Service Level Agreement — Self-Hosted Enterprise
Overview. Apnotic takes great pride in the quality of Password Pusher Pro and is committed to fanatical support. In practice we often acknowledge and respond to support requests in minutes rather than hours. The sections below set out our formal commitments and your remedies; they represent legal minimums we typically exceed by far.
This Service Level Agreement ("SLA") is part of and subject to the agreement under which the Self-Hosted Enterprise subscription is granted. Self-Hosted Enterprise is sold as an annual subscription only. It applies automatically to customers holding an annual Self-Hosted Enterprise subscription for Password Pusher Pro ("Product") from Apnotic, LLC ("Apnotic"). No separate signature is required; the SLA is in effect for the duration of the Enterprise subscription. It defines Apnotic's obligations for technical support and software updates, and the Customer's responsibilities for deployment and hosting.
1. Definitions
- Customer: The entity that holds the annual Self-Hosted Enterprise subscription. The Customer is responsible for its users' use of the Product and for submitting Support Requests to Apnotic.
- Product: The Self-Hosted Enterprise edition of Password Pusher Pro software, supplied by Apnotic and deployed by the Customer.
- Support Request: A reported issue or question related to the Product submitted by the Customer to Apnotic.
- Business Hours: Monday through Friday, 9:00 AM to 5:00 PM Central European Time (CET/CEST as applicable). Support outside Business Hours is best-effort only.
- Initial Response: For the purposes of Section 3.2, acknowledgment of receipt of a Support Request and, where applicable, initial severity assessment and next steps. It does not mean that a fix has been delivered.
- Resolution: For the purposes of Section 3.2 resolution targets, delivery by Apnotic of a fix, workaround, or root-cause analysis and plan (as applicable). Deployment of any fix in the Customer's environment remains the Customer's responsibility.
- Severity Levels: Defined in Section 3.2 for prioritizing Support Requests.
- Stable Tag: The Docker image tag
stable, representing well-tested releases recommended for production use. Use of the stable tag is the supported deployment for SLA purposes. Version-pinned tags (e.g.v1.2.3) that correspond to a current supported release per Apnotic's documentation are also treated as supported deployment. - Latest Tag: The Docker image tag
latest, which may include unreleased or less-tested builds and can occasionally be unstable. Use of the latest tag is not the supported deployment for SLA purposes (see Section 5). - Force Majeure: Events beyond a party's reasonable control, including natural disaster, war, terrorism, pandemic, government action, or critical infrastructure failure.
2. Scope
2.1 Apnotic Responsibilities
Apnotic shall provide technical support (Tier 2 and Tier 3 as defined in Section 3.1) and periodic software updates for the Product, in accordance with this SLA when the Customer uses the supported deployment (Docker image with the stable tag or a version-pinned tag that corresponds to a supported release).
2.2 Customer Responsibilities
The Customer shall deploy and host the Product (including Docker runtime, infrastructure, and any identity or network configuration), perform initial troubleshooting and user support for their own users, and apply software updates in a timely manner to maintain functionality and security. As a guideline, critical security updates should be applied within 7 days of release; other updates within 30 days or the Customer's next maintenance window.
3. Technical Support
3.1 Support Tiers
- Tier 1 (Customer): Initial user support, basic troubleshooting, and user assistance, handled by the Customer for their own users.
- Tier 2 (Apnotic): Advanced technical support for issues escalated by the Customer, such as configuration or integration problems.
- Tier 3 (Apnotic): Deep technical support for complex issues, including software defects or critical failures, requiring Apnotic's development team.
3.2 Severity Levels and Response Times (During Business Hours)
Response and resolution times are measured from receipt of a Support Request during Business Hours. "Initial Response" and "Resolution" are defined in Section 1.
| Severity | Description | Initial Response | Resolution Target |
|---|---|---|---|
| Critical | Product inoperable, affecting all users | Within 4 hours | Within 24 hours |
| High | Major feature impaired, affecting multiple users | Within 8 hours | Within 48 hours |
| Medium | Minor feature issue, limited impact | Within 24 hours | Within 5 business days |
| Low | General inquiry or cosmetic issue | Within 48 hours | Within 10 business days |
3.3 Support Process
- The Customer submits Support Requests via email to support@pwpush.com (or a designated portal if provided), including a clear description of the issue, severity, and impact.
- Apnotic acknowledges receipt and assigns or confirms a severity level. Severity reclassification is at Apnotic's reasonable discretion; if Apnotic reclassifies a severity level, it will notify the Customer and provide a brief explanation.
