Locktera.com
Locktera.com

LOCKTERA SERVICE LEVEL AGREEMENT

Last Updated: March 8, 2026

This Service Level Agreement (“SLA”) forms part of and is incorporated into the Master Subscription Agreement, Terms of Service, Order Form, or other written agreement governing Customer’s use of the Services (collectively, the “Agreement”) between Locktera, Inc., a Texas corporation (“Locktera”), and the entity or individual identified in the applicable Order Form (“Customer”).

This SLA applies to Locktera Share, Locktera CORE API, and any associated hosted or managed service components operated and controlled by Locktera, including, as applicable to the subscribed Services, authorization systems, cryptographic enforcement services, audit logging systems, administrative interfaces, and related production systems (collectively, the “Services”).

This SLA establishes Locktera’s commitments regarding service availability, incident response, security incident notification, disaster recovery objectives, support responsiveness, and related service credits and remedies.

This SLA applies solely to production Services operated and controlled by Locktera and accessed by Customer pursuant to a valid subscription during an active subscription term.

Except as expressly provided herein, capitalized terms not defined in this SLA shall have the meanings assigned to them in the Agreement.

In the event of any conflict between this SLA and the Agreement, the terms of this SLA shall control solely with respect to the service level commitments described herein.

1. DEFINITIONS

For purposes of this Service Level Agreement (“SLA”), the following terms shall have the meanings set forth below:

“Availability” means the ability of the production Services to receive and respond to valid Customer-initiated requests for materially required production functionality, including, as applicable to the subscribed Services, authentication, authorization, cryptographic policy enforcement, API processing, and access to hosted service interfaces, under normal operating conditions.

Availability is measured based on the ability of the Services to process valid requests through the applicable service interfaces.

“Monthly Uptime Percentage” means the percentage calculated as follows:

Monthly Uptime Percentage =(Total Minutes in the applicable calendar month − Downtime Minutes)
÷ Total Minutes in the applicable calendar month × 100

Availability shall be measured over each full calendar month during the applicable subscription term.

“Downtime” means a period during which the production Services are unavailable for Customer use due to a Severity 1 Incident, excluding Excluded Downtime.

Downtime includes circumstances where the Services are materially unable to perform core operational functions required for production use, including:

  • inability to access the Services;
  • failure of authentication or authorization systems required for access;
  • failure of cryptographic policy enforcement required to access protected content;
  • failure of core service APIs to process valid requests; or
  • other service failures that prevent normal production use of the Services.

Downtime does not include minor service degradation, non-critical feature impairment, or other Incidents that do not prevent normal production operation.

“Excluded Downtime” means service interruption, unavailability, or degradation resulting from causes outside of Locktera’s reasonable control, including:

  • force majeure events as defined in the Agreement;
  • acts or omissions of Customer or Customer’s authorized users, agents, contractors, or representatives;
  • Customer-controlled systems, infrastructure, or configurations;
  • failures of Customer network connectivity, internet service providers, or local network infrastructure;
  • Scheduled Maintenance performed in accordance with this SLA;
  • Customer use of unsupported software, configurations, or integrations;
  • unauthorized modifications or misuse of the Services; or
  • Customer exceeding documented usage limits or technical requirements.

Excluded Downtime shall not count toward Downtime for purposes of calculating Monthly Uptime Percentage.

“Scheduled Maintenance” means planned maintenance performed by Locktera to maintain, update, secure, or improve the Services.

Locktera will provide at least seventy-two (72) hours prior notice of Scheduled Maintenance where reasonably practicable.

Scheduled Maintenance shall not constitute Downtime.

Emergency maintenance necessary to protect the security, integrity, or availability of the Services may be performed without advance notice.

“Service Credit” means a credit issued to Customer in accordance with this SLA and applied toward future subscription fees for the Services as Customer’s sole and exclusive monetary remedy for Locktera’s failure to meet the applicable Service Availability Commitment.

Service Credits are not redeemable for cash except where required by applicable law.

“Incident” means any unplanned interruption, degradation, impairment, or reduction in the quality, availability, performance, or security of the Services.

“Severity 1 Incident” means an Incident that results in Downtime or otherwise prevents Customers from using the Services in a production environment.

Severity 1 Incidents include, without limitation:

  • complete unavailability of the Services;
  • failure of authentication, authorization, or access control enforcement systems required for service operation;
  • failure of core cryptographic policy enforcement mechanisms;
  • failure of production APIs to respond to valid requests; or
  • any condition that materially prevents Customers from using the Services in production.

Severity 1 Incidents require immediate response and remediation in accordance with the Incident Response Commitments described in this SLA.

2. SERVICE AVAILABILITY COMMITMENT

2.1 Availability Commitment

Locktera shall make the Services available in accordance with the Monthly Uptime Percentage commitment corresponding to Customer’s subscribed service tier (the “Service Availability Commitment”) as specified in the applicable Order Form.

The Service Availability Commitments are as follows:

Service Tier Monthly Uptime Percentage Commitment
Standard Tier 99.9%
Enterprise Tier 99.95%
Mission-Critical Tier 99.99%

Locktera shall use commercially reasonable efforts, consistent with industry practices for enterprise cloud security and infrastructure platforms, to meet or exceed the applicable Service Availability Commitment during each calendar month of the applicable subscription term.

Availability shall be measured on a monthly basis and calculated in accordance with the definitions and measurement methodology set forth in this SLA.

2.2 Scope of Availability

For purposes of this SLA, Availability refers to the operational availability of the production Services and their ability to process valid Customer-initiated requests for core production functionality.

Availability includes the operational functionality of the following service components, as applicable to the subscribed Services:

  • Locktera application programming interfaces (APIs);
  • cryptographic authorization services, including encryption authorization and decryption authorization validation;
  • access control enforcement systems, including policy evaluation and authorization decision systems;
  • container authorization and container access validation services;
  • audit logging infrastructure supporting audit record generation and storage;
  • key management services required for cryptographic authorization operations; and
  • container metadata services supporting container access authorization and policy evaluation.

