Sirdata API SLA

SIRDATA SERVICE LEVEL AGREEMENT (“SLA”)

This Service Level Agreement (“SLA”) represents the Service commitments (“Service”) between Sirdata and the Sirdata client (“Client”) regarding access to Sirdata’s products and services, including but not limited to Global API access and specific Product or Services APIs.

1. Definitions

The following terms, when used in this document with an initial capital letter, shall have the meanings ascribed to them below, unless otherwise specified.

Agreement: refers to the present Service Level Agreement.

Anomaly: refers to any unexpected issue causing disruption, malfunction, or deviation in Service Availability, as reported by the Client or detected by Sirdata.

Anomalies are categorized based on their impact on Service Availability and Service delivery, and assigned corresponding Priority Levels (P1, P2, P3, P4) (“Incidents”) as follows:

(i) P1 (Critical) – Blocking Anomaly: An Incident that critically impacts the Service Availability, rendering the Services completely unavailable or unusable by the Client. This corresponds to a complete Service outage (100%), requiring immediate attention.

(ii) P2 (Significant) – Major Anomaly: An Incident that significantly disrupts Service Availability or Service functionality, affecting 5% or more of Service requests, but where partial or alternative use of the Services remains possible.

(iii) P3 (Moderate) – Minor Anomaly: An Incident that causes a limited impact on Service Availability or functionality, affecting 1% or more of Service requests, but without preventing the Client from using the Services as intended.

(iv) P4 (Minor) – Localized Issue: An Incident that causes a localized or isolated issue without any significant impact on Service Availability, performance, or functionality. These issues do not affect the overall usability of the Services and are often related to specific user environments or configurations.

Assistance: refers to the support services provided by Sirdata to help the Client use the Product or Service effectively.

API (Application Programming Interface): refers to a set of rules, protocols, and tools that allow different software applications or systems to communicate and interact with each other. It defines the methods and data formats that applications can use to request and exchange information.

Downtime: refers to any period where the Service or Product is unavailable to the Client, as per the Uptime Guarantee definitions.

Downtime Issue or Incident: refers to any event or condition during which a Service or product provided by Sirdata is unavailable or fails to perform as intended, as defined in the applicable uptime guarantees. This includes, but is not limited to, Service interruptions, degraded performance exceeding defined thresholds, or the inability to access specific features or functionalities of the Service.

Emergency Maintenance: refers to unplanned maintenance activities deemed necessary by Sirdata to address critical issues related to security, stability, or performance. Emergency maintenance may be performed without.

Global API: refers to a centralized application programming interface provided by Sirdata, granting the Sirdata Client access to a comprehensive range of Sirdata's core Services and functionalities in a unified manner.

Guaranteed Response Time (“GRT”): refers to the target time within which Sirdata will respond to an Incident report, not necessarily restoring the Service.

Maintenance Periods: refers to any Scheduled maintenance (with at least 7 days’ prior notice) and Emergency maintenance for security or performance reasons are excluded from the uptime calculations.

Interface Response Time: refers to the average duration between the moment a user initiates a request through Sirdata's user interface and the moment the system delivers the first byte of the response. Sirdata guarantees an average Interface Response Time of 5 seconds for all Users located in France, subject to conditions such as network stability and the user’s technical environment.

Product APIs or Service APIs: refers to a specialized application programming interface designed by Sirdata to enable the Sirdata Client to access specific functionalities or Services tailored to individual products offered by Sirdata.

Recognition: refers to the express and written acknowledgment by Sirdata of the existence of said Downtime following a thorough analysis. Such recognition can only be granted after Sirdata has conducted a comprehensive review, including an assessment of the information provided by the Client, as well as logs and other relevant technical data. Any lack of response from Sirdata to a Downtime notification shall not be construed as implicit recognition of the Downtime.

Restoration Time Guarantee (“RTG”): refers to the maximum time allocated for Service restoration based on Incident severity.

Response Time: refers to the duration it takes for a system or Service to process a request and provide a response. It is typically measured from the moment a request is sent (e.g., by a user, application, or device) to the moment a response is received.

Service Availability: refers to the percentage of time during a defined period in which Sirdata's Services are operational and accessible to users as intended, excluding periods of Scheduled Maintenance, Emergency Maintenance, or any downtime caused by factors outside Sirdata’s reasonable control, such as force majeure events or issues attributable to the Client’s technical environment.

Service Credit: refers to a percentage of credit reimbursed for Service non-Availability.

Scheduled Maintenance: refers to planned maintenance activities conducted by Sirdata to improve, update, or maintain the functionality and performance of its Services. Clients will be provided with at least seven (7) days’ prior notice for such activities. In exceptional circumstances where this notice period cannot be met due to unforeseen technical or operational constraints, Sirdata will notify the Client as soon as reasonably practicable, including the reasons for the shortened notice period.

Uptime Guarantee: refers to Sirdata’s commitment to ensure the percentage of time of Service Availability on a monthly basis, as defined in Section 2, excluding any periods of Scheduled Maintenance, Emergency Maintenance, or events outside Sirdata’s reasonable control, as defined in Section 7.