- Support is provided via email, and by phone or remote access when needed, during Business Hours.
3.4 Escalation
- If a Support Request remains unresolved beyond the resolution target, the Customer may escalate to Apnotic's designated escalation contact (currently: pglombardo@apnotic.com).
- Critical issues may be escalated immediately to Apnotic's designated technical escalation contact.
4. Software Updates
4.1 Frequency
Apnotic shall provide software updates (fixes, improvements, and security updates) at least quarterly, or sooner for critical security issues.
4.2 Delivery
Updates are delivered as new Docker container images. The stable tag is updated to point to well-tested releases. Installation instructions and release notes are provided with updates.
4.3 Coordination
Apnotic shall periodically notify the Customer of planned software updates to facilitate planning and scheduling of deployments. Deployment timing is at the Customer's discretion. The Customer shall apply updates in a timely manner to ensure Product functionality and security.
4.4 Critical Updates
For urgent security fixes, Apnotic may require immediate deployment and will notify the Customer within 24 hours.
5. Docker Deployment: Supported vs Unsupported Tags
5.1 Supported Deployment
Self-Hosted Enterprise is delivered as a Docker container. The stable Docker tag (or a version-pinned tag that corresponds to a supported release per Apnotic's documentation) represents the supported deployment for this SLA. All obligations and guarantees in this SLA (including response times, resolution targets, and remedies) apply only when the Customer runs the Product using the supported deployment.
5.2 Use of the "latest" Tag
The latest Docker tag may include unreleased or less-tested builds and can occasionally become unstable. If the Customer chooses to run the Product using the latest tag:
- Apnotic may provide best-effort support for issues reported by the Customer.
- Response-time and resolution targets in Section 3.2 do not apply to Support Requests when the Customer is running latest.
- Issues that are attributable to running the latest tag (including instability or regressions not present in stable) are excluded from SLA remedies (Section 7).
- To regain full SLA coverage, the Customer must switch back to the stable tag. Apnotic may require the Customer to reproduce the issue on stable before applying SLA response times or remedies. If the issue is confirmed on stable, SLA response times and remedies apply from the time the issue is reproduced on stable.
This policy encourages production use of well-tested releases while allowing advanced users to try latest at their own risk.
6. Uptime and Availability
6.1 Apnotic Obligation
Apnotic designs the Product to be capable of 99.5% uptime when deployed and operated in accordance with Apnotic's documentation. This is a software design target and not a guarantee of actual uptime in the Customer's environment. Exclusions include issues caused by the Customer's hosting, network, configuration, or misuse, or by the Customer's use of the latest Docker tag.
6.2 Customer Obligation
The Customer shall maintain the hosting environment (Docker, infrastructure, and any integrations) in accordance with Apnotic's technical standards and documentation to ensure Product availability.
6.3 Monitoring and Reporting
The Customer shall monitor uptime and notify Apnotic of suspected Product-related outages within 24 hours. Such notifications are treated as Support Requests under Section 3.
7. Performance Metrics and Remedies
7.1 Metrics
Apnotic's performance is measured by:
- Response times (Section 3.2),
- Update frequency (Section 4.1), and
- Uptime (Section 6.1),
in each case only when the Customer is on the supported deployment (Section 5.1).
7.2 Remedies
If Apnotic fails to meet the response times or uptime commitments in this SLA for 2 consecutive months, and such failure is not excluded under Section 7.3, the Customer may request a credit of 10% of one-twelfth (1/12) of the annual subscription fees for one of the affected months (one credit per such pair of consecutive months), applied as a credit to the Customer's next annual renewal invoice. Credit requests must be submitted within 30 days of the end of the affected months. Credits are the Customer's sole remedy for SLA breaches.
7.3 Exclusions
Remedies under Section 7.2 do not apply when the failure is due to:
- The Customer's actions, configuration, or hosting environment;
- The Customer's use of the latest Docker tag or any deployment other than the supported deployment (Section 5.1);
- Third-party issues (e.g., hosting provider outages, network failures);
- Force Majeure (as defined in Section 1).
Amendment. This SLA is effective for all Self-Hosted Enterprise subscriptions. Apnotic may update it from time to time and will provide at least 30 days' notice of material changes (e.g. by email or in-app notice). Continued use of the Product after the notice period constitutes acceptance of the updated SLA. If the Customer does not accept a material change, the Customer's sole remedy is to terminate the subscription in accordance with the agreement under which the subscription is granted.