Service Level Agreement
99.9% monthly uptime, severity-tiered response targets, and service credits for paid Business and Enterprise plans.
Draft version: 10 May 2026
The short version
We commit to 99.9% monthly uptime for the deny.sh API and managed-vault Service. If we miss that commitment, you are entitled to service credits against your next invoice on a sliding scale, capped at 100% of monthly recurring revenue. P1 incidents get a 30-minute response and a 4-hour restoration target. Scheduled maintenance, force-majeure events, and customer-caused outages do not count against the commitment. This SLA applies to paid Business and Enterprise plans.
1. Definitions
Capitalised terms have the meanings given in the Terms of Service. In addition:
- "Covered Service" means the deny.sh API endpoints and the managed-vault storage available on Business and Enterprise plans. Browser tools (which run entirely client-side and depend only on static asset delivery) are not separately metered for the uptime commitment.
- "Service Period" means a calendar month, calculated in UTC.
- "Monthly Uptime Percentage" means total minutes in a Service Period minus Downtime minutes, divided by total minutes in the Service Period, expressed as a percentage and rounded to two decimal places.
- "Downtime" means a period of one minute or longer during which the Customer is unable to access the Covered Service due to a failure attributable to deny.sh, as confirmed by our internal monitoring or by the public status page at the time. Downtime excludes the items listed in section 7 (Exclusions).
- "Incident" means an unplanned interruption to, or reduction in the quality of, the Covered Service.
- "Severity Tier" means the classification (P1, P2, or P3) assigned to an Incident by our on-call team in accordance with section 4.
- "Service Credit" means a credit issued to the Customer in accordance with section 5, applied against future invoices.
- "MRR" means the recurring monthly subscription fee paid by the Customer for the Covered Service in the Service Period in which the Downtime occurred, excluding usage-based overages, one-off charges, and taxes.
- "Status Page" means the public service status page at status.deny.sh (when published) or, until the public Status Page is published, an internal incident log of equivalent content provided to the Customer on request.
2. Scope and eligibility
This SLA applies to Customers on the paid Business and Enterprise plans. Free, Dev, and Pro plans are provided on a best-effort basis without an uptime commitment or service credits, although our incident response and communication practices apply to those plans as well.
To be eligible for Service Credits, the Customer must:
- Be in compliance with the Terms of Service and not in breach of payment obligations
- Submit a Service Credit request as set out in section 6 within 30 days of the end of the affected Service Period
3. Uptime commitment
We commit to a Monthly Uptime Percentage of 99.9% or greater for the Covered Service in each Service Period. Where the Monthly Uptime Percentage falls below 99.9%, the Customer is entitled to Service Credits in accordance with section 5.
3.1 Measurement methodology
Monthly Uptime Percentage is calculated based on:
- Synthetic monitoring of the public API health endpoint at 60-second intervals from at least three geographically distributed probes
- Real-traffic error-rate analysis from our application metrics, where the public API endpoint sustains an HTTP 5xx error rate above 5% for one minute or longer
- Confirmed managed-vault Read or Write failures attributable to deny.sh infrastructure (not to client error or sub-processor outage outside our control)
The Status Page is the authoritative record of Incidents and Downtime. Where there is a discrepancy between Customer measurements and the Status Page, we will review Customer-supplied evidence (logs, request IDs, timestamps) in good faith before issuing a determination.
4. Severity tiers and response targets
Each Incident is classified by our on-call team into one of the following Severity Tiers. Response and restoration targets are commitments to begin work and to restore Service, not guarantees that an Incident will be resolved within the stated time. Targets are measured from the time the Incident is acknowledged by our on-call team or from the time the Customer raises the Incident in writing, whichever is earlier.
| Tier | Definition | Response | Restoration target | Communication cadence |
|---|---|---|---|---|
| P1 Critical | Complete unavailability of the Covered Service, confirmed data-integrity issue affecting multiple Customers, or active security incident with confirmed Customer impact. | 30 minutes | 4 hours | Status Page update on detection; subsequent updates at least every 60 minutes until resolution. |
| P2 Major | Significant degradation affecting many Customers, sustained elevated error rate on a primary feature, or a single-Customer outage of a paid Business or Enterprise managed-vault. | 2 hours | 24 hours | Status Page update on detection; subsequent updates at least every 4 hours until resolution. |
| P3 Minor | Limited-impact issue, isolated feature regression, cosmetic defect, or non-blocking edge case. | 1 business day | Best-effort, prioritised against the public roadmap | Status Page or release-note entry on resolution. |
"Business day" means Monday to Friday, 09:00 to 18:00 UK time, excluding bank holidays in England and Wales. P1 and P2 response targets apply 24 hours a day, 7 days a week.
