Service Level Agreement

This Service Level Agreement (“SLA”) sets out the availability target, support-response framework, incident-communication approach, and potential service credits for certain CanarHost Cloud (“CanarHost”, “we”, “us”, “our”) services.

This SLA must be read together with the Terms of Service, the applicable service description, order details, support scope, refund policy, privacy policy, and any written commercial confirmation. If a signed enterprise agreement, custom order form, or negotiated support schedule expressly overrides this SLA, that specific document will prevail for the covered service.

Nothing in this SLA limits any right that cannot lawfully be excluded or restricted under mandatory Spanish or EU law, including mandatory consumer rights where applicable.

1. Scope of this SLA

This SLA applies only to paid CanarHost services for which we expressly state that an uptime or support commitment is offered.

Unless we expressly agree otherwise in writing, this SLA does not apply to:

• domain registration, transfer, renewal, redemption, DNS propagation, or registry and registrar workflows;
• third-party software, plugins, themes, control panels, or customer-installed applications not managed by CanarHost;
• email delivery across third-party networks, spam filtering decisions, recipient-server acceptance, blocklists, or mailbox-provider decisions;
• beta, trial, free, preview, promotional, or evaluation services;
• one-off work such as migrations, consulting, restore work, forensics, emergency remediation, or custom engineering;
• customer-side configuration, code, scripts, integrations, or security incidents originating outside CanarHost’s managed environment;
• events arising from suspension, restriction, or emergency actions lawfully taken to protect the platform, customers, data, or third parties.

2. Availability target

For covered services, CanarHost targets 99.95% monthly availability for the core service layer described in the applicable plan or order.

This target is an operational commitment, not a guarantee of uninterrupted or error-free service. Hosting and cloud services remain subject to maintenance, software defects, malicious activity, Internet conditions, upstream dependencies, and other technical risks.

3. How availability is measured

For the purpose of this SLA:

• Monthly Availability (%) = (Total minutes in the relevant calendar month - Unavailable Minutes) / Total minutes in the relevant calendar month x 100.
• Unavailable Minutes means whole minutes in which the covered service cannot be reached or used for its core intended function due to a fault attributable to CanarHost’s covered platform layer.

Availability is assessed by CanarHost using a reasonable combination of internal logs, platform telemetry, incident records, and external monitoring where available. CanarHost’s records will govern absent manifest error.

Short, isolated, local, or route-specific failures that do not reflect a general service outage may be treated as non-qualifying unless the evidence reasonably shows that the covered service itself was unavailable at the CanarHost platform layer.

4. Events excluded from SLA calculation

The following do not count as Unavailable Minutes for SLA purposes:

• scheduled maintenance notified in advance where reasonably practicable;
• emergency maintenance, urgent patching, incident containment, or security mitigation reasonably required to protect systems, customers, or data;
• suspension, filtering, isolation, throttling, or takedown measures taken under the Terms of Service, Acceptable Use Policy, law, or incident-response procedures;
• force majeure and events outside CanarHost’s reasonable control, including war, terrorism, riot, fire, flood, natural disaster, labor disruption, government action, sanctions, civil or military authority action, or widespread Internet disruption;
• failures attributable to customer code, misconfiguration, insecure credentials, exhausted resources, unsupported software, overuse, quota exhaustion, or unauthorized third-party access to the customer’s environment;
• failures of customer-controlled DNS, registrar, registry, certificate authority, payment, telecommunications, transit, or other third-party systems outside CanarHost’s managed service boundary;
• periods during which the customer declines, delays, or blocks remedial action reasonably requested by CanarHost;
• pre-agreed testing, staging, development, or maintenance windows that are not sold as production-grade availability commitments.

5. Maintenance and operational changes

CanarHost may perform maintenance, patching, upgrades, migrations, scaling, reconfiguration, or security work that affects service availability or performance.

Where reasonably practicable, scheduled maintenance will be announced in advance through an appropriate channel. However, prior notice is not guaranteed where immediate action is reasonably necessary to respond to a security threat, stability issue, legal obligation, or ongoing incident.

6. Incident communication

For material incidents affecting covered services, CanarHost may publish updates through its status workflow or another reasonable communication channel.

Incident communications are provided on a commercially reasonable efforts basis. Update frequency may vary depending on incident severity, available information, operational risk, and the need to avoid disclosing security-sensitive details before containment.