A failure of one or more of the foregoing components that materially prevents Customer from performing authorized production operations shall constitute Downtime, except where such interruption qualifies as Excluded Downtime under this SLA.

Partial degradation, latency, or non-critical feature impairment that does not prevent normal production use of the Services shall not constitute Downtime.

2.3 Measurement of Availability

Availability shall be measured at the Locktera service interface level, based on the ability of the production Services to receive, authenticate, authorize, process, and respond to valid Customer-initiated requests under normal operating conditions.

Availability measurements shall be determined using Locktera’s internal monitoring systems, operational telemetry, and service logs, which are designed to provide continuous visibility into the operational status of the Services.

For purposes of calculating Monthly Uptime Percentage, Availability shall be measured across the applicable production environment used by Customer and shall exclude Excluded Downtime as defined in this SLA.

In the event of any discrepancy between Customer monitoring systems and Locktera’s monitoring systems, Locktera’s monitoring systems and service logs shall control for purposes of determining service availability under this SLA.

2.4 Redundancy and Service Continuity

Locktera maintains operational, architectural, and technical safeguards designed to support the continuity, reliability, and availability of the Services.

Such safeguards may include:

  • redundant service components and infrastructure designed to reduce single points of failure;
  • automated monitoring, alerting, and operational health checks;
  • fault-tolerant service architecture designed to support service resilience; and
  • incident response, recovery, and operational remediation procedures.

These safeguards are designed to minimize service disruption and support Locktera’s ability to meet the Service Availability Commitment described in this SLA.

The safeguards described in this Section represent operational and architectural design practices and do not constitute separate service level guarantees beyond those expressly provided in this SLA.

Locktera may modify its architecture, infrastructure, and operational safeguards from time to time as part of ongoing service improvement.

2.5 Applicability

The Service Availability Commitment applies solely to production Services operated and controlled by Locktera and accessed by Customer pursuant to an active, paid subscription.

The Service Availability Commitment does not apply to:

  • beta, preview, early-access, or evaluation services;
    • non-production, development, testing, or sandbox environments; or
    • services provided without charge, unless otherwise expressly stated in writing by Locktera.

Availability commitments apply only to the Locktera-managed service environment and do not apply to Customer-managed infrastructure, integrations, or third-party systems.

3. SERVICE CREDIT SCHEDULE

3.1 Eligibility for Service Credits

If Locktera fails to meet the applicable Monthly Uptime Percentage Commitment for the Services during any calendar month of the applicable subscription term, Customer may be eligible to receive Service Credits in accordance with the schedule set forth in this Section, subject to the terms and conditions of this SLA.

Service Credits shall apply only to the affected Services and only for the calendar month in which the Service Availability Commitment was not met.

Service Credits shall be calculated based on the subscription fees paid by Customer for the affected Services during the applicable calendar month.

Service Credits shall be Customer’s sole and exclusive monetary remedy for failure to meet the Service Availability Commitment.

3.2 Service Credit Schedule

If Locktera fails to meet the applicable Monthly Uptime Percentage Commitment during a calendar month, Customer may be eligible to receive Service Credits calculated as a percentage of the monthly subscription fees paid for the affected Services during the applicable calendar month, as set forth below:

Monthly Uptime Percentage Service Credit Percentage
< 99.9% but ≥ 99.0% 10% of monthly subscription fees
< 99.0% but ≥ 95.0% 25% of monthly subscription fees
< 95.0% 50% of monthly subscription fees

For clarity, Service Credits are calculated based solely on the subscription fees paid by Customer for the affected Services during the applicable calendar month and exclude taxes, usage-based charges, overage fees, professional services fees, and third-party charges.

In no event shall the total Service Credits issued for any calendar month exceed fifty percent (50%) of the monthly subscription fees paid for the affected Services.

3.3 Application of Service Credits

Service Credits issued under this SLA:

  • shall be applied as a credit against future invoices for the affected Services;
  • shall not exceed fifty percent (50%) of the monthly subscription fees paid for the affected Services for the applicable calendar month;
  • may not be transferred, assigned, or redeemed for cash, except where required by applicable law; and
  • shall expire if not applied within twelve (12) months after issuance.

Service Credits shall be issued only after Locktera verifies the applicable Downtime and determines that the Monthly Uptime Percentage Commitment was not met for the relevant calendar month.

Service Credits are issued only upon Customer’s submission of a timely request in accordance with the Service Credit Request Procedure set forth in this SLA.

Service Credits shall constitute Customer’s sole and exclusive monetary remedy for Locktera’s failure to meet the Service Availability Commitment.

3.4 Sole and Exclusive Monetary Remedy

Service Credits issued in accordance with this SLA constitute Customer’s sole and exclusive monetary remedy for any failure by Locktera to meet the applicable Service Availability Commitment.

Except as expressly provided in this SLA or the Agreement, Customer shall not be entitled to any additional refunds, credits, or other monetary compensation arising from such failure.

Nothing in this Section limits:

  • Customer’s termination rights expressly set forth in this SLA or the Agreement; or
  • either party’s liability for matters that cannot be limited or excluded under applicable law.

Service Credits shall apply only to the affected Services and only for the applicable calendar month in which the Service Availability Commitment was not met.

3.5 Chronic Availability Failure Termination Right

If Locktera fails to meet the applicable Service Availability Commitment for:

  • three (3) consecutive calendar months, or
  • four (4) calendar months within any rolling twelve (12)-month period,

(each, a Chronic Service Availability Failure), Customer may terminate the affected Services without early termination penalty by providing written notice to Locktera.

Such termination shall become effective upon the date specified in Customer’s written notice, provided that the applicable Chronic Service Availability Failure has been verified in accordance with the availability measurement methodology described in this SLA.

Termination under this Section applies solely to the affected Services and shall not affect any other Services provided under the Agreement.

Locktera may propose a remediation plan within ten (10) days after receiving notice of termination under this Section.

4. INCIDENT RESPONSE COMMITMENTS

4.1 Incident Response Obligations

Locktera shall maintain operational procedures and monitoring systems designed to detect, investigate, escalate, respond to, and remediate Incidents affecting the availability, performance, integrity, or security of the Services.

