SLA AND SECURITY POLICY
Last Updated: September 2019
This SLA and Security Policy sets forth certain additional service level and security policies applicable to the proprietary cloud-based software-as-a-service platform(s) made available through the Site and/or any Neon One mobile application (each a “Neon One Product” and, collectively, the “Neon One Products”) offered by Neon One, LLC, directly or through any of its affiliated companies including, without limitation, Neon CRM, Rallybound, Arts People, and CiviCore ("Neon One", “we” or “us”) to you, our end-users ("Customer", “you” or “your”). This SLA and Security Policy is subject to the Neon One General Terms of Service made available at www.neonone.com/security (the “Terms of Service”) and forms part of the Agreement between you and Neon One. Capitalized terms that are not defined in this SLA and Security Policy will have the same meaning as in the Terms of Service.
- PERFORMANCE CRITERIA. Neon One uses commercially reasonable efforts designed to ensure that the Neon One Products provide a monthly uptime of 99.9% of the time during the applicable Sales Order Term except for periods of scheduled downtime for routine maintenance and service (the “Uptime Commitment”). Scheduled maintenance shall not exceed eight (8) hours per month and Neon One will make good faith efforts to schedule maintenance during the hours of 9pm - 5am PST. Any period during which the Neon One Products are not reasonably available to Customer or its Authorized Users that falls below the Uptime Commitment will be considered “Downtime” except as specifically described herein. Should Downtime occur, as Customer’s sole and exclusive remedy and Neon One’s sole and exclusive liability, Neon One shall have qualified personnel respond promptly to a report of such unavailability and shall, to the extent reasonably practicable, work continuously to remedy such unavailability. The Uptime Commitment does not apply if Customer or its Authorized Users cannot access or utilize the Neon One Products because of (a) any latency or downtime due to Customer’s or its Authorized Users’ acts or omissions or resulting from the their own Internet Service Provider, (b) acts of unauthorized third parties, (c) scheduled maintenance, (d) third party acts or omissions over which Neon One has no control, (e) a force majeure event (including, without limitation, a distributed denial of service (DDoS) attack); (f) any systemic Internet failures; or (g) any failure or deficiency in the Customer’s or its Authorized Users’ own hardware, software or network connection.
- POST-IMPLEMENTATION SUPPORT SERVICES. Neon One may provide Customer with Support Services as specified in a Sales Order or the support package(s) subsequently purchased by Customer. Support Services will only be provided by Neon One to Customer’s authorized administrators for the Neon One Products. It is the Customer’s sole responsibility to provide primary support to its Authorized Users. Neon One may at its option provide secondary support for Customer’s Authorized Users, and in any such case such secondary support shall be in accordance with a separate agreement agreed to by the Parties (in writing). If, during the course of providing any secondary support to an Authorized User, Neon One determines that the scope of the support sought by such Authorized User is outside of the scope of the Support Services agreed by the Parties, Neon One may cease providing such secondary support and direct such Authorized User to contact Customer for assistance.
- SECURITY. Neon One utilizes Amazon Web Services (“AWS”) for server hosting in connection with the Neon One Products. AWS provides highly secure data centers that use state-of-the art electronic surveillance and multi-factor access control systems. For more information on AWS please go to: https://aws.amazon.com/security/. Neon One will use commercially reasonable efforts to maintain database security for Customer Data in Neon One’s possession or control. Neon One uses SSL technology and Server Digital Certificates to encrypt sensitive data traffic over the Internet. Data replication is over private connections. The database is not directly accessible by IP address from the public Internet. Neon One employs industry standard network security techniques which may include, firewalls, VLAN's and NT/UNIX authentication protocols. Neon One reserves the right, in its sole discretion, to change or modify these procedures at any time for commercially reasonable purposes, but at all times will maintain commercially reasonable database security. Customer shall take all commercially reasonable security precautions to prevent unauthorized or fraudulent use of the Neon One Products and Services by Customer, Customer’s Authorized Users, employees or agents, or any other third party.