Service Level Agreement

Table of Contents

• 1. Introduction
• 2. Definitions
• 3. Service Availability
• 4. Performance
• 5. Security
• 6. Support
• 7. Data Backup and Recovery
• 8. Limitations and Exclusions
• 9. SLA Review and Modification
• 10. Governing Law

1. Introduction

1. Purpose: This Service Level Agreement ("SLA") outlines the terms under which Hero Security Inc. ("Provider") provides support and maintenance services ("Services") to its customers ("Customer") in connection with the use of Hero Services, as specified in the applicable Order Form and the overarching services agreement or terms and conditions ("Agreement").

2. Effective Date: This SLA is effective as specified within the Agreement.

3. Term: This SLA remains effective for the duration of the subscription agreement between the Provider and the Customer.

2. Definitions

1. Availability: The percentage of time the Service is accessible and operational.

2. Downtime: The period during which the Service is unavailable, excluding Scheduled Maintenance.

3. Scheduled Maintenance: Pre-announced periods for system maintenance.

4. Issue: Any event that compromises the confidentiality, integrity, or availability of the Service or Customer Data.

5. Security Incident: An Issue that severely impacts the Customer's business operations.

6. Customer Data: All data submitted, stored, or processed by the Customer through the Service.

7. Response Time: The time taken by Hero Security to acknowledge and begin addressing a support or security issue.

8. Resolution Time: The time taken by Hero Security to resolve a support or security issue.

3. Service Availability

1. Uptime Guarantee: Hero Security guarantees a 99.5% uptime of the Service, excluding Scheduled Maintenance.

2. Scheduled Maintenance:

   • Scheduled Maintenance will occur on Sundays, between 12:00 PM and 16:00 PM UTC.
   • Hero Security reserves the right to perform Scheduled Maintenance at a different time and duration, provided the Customer's explicit approval 48 hours ahead of the Maintenance.

3. Availability Monitoring: Hero Security will monitor Service availability and provide reports to the Customer upon request.

4. Service Credits:

   • If uptime falls below the guaranteed level, the Customer is eligible for service credits:
     • 99.0% - 99.5% uptime: 5% of the monthly fee credited.
     • Below 99.0% uptime: 10% of the monthly fee credited.
   • Service credit requests must be submitted within 30 days of the Downtime occurrence.

4. Performance

1. Information Freshness: Hero Security will ensure that new information is taken in and reflected no later than 15 minutes from being made available in "push"-type data sources, and no later than 1 day for "pull"-type data sources.

2. Hero Dashboard user experience: Subsequently to an initial load, the various screens of the Hero Dashboard will load within 15 seconds on a clean browser with sufficient free RAM and CPU and broadband connectivity.

3. Performance Monitoring: Hero Security will monitor Service performance and address any degradation promptly.

5. Security

1. Data Protection: Hero Security will implement industry-standard security measures to protect Customer Data, including:

   • Encryption of data in transit (TLS v1.3) and at rest (AES 256).
   • Regular security assessments and penetration testing (quarterly).
   • Mandatory Multi-Factor Authentication access controls for all Hero personnel.
   • Daily off-site data backups and disaster recovery procedures.
   • ISO 27001 compliant Information Security Management System (ISMS).

2. Security Incident Response:

   • Hero Security will notify the Customer of any Security Incident within 4 hours of detection.
   • Response Time for Security Incidents: 1 hour.
   • Resolution Time for Security Incidents: 4 hours.
   • Hero security will provide regular updates on the progress of the Security Incident resolution.
   • Hero security will conduct post incident reviews, and provide a report to the customer upon request.

3. Compliance: Hero Security will comply with all applicable data protection regulations (GDPR, CCPA, SOC 2) and maintain ISO 27001 certification.

4. Vulnerability Management: Regular vulnerability scanning (weekly) and patching of systems, with critical patches applied within 72 hours of vendor release.

6. Support

1. Support Channels: Email, Slack and online portal.

2. Support Hours for all but Security Incidents: 7am-7pm UTC on working days within 1 hour, at all other hours within 8 hours.

3. Process for Security Incidents: availability, if necessary, within 1 hour, via the dedicated urgent escalation hotline.

4. Escalation Process: A clear escalation process for unresolved issues, including contact information for escalation managers.

7. Data Backup and Recovery

1. Backup Frequency: Daily.

2. Backup Retention: 30 days.

3. Recovery Time Objective (RTO): 4 hours.

4. Recovery Point Objective (RPO): 24 hours.

8. Limitations and Exclusions

1. Exclusions: This SLA does not apply to Downtime or issues caused by:
   • Customer's network or equipment.
   • Force majeure events.
   • Customer's misuse of the Service.
   • Third-party services integrated with the Service, whether up-stream or down-stream.
2. Liability: Hero Security's liability under this SLA is limited to 12 months of paid service fees.

9. SLA Review and Modification

1. Review: This SLA will be reviewed annually or as needed.

2. Modification: Any modifications must be agreed upon in writing by both parties.

10. Governing Law

This SLA will be governed by the laws of New York, USA.