Locktera shall manage and remediate Incidents in accordance with the severity classifications, response objectives, and operational procedures set forth in this Section (collectively, the “Incident Response Commitments”).

Response Time Objectives shall be measured from the time Locktera becomes aware of an Incident through automated monitoring systems, internal operational detection, or Customer notification through Locktera’s designated support channels.

Resolution Targets represent commercially reasonable operational objectives for remediation of Incidents and are not guaranteed resolution times unless otherwise expressly provided in the Agreement.

4.2 Severity Classifications and Response Targets

Locktera classifies Incidents affecting the Services according to the following severity levels. These classifications determine Locktera’s operational response priorities, escalation procedures, and communication expectations.

Incident severity levels are intended to ensure that Incidents that materially impact the availability, security, or operational use of the Services receive the highest priority response and remediation efforts.

Severity 1 Incident — Critical Service Incident

A Severity 1 Incident means an Incident that results in Downtime or otherwise prevents Customers from using the Services in a production environment.

Examples include, without limitation:

  • inability to access the Services;
  • failure of authentication, authorization, encryption authorization, or decryption authorization systems;
  • failure of access control enforcement or policy evaluation systems;
  • failure of core cryptographic enforcement services;
  • failure of audit logging systems required for compliance or regulatory auditability;
  • widespread system errors preventing normal service operation; or
  • any condition resulting in Downtime.

Response Time Objective:
within one (1) hour

Remediation Target:
Locktera shall initiate corrective action within one (1) hour and shall continue remediation efforts on a continuous basis until service functionality is restored.

Escalation:
Immediate escalation to Locktera engineering, security, and incident response personnel.

Status Updates:
Provided to affected Customers at least every four (4) hours until service restoration.

Severity 2 Incident — High Severity Incident

A Severity 2 Incident means an Incident that materially degrades the functionality or performance of the Services but does not result in Downtime.

Examples include, without limitation:

  • significant service degradation affecting production use;
  • intermittent authorization or policy enforcement failures;
  • partial impairment of cryptographic services;
  • failures affecting specific service components while the overall service remains operational; or
  • operational issues that significantly impact Customer workflows but do not prevent overall service access.

Response Time Objective:
within four (4) hours

Remediation Target:
Locktera shall initiate corrective action within eight (8) hours.

Status Updates:
Provided at least every twenty-four (24) hours until resolution.

Severity 3 Incident — Medium Severity Incident

A Severity 3 Incident means an Incident that causes limited impairment to specific service features or functionality but does not materially affect overall service availability, security enforcement, or production operation.

Examples include, without limitation:

  • non-critical feature impairment;
    • isolated operational issues affecting limited components;
    • defects that do not materially impact production workloads; or
    • minor service inconsistencies.

Response Time Objective:
within one (1) business day

Remediation Target:
Corrective action scheduled in accordance with Locktera’s standard maintenance, patching, and release processes.

Severity 4 Incident — Low Severity Incident

A Severity 4 Incident means general support inquiries, informational requests, or non-critical issues that do not materially impact service availability, performance, or security.

Examples include:

  • general usage questions;
  • configuration guidance;
  • documentation clarification; or
  • other routine support requests.

Response Time Objective:
within two (2) business days.

Security Incidents

A Security Incident may be classified as a Severity 1 Incident or Severity 2 Incident depending on the operational impact on the Services.

Security Incidents include events such as:

  • actual or suspected unauthorized access to Locktera production systems;
  • compromise or suspected compromise of authentication or authorization systems;
  • compromise of cryptographic key management systems;
  • unauthorized access to Customer Data within Locktera-controlled systems; or
  • events affecting the integrity of security enforcement mechanisms.

Security Incidents are handled in accordance with Locktera’s internal security incident response procedures and notification obligations described elsewhere in this SLA.

Incident Detection and Reporting

Incidents may be identified through Locktera’s internal monitoring systems or reported by Customers through Locktera support channels.

Locktera shall use commercially reasonable monitoring and operational practices to detect Incidents affecting the Services and initiate response procedures consistent with the severity classifications defined in this Section.

Incident Resolution

An Incident shall be considered resolved when the Services have been restored to normal operational functionality or when a temporary workaround has been implemented that materially restores service availability while permanent remediation is scheduled.

Locktera may close an Incident once the underlying condition has been remediated or when operational stability has been restored.

4.3 Continuous Incident Management

For Severity 1 Incidents and Severity 2 Incidents, Locktera shall implement incident management procedures designed to restore service functionality and operational stability as promptly as reasonably practicable.

Locktera shall:

  • assign appropriate engineering, operations, and incident response personnel to investigate and remediate the Incident;
  • implement commercially reasonable corrective measures designed to restore service availability, functionality, and security integrity;
  • maintain active incident management and escalation procedures until service functionality is restored or a viable workaround is implemented; and
  • maintain internal incident tracking, documentation, and escalation processes consistent with Locktera’s operational practices.

For Severity 1 Incidents, Locktera shall prioritize remediation activities on a continuous basis until service restoration.

4.4 Incident Communication

For Severity 1 Incidents and Severity 2 Incidents, Locktera shall provide Customers with reasonable status communications regarding incident response and remediation progress.

Incident communications may include:

  • acknowledgment of the reported or detected Incident;
  • status updates regarding remediation efforts; and
  • confirmation when service functionality has been restored.

For Severity 1 Incidents, Locktera will provide status updates in accordance with the update intervals described in Section 4.2.

Locktera may provide incident summaries or post-incident reports following resolution where appropriate.

4.5 Incident Detection and Monitoring

Locktera maintains automated monitoring, logging, and alerting systems designed to detect service availability issues, operational failures, and security-impacting events affecting the Services.

These monitoring systems are intended to support timely identification, investigation, and remediation of Incidents in accordance with the response procedures and priorities defined in this SLA.

Locktera may enhance or modify its monitoring systems and operational detection mechanisms from time to time as part of ongoing service improvement and security operations.

4.6 Security Incident Notification

Locktera shall maintain security incident response procedures designed to identify, investigate, and respond to Security Incidents affecting the confidentiality, integrity, or availability of Customer Data or the security enforcement mechanisms of the Services.