2. Service Availability and Uptime Guarantee

Sirdata guarantees an average Interface Response Time of 5 seconds for all users located in France, provided that network stability and the user’s technical environment meet the required conditions.

Sirdata commits to ensuring the availability of the following Services with distinct uptime targets, calculated monthly:

3. Downtime and Downtime Issue Notification

Downtime Issue reporting obligations:

Clients must report Downtime Issues, within 24 hours from their detection by email to [email protected] or through the user interface. Each notification must include:

(i) The name of the organization and the contact details of the reporting individual;

(ii) Summary of the Downtime Issue, including its urgency level; and

(iii) Any relevant information to facilitate a prompt resolution.

Sirdata will only process Downtime Issues if the Client complies with this procedure.

Sirdata will keep the Client informed of the progress of major or critical Incidents (P1 and P2) once the Recognition of Sirdata is acknowledged. Updates on Incident resolution will be provided based on Sirdata's technical availability and priorities.

Incident reports will only be provided upon the Client’s request and are subject to additional fees.

Eligibility Conditions for Service Credits:

Only Incidents reported within 24 hours of detection will be eligible for Service Credits. Detection is defined as the moment the Client becomes aware of the Incident through monitoring tools, automated alerts, or manual observations. To be eligible for Service Credits, the Client must notify Sirdata of the Incident within this timeframe, provide sufficient and verifiable evidence, and obtain Sirdata's acknowledgment that the Incident falls under its responsibility.

Interruptions caused by third-party providers, external network issues, or actions attributable to the Client do not qualify for Service Credits. Exceptions may apply if the Client demonstrates, with supporting evidence, that the delay in notification was due to circumstances beyond their reasonable control, such as force majeure events, unforeseen technical failures, or third-party disruptions

The Client must provide within 24 hours any information requested by Sirdata to diagnose and resolve the Incident.

The Client is responsible for implementing reasonable monitoring measures to detect Incidents affecting Sirdata’s Services. Detection refers to the moment the Client becomes reasonably aware of an Incident through its systems, personnel, or automated monitoring tools.

For a Service Credit request to be valid, the Client must submit supporting evidence, including logs, alerts, or other documentation demonstrating when and how the Incident was detected.

Sirdata reserves the right to verify the detection notification against its own system logs and monitoring data. Reasonable detection refers to the timeframe within which a diligent Client could have been expected to identify the Incident under normal operating conditions. Failure to meet these requirements may result in the denial of the request.

The Client is required to provide timely and complete responses to all requests for information necessary to diagnose and resolve the Incident. Failure to do so, including delays or incomplete submissions, may result in the denial or reduction of eligibility for Service Credits.

Relevant information may include, but is not limited to, system logs, alerts, error messages, configuration details, or any other technical data needed by Sirdata to verify the occurrence, assess the impact, and determine the resolution of the Incident.

Any unreasonable delays or omissions by the Client that hinder the resolution process will release Sirdata from its obligations to provide Service Credits related to the Incident.

Failure to provide the requested information within the stipulated timeframe will extend the resolution period by the duration of the delay caused by the Client.

Sirdata reserves the right to reduce the Service Credits proportionally based on the Client's contribution to the delay. If the Client fails to provide sufficient information to verify or resolve the Incident, Service Credits may be denied entirely.

4. Response Time and Restoration Time Guarantee (RTG)

Sirdata will use its best efforts to address Incidents within the following timelines.

Response and Restoration Time Guarantees may be extended if delays result from the Client’s failure to fulfill their cooperation obligations.

The timelines mentioned in this SLA are provided for informational purposes and may vary depending on technical constraints, resource availability, and the severity of the Incident. Sirdata will endeavor to meet these timelines to the extent possible but cannot guarantee compliance in all circumstances. In the event of a delay, Sirdata commits to promptly notifying the Client and providing regular updates on the corrective measures being implemented.

5. Service Credits

In the event Sirdata fails to meet the Uptime Guarantee, the following Service Credits may apply:

Service Credits are calculated as a percentage of the monthly fees for the affected Services.

Requests for Service Credits must be submitted in writing within 15 calendar days of the Recognition of Downtime by Sirdata. Any lack of response from Sirdata to a Downtime notification shall not be construed as implicit recognition of the Downtime.

Failure to submit a Service Credit request within the specified timeframe, or to provide sufficient evidence supporting the claim, may result in the denial of the request.

Service Credits, once approved, shall be issued, invoiced, and applied within thirty (30) days from the date of recognition of the Downtime by Sirdata.

Service Credits represent the sole and exclusive remedy for Sirdata’s failure to meet the Service level commitments defined in this SLA.

The issuance of Service Credits does not constitute an admission of liability or fault by Sirdata.

6. Client Responsibilities

The Client is responsible for:

(i) Accurate Configuration: Ensuring the accurate configuration and integration of Sirdata’s Services or Products in strict accordance with the guidelines, documentation, and instructions provided by Sirdata.

(ii) Access and Cooperation: Granting Sirdata the necessary access, privileges, and resources, and providing any requested information within 24 hours of Sirdata’s request to enable effective diagnosis and resolution of issues.

