Skip to Main Content

SLA and Security Policy

This Service Level Agreement (SLA) and Security Policy sets forth certain additional service level and security policies applicable to the proprietary cloud-based software-as-a-service platform(s) made available through the Site and/or any Neon One mobile application (each a “Neon One Product” and, collectively, the “Neon One Products”) offered by Neon One, LLC, directly or through any of its affiliated companies including, without limitation, Neon CRM, Rallybound, Arts People, and CiviCore (“Neon One“, “we” or “us”) to you, our end-users (“Customer“, “you” or “your”). This SLA and Security Policy is subject to the Neon One General Terms of Service made available at  https://neonone.com/termsofservice (the “Terms of Service”) and forms part of the Agreement between you and Neon One. Capitalized terms that are not defined in this SLA and Security Policy will have the same meaning as in the Terms of Service.

SLA

Last Updated: March 29, 2024

1. Performance Criteria

Neon One uses commercially reasonable efforts designed to ensure that the Neon One Products provide a monthly uptime of 99.9% of the time during the applicable Sales Order Term except for periods of scheduled downtime for routine maintenance and service (the “Uptime Commitment”). Neon One will make good faith efforts to schedule maintenance during the hours of 9pm – 5am PT and to provide notice on the Site or Neon One Products of any scheduled maintenance outside of such hours. Any period during which the Neon One Products are not reasonably available to Customer or its Authorized Users that falls below the Uptime Commitment will be considered “Downtime” except as specifically described herein. Should Downtime occur, as Customer’s sole and exclusive remedy and Neon One’s sole and exclusive liability, Neon One shall have qualified personnel respond promptly to a report of Downtime and will, to the extent reasonably practicable, work continuously to remedy such Downtime. The Uptime Commitment does not apply if Customer or its Authorized Users cannot access or utilize the Neon One Products because of (a) any latency or downtime due to Customer’s or its Authorized Users’ acts or omissions or resulting from their own Internet Service Provider, (b) acts of unauthorized third parties, (c) scheduled maintenance, (d) third party acts or omissions over which Neon One has no control, (e) a force majeure event (including, without limitation, a distributed denial of service (DDoS) attack); (f) any systemic Internet failures; or (g) any failure or deficiency in the Customer’s or its Authorized Users’ own hardware, software or network connection.

2. Technical Support 

Neon One may provide the Customer with Support Services as specified in a Sales Order or the support package(s) subsequently purchased by the Customer. Support Services will only be provided by Neon One to the Customer’s authorized administrators for the Neon One Products. It is the Customer’s sole responsibility to provide primary support to its Authorized Users. Neon One may at its option provide secondary support for Customer’s Authorized Users, and in any such case, such secondary support shall be in accordance with a separate agreement agreed to by the Parties (in writing). If, during the course of providing any secondary support to an Authorized User, Neon One determines that the scope of the support sought by such Authorized User is outside of the scope of the Support Services agreed by the Parties, Neon One may cease providing such secondary support and direct such Authorized User to contact Customer for assistance.

Neon One customer support is available Monday through Friday, excluding all Neon One holidays. An Authorized User can submit a support request as follows:

  • Go to support.neonone.com and click “Submit a Request”
  • Click the “Support Center” option found at the top right of every page within each Neon One Product

Responses to support requests are posted to the Authorized User’s account in the Support Center, and a copy of the response is also sent to the Authorized User via email. Neon One will use commercially reasonable efforts to respond to requests and resolve problems as quickly as possible and will provide progress reports to the Authorized User via the Support Center and email.

Security Policy

Last Updated: March 29, 2024

3. Incident Management 

Neon One maintains a security incident management program. Upon detection of a security incident, including but not limited to a data breach incident, Neon One undertakes an internal investigation and where appropriate, a remediation process, up to and including notification to impacted individuals within 72 hours of confirming an incident, all in accordance with applicable law. 

4. Operational Security 

Neon One maintains a set of physical security policies, processes, and procedures based on generally accepted industry practices that govern physical security and environmental controls used to both guard Neon One’s systems and scoped data, and to govern visitors to Neon One’s physical locations and facilities. Neon One maintains a change management process to monitor changes to information systems, network devices, system components, physical and environment changes, and software development. 

5. Asset Management 

Neon One’s data and information system assets include corporate and customer assets. These asset types are managed under Neon One’s security policies and procedures. Neon One authorized personnel who access and handle these assets are required to comply with the procedures and guidelines defined by Neon One’s security policies. Processes and procedures are in place to address employees who are terminated. Access control lists define the behavior of any user within Neon One’s information systems, and security policies limit them to authorized behaviors. 