Security Incident Definition

For purposes of this Section, a Security Incident means a confirmed event involving:

  • unauthorized access to Locktera production systems;
  • unauthorized access to Customer Data stored or processed within Locktera-controlled systems;
  • unauthorized disclosure, alteration, or destruction of Customer Data; or
  • material compromise of authentication, authorization, cryptographic enforcement, or other security control mechanisms used to protect the Services.

Security Incident Notification Timing

Locktera shall notify Customer of a confirmed Severity 1 Security Incident affecting Customer Data without undue delay and, in all cases, within twenty-four (24) hours after Locktera confirms such Security Incident.

Notification may be provided through email, customer portal notification, or another reasonable communication method directed to Customer’s designated administrative or security contact.

Security Incident Notification Content

To the extent reasonably available at the time of notification, Security Incident notifications may include:

  • a description of the nature of the Security Incident;
  • the date and time of detection or confirmation;
  • the affected Services or system components;
  • the categories of Customer Data potentially affected; and
  • a summary of corrective actions taken or planned.

Locktera may provide additional updates as further information becomes available during investigation and remediation.

Security Incident Mitigation and Remediation

Locktera shall use commercially reasonable efforts to:

  • contain and mitigate the effects of the Security Incident;
  • prevent further unauthorized access, disclosure, or system compromise; and
  • restore the integrity, security, and availability of the affected Services.

Confidentiality of Incident Information

Information relating to Incidents and Security Incidents shall be treated as Confidential Information in accordance with the Agreement.

Locktera may limit disclosure of certain security-sensitive details where reasonably necessary to protect the security of the Services or other customers.

5. SECURITY SERVICE AVAILABILITY

5.1 Security Service Availability Commitment

Locktera shall maintain the operational availability, integrity, and functional responsiveness of the core security and cryptographic enforcement components of the Services (collectively, the Security Services) in accordance with the Service Availability Commitment set forth in this SLA.

The Security Services include, without limitation:

  • cryptographic authorization services, including encryption authorization and decryption authorization validation;
  • access control enforcement services, including policy evaluation and authorization decision systems;
  • container authorization and secure container access validation services;
  • audit logging infrastructure supporting audit record generation, storage, and retrieval;
  • cryptographic key management services supporting secure key access and authorization operations; and
  • security policy enforcement and authorization verification mechanisms necessary to enforce Customer-defined access controls.

5.2 Security Service Availability Failure

A failure of the Security Services shall be deemed to occur if any Security Service becomes unavailable or materially impaired in a manner that prevents the Services from:

  • enforcing access control policies;
  • performing authorization validation;
  • executing cryptographic authorization operations;
  • generating or recording audit records; or
  • permitting authorized access to protected containers or data.

Any such failure that materially prevents normal production use of the Services shall constitute Downtime, except where the condition qualifies as Excluded Downtime under this SLA.

5.3 Integrity of Security Enforcement

Locktera shall maintain commercially reasonable administrative, technical, and operational safeguards designed to support the availability, reliability, and integrity of the Security Services.

Such safeguards include systems designed to support:

  • authorization validation and access control enforcement;
  • cryptographic operations supporting encryption and decryption authorization;
  • audit logging and audit record integrity; and
  • security policy enforcement mechanisms.

Locktera monitors the Security Services using automated monitoring, logging, and alerting systems designed to detect operational failures, service degradation, or interruptions affecting security enforcement functionality.

5.4 Scope and Applicability

The Security Service commitments described in this Section apply solely to Security Services operated, managed, and controlled by Locktera within the Locktera production environment.

Security Service Availability does not include failures caused by:

  • Customer systems, infrastructure, configurations, or integrations;
  • Customer network connectivity failures;
  • Customer misuse or unauthorized modification of the Services; or
  • other Excluded Downtime as defined in this SLA.

5.5 Security Service Availability as a Material Service Component

The Security Services constitute core functional components of the Services. Any failure materially impairing Locktera’s ability to perform authorization enforcement, cryptographic authorization validation, or audit logging shall be treated as a failure affecting service availability under this SLA.

6. DISASTER RECOVERY AND BUSINESS CONTINUITY COMMITMENTS

6.1 Disaster Recovery Program

Locktera maintains a documented disaster recovery and business continuity program designed to support the restoration and continued operation of the Services in the event of a catastrophic failure, infrastructure disruption, or other material service-impacting event affecting Locktera-controlled production systems.

This program includes commercially reasonable technical, administrative, and operational safeguards designed to support service restoration and operational continuity consistent with industry practices for enterprise cloud security and infrastructure platforms.

6.2 Recovery Objectives

Locktera’s disaster recovery systems are designed to support the following recovery objectives for Locktera-controlled production infrastructure:

Recovery Time Objective (RTO): four (4) hours

The targeted maximum duration to restore the availability of affected production Services following a qualifying disaster event.

Recovery Point Objective (RPO): fifteen (15) minutes

The targeted maximum amount of potential data loss, measured as the maximum tolerable time between the last recoverable data state and the time of the disaster event.

The RTO and RPO objectives described in this Section represent operational targets for disaster recovery design and planning. These objectives apply solely to production environments operated and controlled by Locktera and do not apply to Customer-controlled systems, integrations, or third-party infrastructure outside of Locktera’s control.

6.3 Data Durability Commitment

Locktera maintains storage architecture, redundancy mechanisms, and data integrity safeguards designed to support a data durability target of at least 99.999999999% (eleven nines) on an annual basis for Customer data stored within Locktera-controlled production infrastructure.

For purposes of this SLA, Data Durability refers to the probability that Customer data—including encrypted containers, associated metadata, audit records, and cryptographic references—remains intact, uncorrupted, and retrievable over a one-year period.

Locktera’s durability safeguards may include:

  • redundant storage across multiple fault domains or availability zones;
  • automated data replication mechanisms;
  • integrity verification and checksum validation processes;
  • secure backup procedures; and
  • periodic validation of stored data integrity.

The Data Durability target represents a design objective based on storage architecture and redundancy practices and does not constitute a guarantee against all forms of data loss, including data loss resulting from Customer actions, misuse of the Services, or events qualifying as Excluded Downtime under this SLA.

