This Service Level Agreement ("SLA") describes Cendriix AI's availability commitments, incident response targets, and remedies for Enterprise customers. Where a Master Service Agreement ("MSA") or Order Form conflicts with this SLA, the MSA or Order Form governs.
1. Uptime commitment
Cendriix commits to 99.5% monthly availability for the following production surfaces:
| Surface | Endpoint | SLO |
|---|---|---|
| App | https://app.cendriix.ai | 99.5% |
| API | https://api.cendriix.ai/v1/* | 99.5% |
| Cortex API | https://prism-api.cendriix.ai/api/v1/* | 99.5% |
| Cortex Ask | POST /api/v1/knowledge/ask | 99.5% (p99 < 8 s) |
| GitHub App ingest | /onboarding/github-app install flow | 99.5% (95% complete < 60 min) |
Availability is calculated per rolling 30-day window, excluding scheduled-maintenance windows (notified ≥ 72 hours in advance via status.cendriix.ai) and customer-induced outages.
2. Latency targets
| Endpoint class | p50 | p99 |
|---|---|---|
| Knowledge API reads | 200 ms | 2 s |
| Cortex Atom write | 500 ms | 5 s |
| Ask Cendra end-to-end | 3 s | 8 s |
| Counter sync freshness | 30 s | 60 s |
Latency targets are measured at the load balancer ingress for the applicable region. Model-provider round-trip time is excluded from Cortex Ask latency for the purposes of SLA accounting but is included in the p99 target above.
3. Incident response
| Severity | Definition | First response |
|---|---|---|
| Sev-0 | Production outage, all customers impacted | 5 minutes (24 × 7) |
| Sev-1 | Critical feature degradation, multiple customers | 15 minutes (24 × 7) |
| Sev-2 | Degraded performance, single feature | 1 business hour (24 × 5) |
| Sev-3 | Cosmetic / non-blocking | 1 business day |
Response time is measured from page-alarm trigger to engineer-on-call acknowledgement, as recorded in the incident management system. Customers are notified via the status page and, for Sev-0 and Sev-1, by direct email to the workspace owner within 15 minutes of declaration.
4. Service credits
If monthly availability falls below the committed SLO, the customer may request a service credit:
| Monthly availability | Service credit |
|---|---|
| < 99.5% and ≥ 99.0% | 5% of monthly fee |
| < 99.0% and ≥ 98.0% | 10% of monthly fee |
| < 98.0% | 25% of monthly fee |
Credits must be requested within 30 days of the end of the affected calendar month and are applied to the next monthly invoice. Credits are the sole remedy for availability failures and do not entitle the customer to a cash refund.
5. Status & transparency
- Live status: status.cendriix.ai, per-component health, incident history, and scheduled maintenance windows.
- Incident postmortems: published within 5 business days of resolution for any Sev-0 or Sev-1 incident.
- Monthly SLO reports: available to Enterprise customers on request; email legal@cendriix.ai.
6. Out of scope
The following are excluded from SLA calculations:
- Downstream provider outages.AWS Bedrock, SageMaker, and other model providers have their own SLAs. Cendriix engages AWS Support on the customer's behalf but cannot commit beyond what the downstream provider guarantees.
- Beta features.Features labeled "Beta" or "Preview" carry no SLA.
- Customer-induced outages. Failures caused by customer misconfiguration, rate-limit exhaustion (own quota cap), or API misuse are excluded.
- Sandbox and test tenants. Non-production workspaces carry no uptime commitment.
- Scheduled maintenance. Downtime during pre-announced maintenance windows (≥ 72 hours notice) does not count against availability.
7. Data handling
- Tenant data isolation: enforced at every layer, Postgres row-level security, Neo4j label scoping, S3 prefix isolation, Temporal queue partitioning, and per-tenant KMS customer-managed keys.
- Cross-tenant data leakage is classified Sev-0 and triggers immediate containment, customer notification within 1 hour, and a public postmortem.
- AI action audit log: immutable, append-only, and available to Enterprise customers via
/api/v1/audit. - Data residency: us-east-1 primary; cross-region DR backup to us-west-2. Additional regions on the roadmap, contact sales@cendriix.ai.
- Retention and deletion: customer data is purged within 30 days of workspace deletion, subject to legal holds.
8. Security & compliance
- TLS 1.2+ everywhere; HTTPS-only on all public surfaces.
- AWS WAF v2 + Shield Standard on all public-facing endpoints.
- Cognito-managed authentication; mandatory MFA for all Cendriix staff accounts.
- SOC 2 Type II: audit underway; Type I target Q3 2026; no report issued yet. See security page for current status.
- ISO 27001: targeted Q1 2027; not yet certified.
- HIPAA / FedRAMP: on the roadmap; not yet available. Contact sales@cendriix.ai for enterprise timelines.
- To report a vulnerability, email security@cendriix.ai (PGP key at /security).
9. Contact
- Production incidents: status.cendriix.ai + your account team.
- Sales and SLA questions: sales@cendriix.ai.
- Trust and security: security@cendriix.ai.
- Legal: legal@cendriix.ai.