5. Service Credits
Where the Monthly Uptime Percentage in any Service Period falls below 99.9% for the Covered Service, the Customer is entitled to a Service Credit calculated as follows:
| Monthly Uptime Percentage | Service Credit (% of MRR) |
|---|---|
| Less than 99.9% but at least 99.0% | 10% |
| Less than 99.0% but at least 95.0% | 25% |
| Less than 95.0% | 100% |
Service Credits are applied as a credit against the Customer's next invoice or, if the Customer has cancelled the subscription, refunded to the original payment method within 30 days of approval. The maximum aggregate Service Credit issued in any Service Period is 100% of the Customer's MRR for that period.
Service Credits are the Customer's sole and exclusive remedy for any failure to meet the uptime commitment in this SLA, except to the extent that liability cannot be limited or excluded under applicable law.
6. Service Credit request process
To claim a Service Credit, the Customer must submit a written request to hello@deny.sh within 30 days of the end of the affected Service Period. The request must include:
- The Customer's account identifier and billing reference
- The dates and times of the claimed Downtime
- Any supporting evidence the Customer wishes us to consider (request IDs, error logs, timestamps, monitoring screenshots)
We will acknowledge the request within 5 business days and will issue a determination within 30 days of receipt. Approved Service Credits will be applied to the next invoice issued to the Customer or, where applicable, refunded as set out in section 5.
7. Exclusions
The following are excluded from the calculation of Downtime and from the uptime commitment in this SLA:
- Scheduled maintenance, where notified to the Customer at least 48 hours in advance via the Status Page or by email, and not exceeding 4 hours in any rolling 30-day period
- Emergency maintenance reasonably required to address a security vulnerability, integrity risk, or critical bug, where we provide notice as far in advance as is reasonably practicable
- Force majeure events, including but not limited to acts of God, war, terrorism, civil disorder, government action, pandemic-related restrictions, internet routing failure outside our control, and large-scale failure of upstream telecommunications infrastructure
- Sub-processor outages attributable to a third party listed in Annex 2 of our Data Processing Agreement, where we have used reasonable measures to mitigate the impact
- Customer-caused issues, including misuse of the Covered Service, exhaustion of the Customer's plan limits, expired payment method, suspended account, application errors in Customer-built code, and use of beta or experimental features explicitly marked as such
- Attack-induced unavailability arising from a denial-of-service attack, credential-stuffing event, or similar abusive traffic, where we have invoked appropriate mitigations
- Network unavailability outside our control, including issues with Customer's local network, internet service provider, or geographic region's connectivity
- Failures caused by changes requested by the Customer or made by the Customer to its own integration outside our supported configurations
- Periods during which the Customer is in material breach of the Terms of Service or in arrears on payment
8. Maintenance windows
Where scheduled maintenance is required, we will notify the Customer at least 48 hours in advance via the Status Page or by email. Where reasonably practicable, scheduled maintenance will be performed in the following preferred window:
- Sunday, 03:00 to 05:00 UTC
Emergency maintenance may be performed outside this window where necessary to protect the security or integrity of the Covered Service.
9. Communication
We communicate Incident status through the following channels:
- Status Page: real-time Incident updates and historical record at status.deny.sh (when published) or by request to hello@deny.sh until the public Status Page is available
- Email notifications: P1 and P2 Incidents are notified by email to the Customer's primary billing contact and any additional contacts the Customer has nominated
- Support email: hello@deny.sh for Incident reports, Service Credit requests, and SLA-related queries
For Enterprise plans, we provide a named technical contact and a private incident channel where agreed in writing.
10. Reporting and post-incident reviews
For every P1 Incident, we will publish a post-incident review within 14 days of resolution, including a description of the Incident, root cause where known, customer impact, and remedial actions taken. For P2 Incidents that materially affect a Customer's use of the Covered Service, a post-incident review will be provided to the affected Customer on request.
11. Changes to this SLA
We may update this SLA from time to time. Material changes that reduce the level of service committed to existing paying Customers will be notified at least 60 days in advance and will not take effect during the Customer's then-current paid term. Non-material changes (clarifications, contact updates, sub-processor list updates) may be made on the published effective date.
12. Term and termination
This SLA takes effect on the date the Customer's paid Business or Enterprise subscription begins, and continues for the duration of that subscription. On termination of the subscription, sections that by their nature should survive (including section 5 (Service Credits) and section 6 (request process) for any open eligible claim, and section 13 (limitation)) will survive.
13. Limitation
Service Credits are the sole and exclusive remedy for any failure to meet the uptime commitment in this SLA, except to the extent that liability cannot be limited or excluded under applicable law. Each party's liability arising under or in connection with this SLA is otherwise subject to the limitations and exclusions of liability set out in the Terms of Service.
14. Order of precedence
If there is any conflict between this SLA and the Terms of Service, this SLA prevails for matters relating to uptime, severity classification, Service Credits, and Incident response. Where the Customer has executed a separate written agreement with us covering Service levels, that separate agreement prevails over this SLA in the event of conflict.
15. Governing law
This SLA is governed by and construed in accordance with the laws of England and Wales. Disputes arising under or in connection with this SLA are subject to the exclusive jurisdiction of the courts of England and Wales.
16. Contact
Treehouse in Valhalla Ltd
Company No. 15770209
Registered in England and Wales
Email: hello@deny.sh