6.4 Scope of Disaster Recovery Coverage

The disaster recovery commitments described in this Section apply to Locktera-controlled production infrastructure supporting core service functionality, including:

  • cryptographic authorization services;
  • access control enforcement systems;
  • container authorization and container access validation services;
  • audit logging infrastructure;
  • cryptographic key management services; and
  • other core service components necessary to support authorized production use of the Services.

These commitments are intended to support the restoration of core security enforcement functionality necessary for Customer production operations.

6.5 Testing and Validation

Locktera periodically tests its disaster recovery and business continuity procedures using commercially reasonable methods designed to validate restoration capabilities and operational readiness.

Such testing may include:

  • failover simulations;
  • recovery workflow testing;
  • data recovery validation; and
  • redundancy verification exercises.

The results of these activities are used to refine and improve Locktera’s recovery procedures and operational resilience.

6.6 Limitations

The disaster recovery objectives described in this Section represent design targets and operational goals and do not constitute guarantees of uninterrupted service or guaranteed recovery times.

Actual recovery times may vary depending on the nature, scope, and severity of the disaster event.

Disaster recovery commitments do not apply to service disruptions caused by:

  • force majeure events beyond Locktera’s reasonable control;
  • Customer-controlled infrastructure, systems, or configurations;
  • Customer network connectivity failures; or

third-party systems not operated or controlled by Locktera.

7. SCHEDULED MAINTENANCE

7.1 Scheduled Maintenance Windows

Locktera may perform planned maintenance on the Services (“Scheduled Maintenance”) for purposes including maintaining, updating, securing, improving, or enhancing the performance, reliability, or security of the Services.

Locktera will provide Customer with at least seventy-two (72) hours’ prior notice of Scheduled Maintenance where reasonably practicable, except where a shorter notice period is necessary to protect the security, integrity, or availability of the Services.

Scheduled Maintenance will generally be performed during maintenance windows designated by Locktera and communicated to Customers through reasonable notice mechanisms.

7.2 Duration and Frequency

Scheduled Maintenance activities are typically expected to be completed within six (6) consecutive hours, although longer maintenance windows may be required depending on the nature or complexity of the maintenance activity.

Locktera shall use commercially reasonable efforts to:

  • limit the frequency and duration of Scheduled Maintenance;
  • schedule maintenance during off-peak usage periods where reasonably practicable; and
  • minimize disruption to Customer’s production use of the Services.

7.3 Exclusion from Downtime

Scheduled Maintenance performed in accordance with this Section shall not constitute Downtime for purposes of calculating the Monthly Uptime Percentage under this SLA.

Maintenance activities performed without prior notice shall be considered Downtime unless such activities qualify as Emergency Maintenance under Section 7.4.

7.4 Emergency Maintenance

Locktera may perform maintenance without advance notice (“Emergency Maintenance”) where Locktera reasonably determines that such maintenance is necessary to:

  • address a security vulnerability or active threat;
  • prevent or mitigate a material service disruption;
  • protect the integrity, confidentiality, or availability of the Services; or
  • comply with applicable law, regulatory requirements, or security obligations.

Locktera will provide notice of Emergency Maintenance as soon as reasonably practicable under the circumstances.

Emergency Maintenance shall not constitute Downtime unless the duration of the maintenance materially exceeds the time reasonably necessary to remediate the underlying issue.

7.5 Continuous Improvement

Locktera maintains operational practices designed to minimize service-impacting maintenance activities, which may include:

  • rolling deployments and staged service updates where feasible;
  • redundant infrastructure and failover mechanisms;
  • monitoring, change management, and release control processes; and
  • pre-deployment validation and testing procedures.

These practices are intended to support service reliability and reduce maintenance-related disruptions.

Locktera may perform maintenance that does not materially affect service availability without prior notice.

8. CUSTOMER SUPPORT COMMITMENTS

8.1 Support Services Overview

Locktera shall provide technical support services designed to assist Customer in the identification, diagnosis, and remediation of Incidents and technical issues affecting the Services (the “Support Services”).

Support Services are provided in accordance with the severity classifications and response time objectives set forth in this SLA and apply solely to production Services operated and controlled by Locktera.

Support Services are intended to support the operational availability, functionality, and security of the Services.

8.2 Support Availability

Locktera shall provide support coverage as follows:

Enterprise Support Tier

  • 24 hours per day, 7 days per week (24×7) support coverage for Severity 1 Incidents;
  • support coverage during Locktera’s standard business hours for Severity 2, Severity 3, and Severity 4 Incidents, unless otherwise specified in the applicable Order Form; and
  • access to escalation procedures and incident management resources necessary to address service-impacting issues.

For purposes of this SLA, standard business hours means Monday through Friday, excluding Locktera-observed holidays, from 8:00 a.m. to 5:00 p.m. Central Time.

8.3 Response Time Objectives

Locktera shall use commercially reasonable efforts to respond to support requests within the following timeframes based on the applicable Incident severity level:

Severity Level Description Initial Response Time Objective
Severity 1 Complete service outage, failure of core security enforcement, or material production impact 1 hour (24×7)
Severity 2 Significant degradation of service functionality or performance 4 hours
Severity 3 Limited impairment of specific features or functionality 1 business day
Severity 4 General inquiries, documentation questions, or non-critical issues 2 business days

Response Time Objectives measure the time between Locktera’s receipt of a valid support request and Locktera’s acknowledgment of such request and initiation of investigation.

Response Time Objectives represent target response times and do not constitute guaranteed resolution times.

8.4 Support Channels

Customer may contact Locktera Support through the following channels:

  • Locktera-designated support portal;
  • Locktera-designated support email addresses;
  • telephone support, where included in the applicable support tier; and
  • access to a dedicated customer success or technical account contact where provided under the applicable Order Form.

Locktera may update support contact methods from time to time upon reasonable notice to Customers.

8.5 Incident Escalation and Management

Locktera maintains internal escalation procedures designed to ensure that appropriate engineering and operational personnel are engaged in the investigation and remediation of Incidents.

