or use of the platform outside the documented terms.
  • Distributed denial-of-service attacks targeted at the customer or platform, beyond commercially reasonable mitigation.
  • Beta, preview, or experimental features explicitly labelled as such.

11. Contact

Activate your protection shieldCreate your free account