6. Risk Assessment Management 

Neon One maintains a corporate risk assessment program and policy that defines risk levels for discovered issues with employee(s) assigned to manage and regularly reviews the program and policy. Neon One’s risk management program includes guidance on the potential threat identification and mitigation strategies for those risks. Neon One performs risk assessments on at least an annual basis. 

7. Information Security 

Neon One has documented security policies and procedures that define information security rules and requirements for its software and services environment that are reviewed at least annually and updated as necessary. Customer Data submitted by Customer to Neon One Products is transmitted securely with adequate standard in-transit encryption protection. Additionally, Neon One uses generally accepted industry-standard encryption for at-rest encryption of Customer Data. 

8. Vendor Management 

Neon One maintains a vendor management program that establishes the rules and requirements for any vendor that will access, store, and/or process Neon One’s information assets and includes conducting the relevant security assessment for such vendor. 

9. Personnel Security 

Neon One employees are required to sign confidentiality agreements and acknowledge Neon One’s Code of Conduct. The Code of Conduct outlines Neon One’s expectation that every employee will conduct business ethically, lawfully, and with integrity and respect for each other as well as Neon One customers, partners, vendors, competitors, and other third parties. All employees are provided with security training as part of onboarding and all employees are required to complete an annual training course on code of conduct policies. Additionally, Neon One currently conducts employment background checks on all Neon One employees and certain consultants and contractors upon hire, unless expressly, and then solely to the extent, prohibited by law: (1) to verify the accuracy of employment chronology and educational credentials; and (2) to verify such employee, consultant or contractor (as applicable) has no civil, criminal or credit history that would preclude successful fulfillment of the role with Neon One including, but not limited to, meeting confidentiality obligations. There are processes in place to address both the onboarding and offboarding of Neon One employees, consultants, and contractors.

10. Vulnerability Management 

Neon One conducts security assessments to identify vulnerabilities in both Neon One’s corporate IT infrastructure and Neon One Products. 

11. Penetration Testing 

Neon One, or an authorized third party on Neon One’s behalf, conducts annual penetration testing of its Neon One Products to assess current threats and vulnerabilities. Each security concern is reviewed to determine if it is applicable, ranked based on risk, and assigned to the appropriate team for remediation. 

12. Data Protection and Personal Data Processing 

In connection with providing products and services to Neon One’s customers, Neon One protects PPI and PHI using appropriate physical, technical, and organizational security measures. Furthermore, Neon One’s privacy policy and, as applicable, Neon One’s data processing addendum, contains more information on how Neon One handles and protects personal data. 

13. Incident Event and Communications Management

Neon One maintains an incident response plan that specifies actions to be taken when Neon One or one of its subcontractors suspects or detects that a party has gained material unauthorized access to Customer Data or systems or applications containing any Customer Data (the “Response Plan”).  Such Response Plan includes an escalation procedure that includes notification to senior managers and appropriate reporting to regulatory and law enforcement agencies.  

Neon One promptly notifies affected Customers after it has determined that unauthorized access to Customer Data has occurred unless otherwise prohibited by Applicable Law. In such an event, and unless prohibited by Applicable Law or confidentiality restrictions, Neon One provides information, to the extent available to Neon One, sufficient to provide a reasonable description of the general circumstances and extent of such unauthorized access, and provides reasonable cooperation to Customer: 

  • in the investigation of any such unauthorized access;
  • in Customer’s efforts to comply with statutory notice or other Applicable Laws applicable to Customer or its Customers; and 
  • in litigation and investigations brought by Customer against third parties, including injunctive or other equitable relief reasonably necessary to protect Customer’s proprietary rights. 

For the avoidance of doubt, Neon One shall not be required to disclose information that Neon One reasonably determines would compromise the security of Neon One’s technology or premises or that would impact other Neon One customers. Neon One will take reasonable actions to mitigate loss from any such authorized access.

14. Subprocessors

Subject to any applicable terms of the Agreement, Neon One is authorized to engage the sub-processors in this Section or as otherwise disclosed to Customer, and Neon One shall at all times remain liable for the acts and omissions of any sub-processors it engages with respect to the processing of Personal Data in connection with the Agreement to the same extent as Neon One would be responsible for such acts and omissions if taken by Neon One. 

Last Updated: March 29, 2024

NamePurpose
Amazon Web ServicesHosting of Product Servers, Email Routing, Neon One Text Routing
BandwidthClient Text Routing (Beginning July 2024)
ChurnZeroCustomer Success Analysis
DocuSignContract Signature
DudaWebsite Platform
Microsoft AzureHosting of Product Servers
PaypalPayment Processing
PayrixPayment Processing
PendoProduct Analytics
SalesforceNeon One’s CRM
SendGridEmail Routing
SalesLoftCustomer Communication
SkillJarNeon One Learning Management System
StripePayment Processing
Text180Client Text Routing
TwilioNeon One Text Routing
ZendeskSupport Ticket Management