These procedures may include:

  • escalation to senior engineering personnel;
  • assignment of incident response personnel; and
  • ongoing internal tracking and remediation management.

For Severity 1 and Severity 2 Incidents, Locktera shall provide reasonable status updates regarding investigation and remediation progress until service functionality is restored.

8.6 Customer Responsibilities

Customer shall use commercially reasonable efforts to:

  • provide sufficient information to enable Locktera to diagnose and resolve support requests;
  • cooperate with Locktera support personnel during incident investigation and remediation; and
  • implement corrective actions within Customer-controlled systems where applicable.

Locktera’s support obligations apply solely to the Services and do not extend to Customer-controlled infrastructure, third-party services, or Customer-developed integrations.

8.7 Scope of Support Services

Support Services may include assistance with:

  • service availability or operational issues affecting the Services;
  • authorization, authentication, or access control issues;
  • operational issues affecting Locktera APIs;
  • audit logging availability and access issues; and
  • general technical operation of the Services.

Support Services do not include custom development, system integration, consulting, or other professional services unless expressly agreed in writing.

Support Services do not include support for Customer-developed applications, third-party software, or Customer-managed infrastructure.

9. AUDIT AND FORENSIC SUPPORT

9.1 Audit and Forensic Data Availability

Locktera maintains audit logging and forensic record systems designed to record, preserve, and enable retrieval of security-relevant events associated with Customer use of the Services (the “Audit and Forensic Data”).

Upon Customer’s written request, Locktera shall make available relevant Audit and Forensic Data relating to Customer’s use of the Services for legitimate security, compliance, incident response, or forensic investigation purposes, subject to the limitations and requirements set forth in this Section.

Audit and Forensic Data may include, without limitation:

  • container access logs, including successful and failed access attempts;
  • authorization and policy enforcement logs;
  • audit records reflecting access, authorization, and administrative actions;
  • cryptographic authorization and key access event records;
  • API access and request logs; and
  • security event records associated with Customer’s use of the Services.

9.2 Response Time for Audit Requests

Locktera shall use commercially reasonable efforts to make requested Audit and Forensic Data available within twenty-four (24) hours after receipt of a valid written request, provided that:

  • the request reasonably identifies the requested data; and
  • the request relates solely to Customer’s own data or authorized use of the Services.

Requests involving large data volumes, complex queries, or extended time ranges may require additional processing time depending on scope and technical requirements.

9.3 Scope and Limitations

Locktera shall provide Audit and Forensic Data only to the extent that such data:

  • relates to Customer’s use of the Services; and
  • is available within Locktera-controlled systems.

Locktera shall not be required to disclose:

  • information relating to other customers;
  • proprietary Locktera system architecture, infrastructure design, or internal security controls; or
  • information restricted by applicable law, regulatory obligations, or security requirements.

Locktera may reasonably limit the format, scope, or method of disclosure of Audit and Forensic Data where necessary to protect system integrity, security, or the confidentiality of other customers.

9.4 Integrity and Preservation of Audit Records

Locktera maintains audit logging systems designed to preserve the integrity, authenticity, and chronological accuracy of audit records generated by the Services.

Audit records are protected against unauthorized modification through administrative, technical, and operational safeguards consistent with industry practices for secure audit logging.

9.5 Use of Audit and Forensic Data

Audit and Forensic Data provided to Customer shall be used solely for Customer’s internal security, compliance, audit, or forensic investigation purposes and shall remain subject to the confidentiality obligations set forth in the Agreement.

9.6 Regulatory and Compliance Support

Where reasonably required for regulatory compliance, security incident response, or audit purposes, Locktera shall cooperate with Customer’s reasonable requests for information concerning Customer’s use of the Services, subject to applicable confidentiality, security, and legal requirements.

Such cooperation may include providing documentation or records relating to Customer’s use of the Services that are reasonably available within Locktera-controlled systems.

9.7 Audit Log Retention

Locktera shall retain Audit and Forensic Data generated by the Services for a minimum period of twelve (12) months from the date of creation, unless a longer retention period is required by applicable law or expressly specified in an applicable Order Form.

Audit and Forensic Data shall be retained within Locktera-controlled systems and preserved using administrative, technical, and operational safeguards designed to maintain record integrity and prevent unauthorized alteration or deletion.

Upon expiration of the applicable retention period, Locktera may securely delete or archive such records in accordance with its data retention and disposal policies, unless retention is otherwise required by law or written agreement.

Extended retention periods beyond twelve (12) months may be available under enterprise subscription tiers or pursuant to a written agreement.

10. SERVICE CREDIT REQUEST PROCEDURE

10.1 Submission of Service Credit Requests

To be eligible for Service Credits under this SLA, Customer must submit a written request to Locktera within thirty (30) calendar days following the end of the calendar month in which the applicable Service Availability Commitment was not met (a “Service Credit Request”).

Service Credit Requests must be submitted through Locktera’s designated support portal or via Locktera’s designated support email address and must include, at a minimum:

  • a description of the Incident or service unavailability;
  • the dates and approximate times of the alleged Downtime;
  • identification of the affected Services; and
  • any supporting documentation or evidence reasonably available to Customer demonstrating the claimed service unavailability.

Failure to submit a Service Credit Request within the required timeframe constitutes a waiver of Customer’s right to receive Service Credits for the applicable period.

10.2 Verification and Evaluation

Upon receipt of a valid Service Credit Request, Locktera shall evaluate the request in good faith using its internal monitoring systems, operational records, and incident logs.

For purposes of determining Service Availability and Downtime under this SLA, Locktera’s monitoring systems and service logs shall serve as the authoritative source of record.

Locktera shall determine, in its reasonable discretion, whether the Service Availability Commitment was not met and whether Customer is eligible for Service Credits in accordance with this SLA.

Locktera may request additional information from Customer where reasonably necessary to evaluate the Service Credit Request.

10.3 Issuance of Service Credits

If Locktera determines that Customer is eligible for Service Credits, Locktera shall apply the applicable Service Credits to Customer’s future invoices for the affected Services.

