SLA response times are counted in business hours (Monday-Friday, 9:00-17:00 CET), unless the support package includes 24/7. We handle critical incidents outside business hours too, but with longer response times.

How to report a critical incident?

Report critical incidents via dedicated channel (email, emergency phone, Slack). You always receive automatic acknowledgment and regular status updates until resolution.

Can I request a backup of my data?

Yes. You can request access to your data backup at any time. We provide the export within 48 hours in agreed format (SQL dump, JSON, CSV).

How often do you update dependencies and libraries?

Security updates (patches) are deployed immediately upon availability. Other dependencies are updated regularly every 1-2 months, always after testing on staging environment.

SLA & Security

Transparent incident response policies and application security practices

Software quality is not just code, but also processes: incident response speed, data security, change control, and continuous monitoring. Below you'll find detailed information about our SLA standards and security practices.

SLA Response and Repair Times

Response times for incidents based on priority level

The table below shows maximum response and repair times for different incident priority levels. Priorities are determined together with the client based on business impact.

SLA Level Table - Response and Repair Times
Priority	Definition	Response Time	Resolution Target
Critical	Application down or unavailable to users. Data loss. Security threat.	Within 4 hours	24 hours
High	Important functionality not working. Error affects business operations. Workaround exists.	Within 1 business day	3 business days
Medium	Functionality works incorrectly but doesn't block work. Visual or UX errors.	Within 3 business days	1-2 weeks
Low	Minor bugs, improvements, feature requests. Doesn't affect application operation.	In next sprint	According to backlog

SLA times apply to clients with active support packages. Different arrangements apply for projects in development phase.

Quality Guarantees

Processes ensuring highest code quality and application security

Mandatory code review
Every code change goes through code review before production deployment
Automated tests
CI/CD pipeline with unit, integration, and security tests
Daily backups
Automated data backups with recovery tests (RTO: 4h, RPO: 24h)
24/7 monitoring
Proactive monitoring of performance, errors, and application availability
Security audits
Regular vulnerability scanning (SAST, dependency scanning, OWASP)
Change documentation
Complete change history, changelog, and release notes for every deployment

Backups and Recovery

Daily backups

Automated database and file backups performed daily during night hours.

Storage

Backups stored for 30 days in geographically distributed locations (multi-region).

Recovery testing

Regular backup recovery testing (at least quarterly).

RTO and RPO

Recovery Time Objective (RTO): up to 4 hours. Recovery Point Objective (RPO): maximum 24 hours.

Access Control and Authentication

Multi-factor authentication (2FA)

Mandatory 2FA for all team members with access to production and repositories.

Role-based access control (RBAC)

Principle of least privilege - each user has only necessary permissions.

Login audit

All logins to production systems are logged and monitored.

Key rotation

Regular rotation of API keys, certificates, and access passwords (at least every 90 days).

Code Review and Quality Standards

Mandatory code review

Every code change goes through review - minimum 1 person must approve before merge.

Automated tests

CI/CD pipeline runs unit, integration, and security tests before each deployment.

Static code analysis

Automated code scanning for security vulnerabilities (SAST) and quality (ESLint, SonarQube).

Dependency scanning

Regular dependency scanning (npm, NuGet) for known security vulnerabilities.

Monitoring and Alerts

Proactive application monitoring to detect issues before they impact users.

Performance monitoring (APM)

Tracking response times, CPU load, memory, database queries.

Error tracking

Automated error collection and alerting (Sentry, Application Insights).

Uptime monitoring

Checking application availability every 1-5 minutes from different geographic locations.

Real-time alerts

Automated notifications (email, Slack, SMS) when thresholds are exceeded or failures occur.

Learn more about our monitoring approach

Status & Uptime →

Production Change Management

Controlled change deployment process minimizing risk and ensuring production stability.

Staging and production environments

Every change first tested on staging, identical to production.

Deployment windows

Deployments scheduled in agreed time windows (e.g., evenings, weekends) or outside peak hours.

Rollback plan

Every deployment has a prepared emergency rollback plan in case of issues.

Change documentation

Changelog and release notes for every deployment - transparent change communication.

Post-deployment monitoring

Enhanced monitoring for the first 24-48 hours after deployment.

Frequently Asked Questions

Questions about SLA or security?

We're happy to answer questions and customize SLA terms for your project specifics