7. Support-response targets

Support-response targets depend on service tier, severity, and the communication channel used. Response targets refer to the time for an initial human review or substantive handling action, not to full diagnosis, workaround, restoration, or final resolution.

Unless a specific service plan or enterprise agreement states otherwise, the following default targets apply for covered hosting incidents reported through approved support channels:

Severity	Typical example	Initial target
Critical	Full production outage affecting the service as a whole, or a severe security event requiring immediate platform action	Within 1 hour
High	Serious degradation with major business impact but no total platform loss	Within 4 hours
Normal	Standard operational issue, partial impairment, or non-urgent service defect	Within 1 business day
Low	Informational request, minor issue, or non-urgent administrative question	Within 2 business days

These are target response times, not guaranteed fix times. Resolution depends on technical complexity, customer cooperation, third-party dependencies, change-control needs, and incident severity.

8. Security and data incidents

CanarHost applies technical and organizational measures designed to provide a level of security appropriate to the risk and to support the ongoing confidentiality, integrity, availability, and resilience of its processing systems and services, consistent with applicable law and the nature of the service.

No hosting provider can lawfully or realistically promise that incidents, vulnerabilities, or personal data breaches will never occur. This SLA therefore does not constitute a warranty of complete invulnerability, zero-loss operation, or uninterrupted availability.

Where a security or personal-data incident occurs:

• CanarHost may take immediate containment measures, including suspension, isolation, blocking, credential resets, routing changes, emergency maintenance, or other protective actions;
• where CanarHost acts as controller for the affected processing, it will assess notification obligations in accordance with applicable data protection law;
• where CanarHost acts as processor or infrastructure provider for a customer’s hosted processing, incident handling and any customer notification obligations will be governed by the applicable customer contract, DPA, and law.

9. Backups and disaster recovery

Unless expressly stated otherwise in the applicable service description, backups, snapshots, and restore points are resilience features, not a guarantee that any specific item of data will always be recoverable, complete, current, or available for restoration within a specific period.

Customers remain responsible for maintaining independent backups of business-critical content and data.

10. Service credits

If CanarHost fails to meet the monthly availability target for a covered service, the affected customer may be eligible for a service credit as follows:

Monthly Availability	Credit
Below 99.95% and at or above 99.0%	5% of the monthly recurring fee for the affected service
Below 99.0% and at or above 95.0%	10% of the monthly recurring fee for the affected service
Below 95.0%	25% of the monthly recurring fee for the affected service

Credits:

• apply only to the monthly recurring fee actually paid for the directly affected service;
• do not apply to setup fees, migration fees, domain fees, licenses, taxes, overages, one-off charges, or third-party pass-through charges;
• are normally applied as an account credit toward future invoices, not as a cash refund, unless CanarHost decides otherwise or mandatory law requires otherwise;
• may not be combined across overlapping incidents in a way that exceeds the monthly recurring fee for the affected service for the relevant month.

11. Conditions for claiming a credit

To request a service credit, the customer must:

• submit the request to support@canarhost.com within 15 calendar days after the end of the affected month;
• identify the relevant service, incident date range, and the basis for the claim in sufficient detail;
• have been current on payment obligations at the time of the incident and at the time of the claim review; and
• have complied in all material respects with the Terms of Service and service-use requirements.

Failure to submit a timely request waives the credit claim for that month, except where mandatory law provides otherwise.

12. Sole remedy for business customers

For customers acting in the course of a trade, business, craft, or profession, the service credits described in this SLA are the sole and exclusive contractual monetary remedy for a qualifying failure to meet the availability target, to the maximum extent permitted by law.

This limitation does not exclude liability that cannot lawfully be excluded, and does not reduce any mandatory right that applies to consumers or other protected parties under Spanish or EU law.

13. Consumer-law carve-out

If a covered service is supplied to a consumer and mandatory Spanish or EU consumer law applies, this SLA will be interpreted consistently with those non-waivable rights.

In particular, nothing in this SLA is intended to exclude or restrict any mandatory statutory remedy relating to non-conformity, failure to supply, or other consumer protection rules that may apply to digital services under applicable law.

14. Changes to this SLA

CanarHost may update this SLA for legal, regulatory, security, operational, or commercial reasons. The version published on the website will show its effective date.

Material changes to existing contractual customers will, where required by law or contract, apply prospectively and be communicated through an appropriate channel.