Service Credits:

  • shall be applied solely as credits toward future subscription fees for the affected Services;
  • shall not be redeemable for cash, refunds, or other payments except where required by applicable law;
  • shall not exceed the maximum Service Credit limits set forth in this SLA; and
  • shall be issued within a commercially reasonable period following Locktera’s approval of the Service Credit Request.

10.4 Exclusive Remedy

Service Credits issued in accordance with this SLA constitute Customer’s sole and exclusive monetary remedy for any failure by Locktera to meet the applicable Service Availability Commitment.

Nothing in this Section limits Customer’s termination rights expressly provided in the Agreement or this SLA.

10.5 Fraud Prevention and Abuse Protection

Locktera reserves the right to deny Service Credit Requests that:

  • are incomplete or submitted outside the required timeframe;
  • lack reasonable supporting evidence;
  • are inconsistent with Locktera’s service monitoring records; or
  • are based on conditions that constitute Excluded Downtime under this SLA.

Customer must be current on all undisputed payment obligations to be eligible for Service Credits.

11. CUSTOMER TERMINATION RIGHTS FOR CHRONIC SERVICE AVAILABILITY FAILURES

11.1 Termination for Chronic Service Availability Failure

If Locktera fails to meet the applicable Service Availability Commitment for the affected Services:

  • for three (3) consecutive calendar months; or
  • for four (4) or more calendar months within any rolling twelve (12)-month period,

(each, a Chronic Service Availability Failure”), Customer may terminate the affected Services without early termination penalty by providing written notice to Locktera, subject to the conditions set forth in this Section.

11.2 Conditions for Termination

Customer may exercise its termination rights under this Section only if:

  • Customer has submitted valid Service Credit Requests for the applicable periods in accordance with this SLA;
    Locktera has verified that the Service Availability Commitment was not met for the applicable periods; and
  • Customer provides written notice of termination within thirty (30) days following Locktera’s confirmation of the Chronic Service Availability Failure.

Termination rights under this Section apply solely to the affected Services and shall not automatically apply to any other Services provided under the Agreement.

11.3 Cure Period

Following Customer’s written notice of termination under this Section, Locktera shall have a period of thirty (30) days (the “Cure Period”) to implement corrective measures designed to restore compliance with the Service Availability Commitment.

If Locktera restores compliance during the Cure Period and maintains such compliance for at least one full calendar month, Customer’s termination right under this Section shall no longer apply.

11.4 Effect of Termination

Upon termination of affected Services under this Section:

  • Customer shall not be required to pay early termination fees for the terminated Services;
  • Customer shall remain responsible for all fees accrued prior to the effective termination date; and
  • Customer’s access to the terminated Services shall cease in accordance with the Agreement.

Termination under this Section shall not entitle Customer to refunds except where expressly required under the Agreement or applicable law.

11.5 Exclusive Termination Remedy for SLA Failures

The termination rights described in this Section constitute Customer’s sole and exclusive termination remedy arising from Locktera’s failure to meet the Service Availability Commitment.

Nothing in this Section limits either party’s right to terminate the Agreement for other causes expressly provided in the Agreement.

Termination under this Section shall not affect Customer’s obligations relating to data export, data retention, or post-termination obligations under the Agreement.

12. SERVICE EXCLUSIONS

12.1 Excluded Downtime

The Service Availability Commitment and any related Service Credits under this SLA shall not apply to service unavailability, degradation, or interruption resulting from events outside Locktera’s reasonable control (collectively, “Excluded Downtime”), including:

  • events constituting force majeure under the Agreement, including acts of God, natural disasters, governmental actions, war, terrorism, labor disputes, or widespread internet disruptions;
  • acts or omissions of Customer or Customer’s employees, agents, contractors, authorized users, or third-party service providers not under Locktera’s control;
  • Customer-controlled systems, infrastructure, configurations, integrations, or environments;
  • failures of Customer network connectivity, internet service providers, or local telecommunications infrastructure;
  • misuse of the Services, including use in violation of the Agreement, documentation, or published technical requirements;
  • unauthorized modifications, alterations, or unsupported integrations with the Services;
  • Customer exceeding documented usage limits or technical specifications;
  • Scheduled Maintenance or Emergency Maintenance performed in accordance with this SLA; or
  • suspension or restriction of Services in accordance with the Agreement.

Excluded Downtime shall not be counted as Downtime for purposes of calculating the Monthly Uptime Percentage under this SLA.

12.2 Third-Party Infrastructure

The Services may operate on infrastructure or data center services provided by third-party cloud providers.

Locktera remains responsible for the design, configuration, monitoring, and operation of its application-layer services and security architecture.

However, downtime caused solely by failures of third-party infrastructure outside of Locktera’s reasonable control, and not resulting from Locktera’s misconfiguration or operational negligence, shall constitute Excluded Downtime.

12.3 Customer Responsibilities

Customer acknowledges that proper use, configuration, and integration of the Services within Customer’s environment are necessary to achieve intended performance and availability.

Locktera shall not be responsible for service disruption attributable to:

  • Customer’s failure to follow documented configuration or integration requirements;
  • Customer-side application errors, infrastructure issues, or misconfigurations; or
  • Customer-imposed network, security, or connectivity restrictions that impair access to the Services.

12.4 Locktera Responsibility

Nothing in this Section relieves Locktera of its responsibility for:

  • the design, operation, monitoring, and maintenance of the Locktera-controlled production environment;
  • the integrity and availability of Locktera’s application-layer services; or

Locktera’s obligations expressly set forth in this SLA or the Agreement.

13. SERVICE MONITORING

13.1 Continuous Service Monitoring

Locktera maintains automated monitoring, alerting, and diagnostic systems designed to monitor the availability, integrity, and operational health of the Services (collectively, the “Monitoring Systems”).

These Monitoring Systems are designed to detect service interruptions, performance degradation, authorization failures, and other operational anomalies affecting the Services, including, without limitation:

  • API availability and responsiveness;
  • cryptographic authorization and access control enforcement services;
  • container authorization and container metadata services;
  • audit logging infrastructure; and
  • key management and authorization validation services.