(iii) Anomaly Reporting: Promptly recording, documenting, and reporting any system anomalies or error messages encountered while using Sirdata’s Services to facilitate the diagnostic and troubleshooting process.

(iv) Security Measures: Implementing and maintaining robust security measures, including but not limited to firewalls, antivirus systems, access controls, and regular updates, to safeguard their systems and ensure the secure operation of Sirdata’s Services.

Failure to meet these responsibilities will result in the following:

(i) Sirdata will be released from any related performance obligations, including those under Service Level Agreements.

(ii) Any delays, Service interruptions, or performance degradation directly or indirectly caused by such failures will not qualify for Service Credits or other remedies.

(iii) Non-compliance with Sirdata’s technical recommendations may void any applicable Service Availability commitments or Uptime Guarantee.

The Client undertakes that Sirdata’s ability to deliver the contracted Services depends on the Client fulfilling these responsibilities in a timely and accurate manner.

7. Exclusions

The following events are beyond Sirdata’s control and are therefore excluded from the calculation of Service Credits and downtime:

(i) Scheduled maintenance or Emergency Maintenance, provided that appropriate notice is given.

(ii) Force majeure events, including but not limited to natural disasters (e.g., earthquakes, floods), regulatory mandates, strikes, or pandemics.

(iii) Failures or issues caused by third parties, such as the Client’s third-party providers, external networks, or incompatible software versions.

(iv) Client-related causes, including misconfigurations or delays in cooperating with Sirdata during troubleshooting efforts.

These exemptions specifically encompass the events described above, but are not limited to such events.

The following events are beyond Sirdata’s control and are excluded from Service Credits and Downtime calculations.

Sirdata shall not be held liable for any delays, interruptions, or performance degradations caused by these events, and such occurrences will not be counted against Service Availability commitments.

8. Escalation Process

If the Client is dissatisfied with the handling or resolution of an Incident, they may submit a written complaint to Sirdata’s senior management for review at the following e-mail address: [email protected].

Sirdata will evaluate and respond to escalations after considering all relevant facts provided by the Client. Such escalations do not grant an entitlement to additional Service Credits or compensation unless explicitly agreed in writing.

9. Modifications to Products and Services

Sirdata reserves the right to modify or discontinue any Service in response to legal, security, or operational requirements. Clients will be notified 30 days in advance of any substantial modifications.

Sirdata also reserves the right to unilaterally modify Service terms to comply with evolving legal, technological, or operational requirements, with prior notice provided whenever possible.

In the case of substantial modifications, the Client may propose alternative terms within the 30-day notice period, subject to Sirdata’s discretion.

10. Custom Development or Integration

Sirdata is under no obligation to provide custom development or integration Services unless expressly agreed upon in a separate written agreement. Such custom requests are at Sirdata’s sole discretion and may be subject to additional fees.

11. Liability and Indemnification

Sirdata's liability under this SLA is strictly limited to the provision of Service Credits. Sirdata shall not be liable for any indirect, Incidental, or consequential damages, including but not limited to loss of profits or business interruptions.

The Client agrees to indemnify and hold Sirdata harmless from any claims, damages, or liabilities arising from misuse or unauthorized configuration of Sirdata’s Services.

Sirdata’s total liability under this SLA is strictly limited to Service Credits, which are capped at 10% of the annual fees paid by the Client for the affected Services. No other form of compensation, indemnification, or liability shall apply.

Sirdata shall not be liable for damages caused by third-party actions, such as unauthorized access, network failures, or unapproved integrations.

The Client’s remedies under this SLA are exclusively limited to those explicitly provided herein.

In the event of Sirdata's failure to meet the SLA commitments, the Client may request the early termination of the contract only after having sent a formal notice to Sirdata and allowing it a minimum period of 60 days to remedy the identified breaches.

12. Security

Sirdata implements industry-standard security measures but does not guarantee protection against unauthorized access, data breaches, or data loss.

The Client is responsible for securing their own systems and ensuring the use of Sirdata’s Services or Products in compliance with Sirdata’s security recommendations.

Any suspected security breach or unauthorized access involving Sirdata’s Services must be reported by the Client immediately.

Sirdata solely works with suppliers who implement industry-standard security measures, such as ISO 27001 and SOC 2 certifications, to ensure the integrity, availability, and confidentiality of personal data in compliance with GDPR Articles 5(1)(f) and 32.

However, Sirdata does not guarantee protection against unauthorized access, data breaches, or data loss. For the purposes of this clause, ‘data loss’ refers to the irreversible loss of personal data integrity, availability, or confidentiality due to unforeseen events, such as system failures, cyberattacks, or hardware malfunctions, except where Sirdata has acted negligently in implementing or maintaining agreed-upon security measures.

13. Governing Law and Jurisdiction

This SLA is governed by French law, and any disputes arising under or in connection with it shall be subject to the exclusive jurisdiction of the Paris Commercial Court.

The parties agree to engage in good faith negotiations for a period of 90 days before initiating any legal proceedings. In the event of any dispute regarding the interpretation of this SLA, the French version shall take precedence over any translation.