for the use of the faktoora SaaS platform
Last updated: 10.11.2024
Contents
INTRODUCTION 2
SCOPE 2
DEFINITIONS 2
PLATFORM AVAILABILITY 2
SUPPORT SERVICES 3
CONTACT OPTIONS 3
DATA SECURITY AND COMPLIANCE 3
MAINTENANCE AND UPDATES 4
SECURITY INCIDENTS (INCIDENT MANAGEMENT) 4
SUPPLEMENTARY NOTES 4
VALIDITY AND AMENDMENTS 4
Introduction
This Service Level Agreement (SLA) defines the service quality, security guarantees, and operational measures provided by faktoora for its SaaS platform. It complements the Data Processing Agreement (DPA) in accordance with Article 28 GDPR, which regulates the legal requirements for processing personal data.
The SLA is binding for paying customers and does not apply to free plans or users.
Scope
This SLA applies to the following areas:
• Platform availability: Guaranteed uptime, maintenance windows, and potential compensation mechanisms.
• Support services: Contact options, response times, and resolution times.
• Security measures: Encryption, backups, and ISO certification.
• Compliance: Fulfillment of GoBD and GDPR requirements.
• Incident management: Handling of security incidents.
The provisions of this SLA apply only to services provided directly by faktoora. Third-party or external software is not covered by this SLA.
Definitions
The following terms have the meanings assigned to them in this SLA. Terms not defined here should be understood in their general context or according to the General Data Protection Regulation (GDPR).
• Availability: The percentage of time within a month that the platform functions properly without full outages.
• Downtime: Periods when the platform is unavailable to the customer, excluding scheduled maintenance or force majeure events.
• Scheduled maintenance: Periods when the platform is intentionally shut down or restricted for updates or maintenance.
• Response time: The time between the customer reporting an issue and faktoora’s initial response.
• Resolution time: The time between the customer reporting an issue and its resolution.
• Backups: Regular data copies made to restore lost or damaged data.
• GoBD: Guidelines for the proper management and storage of books, records, and documents in electronic form and data access in Germany.
• Incident: A security breach or operational disruption that affects the platform or data security.
• TLS encryption: Transport Layer Security, a standard protocol for secure data transmission over the internet.
• LUKS encryption: Linux Unified Key Setup, an encryption standard for securely storing data (“at rest”).
Platform Availability
faktoora strives to maintain the agreed availability. Should this not be achieved, an appropriate solution will be determined in consultation with the customer.
Support Services
faktoora provides professional assistance to customers for technical or functional issues.
Contact Options
• Email: support@faktoora.com
• Phone: +49 (0) 621 490 785 91
• Business hours: Monday to Friday, 9:00 AM to 5:00 PM CET (excluding German public holidays).
Response and Resolution Times
Support requests are prioritized as follows:
Priority Description Response Time Resolution Time
A (Critical) Platform unavailable or core functions fully disrupted. 4 hours 24 hours
B (High) Functionality impairments with significant business impact. 24 hours 72 hours
C (Low) Minor issues with no business impact. 48 hours Best effort
Data Security and Compliance
Encryption
• Data “at rest” is encrypted using LUKS.
• Communication is secured using TLS (Transport Layer Security).
Backups
• Daily full backups with a retention period of 30 days.
• Data recovery within 24 hours in case of data loss.
Redundancy and Business Continuity
• Redundant systems ensure high availability.
• faktoora has a Business Continuity Plan activated in case of a failure.
Certifications
• The platform operates in an ISO 27001-certified data center located in Germany.
GoBD Compliance
faktoora meets GoBD requirements:
• Revisions-proof storage of all data.
• Logging of changes and access.
• GoBD-compliant data export available at any time.
Maintenance and Updates
Maintenance Windows
• Monday to Friday: 4:00 PM to 6:00 PM CET.
• Saturday: All day.
Announcement
Maintenance work is announced at least 24 hours in advance.
Updates
• Regular updates to introduce new features and security improvements.
• Emergency updates are applied without prior notice.
Security Incidents (Incident Management)
Notification
In the event of a security incident, customers are informed within 24 hours.
Measures
• Investigation and resolution of the incident.
• Creation of a final report for the customer.
Supplementary Notes
This SLA complements the DPA and governs only operational and technical aspects of the service. Data protection regulations, such as instructions and the rights of data subjects, are solely defined in the DPA.
Validity and Amendments
This SLA is valid for the duration of the main contractual relationship.
faktoora reserves the right to amend the SLA with a 30-day notice period. Changes will be communicated via email or directly on the platform.