Monitoring is performed on a continuous basis to support Locktera’s incident detection, escalation, and remediation processes.

13.2 Availability Measurement Authority

Service Availability and Downtime determinations under this SLA shall be based on Locktera’s Monitoring Systems, operational telemetry, and incident records, which shall serve as the authoritative source of record for determining:

  • Service Availability;
  • Monthly Uptime Percentage; and
  • eligibility for Service Credits under this SLA.

Locktera shall use commercially reasonable efforts to maintain accurate monitoring records sufficient to support availability determination and incident analysis.

13.3 Incident Detection and Response Enablement

Locktera’s Monitoring Systems are designed to support timely detection of Incidents affecting the Services.

Such systems may include automated alert generation, monitoring thresholds, and escalation procedures designed to enable response in accordance with the Incident Response Commitments set forth in this SLA.

Locktera maintains operational procedures for responding to monitoring alerts, diagnosing service issues, and initiating remediation actions where appropriate.

13.4 Monitoring Scope and Limitations

Service monitoring applies solely to production Services operated and controlled by Locktera.

Locktera’s Monitoring Systems do not monitor:

  • Customer-controlled systems or infrastructure;
  • Customer network connectivity or internet service providers; or
  • third-party systems not operated or controlled by Locktera.

Availability determinations under this SLA shall not be based solely on Customer-side monitoring tools that do not accurately reflect Service Availability at the Locktera service interface.

13.5 Auditability and Record Retention

Locktera shall maintain monitoring and incident records for a commercially reasonable period sufficient to support SLA verification, incident investigation, and operational analysis.

Such records may be used to verify compliance with the Service Availability Commitment and to evaluate Service Credit Requests submitted under this SLA.

14. LIMITATION OF REMEDIES

14.1 Exclusive Monetary Remedy

Service Credits issued in accordance with this SLA constitute Customer’s sole and exclusive monetary remedy, and Locktera’s sole and exclusive monetary liability, for any failure by Locktera to meet the Service Availability Commitment or other service level obligations expressly set forth in this SLA.

Service Credits apply only to the affected Services and only to the extent expressly provided in this SLA.

14.2 Exclusion of Additional Monetary Remedies

Except as expressly provided in this SLA or required by applicable law, Customer shall not be entitled to:

  • refunds of subscription fees;
  • damages or compensation arising from service unavailability; or
  • any other monetary remedy for Locktera’s failure to meet the Service Availability Commitment.

Service Credits shall not be redeemable for cash or monetary payment except where required by applicable law.

14.3 Relationship to Agreement

This SLA establishes specific service level commitments and remedies relating to Service Availability and related operational performance metrics.

Except as expressly provided in this SLA, nothing in this Section limits:

  • either party’s rights or remedies under the Agreement unrelated to Service Availability;
  • Customer’s termination rights expressly provided in this SLA or the Agreement; or
  • either party’s liability for matters that cannot be limited or excluded under applicable law.

14.4 Limitation of Scope

The remedies described in this SLA apply solely to failures to meet the Service Availability Commitment and do not apply to other obligations governed by the Agreement unless expressly stated.

All other limitations of liability, exclusions of damages, and remedies shall be governed by the limitation of liability provisions set forth in the Agreement.

Service Credits shall not be cumulative and shall not exceed the maximum credit limits specified in this SLA.

15. MODIFICATIONS

15.1 Right to Modify

Locktera may modify or update this SLA from time to time to reflect changes in the Services, operational practices, legal requirements, or industry standards.

Any modifications shall take effect only in accordance with the provisions set forth in this Section.

15.2 Notice of Material Changes

If Locktera makes a material change to this SLA that adversely affects Customer’s rights or remedies, Locktera shall provide reasonable prior notice of such change.

Notice may be provided by:

  • email to Customer’s designated account contact;
  • notification through the Locktera customer portal; or
  • other reasonable means of communication.

15.3 Applicability of Changes

Unless otherwise expressly agreed in writing, modifications to this SLA shall apply only to:

  • new subscription terms entered into after the effective date of the modification; or
  • renewal subscription terms occurring after the effective date of the modification.

No modification shall materially reduce the Service Availability Commitment or affect Service Credits already earned during an active, prepaid subscription term.

15.4 Continued Use

Customer’s continued use of the Services following the start of a renewal subscription term constitutes acceptance of the SLA then in effect for that renewal term.

15.5 Protection of Existing Rights

No modification to this SLA shall retroactively affect:

  • Service Availability Commitments applicable to prior periods;
  • Customer’s eligibility for Service Credits already earned; or

any accrued rights or remedies arising prior to the effective date of the modification.

16. GOVERNING AGREEMENT AND ORDER OF PRECEDENCE

16.1 Incorporation into the Agreement

This Service Level Agreement (“SLA”) is incorporated into and forms part of the Master Subscription Agreement, Terms of Service, Order Form, or other written agreement governing Customer’s access to and use of the Services (collectively, the “Agreement”).

This SLA establishes specific service level commitments, performance standards, and remedies applicable to the Services.

16.2 Order of Precedence

In the event of any conflict or inconsistency between this SLA and the Agreement, the following order of precedence shall apply:

  1. This SLA shall control solely with respect to service availability commitments, incident response commitments, service credit eligibility, and other service level obligations expressly set forth herein; and
  2. The Agreement shall control with respect to all other matters, including but not limited to fees, payment terms, data ownership, confidentiality, limitation of liability, indemnification, termination rights, and other contractual provisions.

16.3 Consistency with Order Forms

If an applicable Order Form expressly modifies or supersedes specific service level commitments set forth in this SLA, the terms of the applicable Order Form shall control solely with respect to the affected Services.

All other provisions of this SLA shall remain in full force and effect.

16.4 No Expansion of Liability

Except for the service level commitments and remedies expressly provided in this SLA, nothing in this SLA shall expand, modify, or supersede the limitation of liability provisions set forth in the Agreement.

16.5 Survival

Any provisions of this SLA that by their nature should survive termination or expiration of the Agreement shall survive, including without limitation provisions relating to Service Credit eligibility, limitations of remedies, and audit or forensic support obligations arising prior to termination.