Service Level Agreement (SLA) – YepYet POS & Online Ordering

Effective Date: 10/22/2025

Parties: YepYet (the “Provider”) and [Client Legal Name] (the “Customer”)


Definitions
  • Availability/Uptime: Percentage of time the core service is reachable and usable, measured monthly.
  • Core Service: Ordering APIs, POS app, admin dashboard, database, and authentication.
  • Planned Maintenance: Scheduled work notified in advance.
  • Unplanned Outage: An incident causing loss of service not part of Planned Maintenance.
  • Business Hours: Monday–Friday, 09:00–18:00 (Europe/Dublin), excluding Irish public holidays.

3. Service Availability
  • Monthly Uptime Target: 99.9% for Core Service.
  • Measurement: Provider monitoring plus third‑party monitoring. Availability excludes periods defined under Exclusions (Section 10).

4. Incident Severity & Response Targets
Severity LevelDescriptionInitial Response TimeResolution Target
Sev 1 – CriticalFull outage or critical function unavailable; no workaround; materially impacts revenue at multiple sites15 min (24/7)1 hour4 hours
Sev 2 – HighMajor degradation; workaround available; significant impact on operations1 hour (24/7)4 hours2 business days
Sev 3 – MediumPartial loss of non‑critical function; limited impact4 hours (Business Hours)Next business day5 business days
Sev 4 – LowMinor issue, cosmetic/UI, or information request1 business dayAs scheduledNext planned release

Targets are objectives, not guarantees. Provider will keep Customer updated throughout an incident.


5. Support & Escalation
  • Channels: Support portal, email [support@yepyet.com], phone [(01) 905 9353].
  • Hours: Business Hours for general support; Sev 1–2 covered 24/7.
  • Escalation Path: Support Engineer → Duty Manager → Head of Engineering → CTO.
  • Status Updates: On Sev 1: at least every 30 min; Sev 2: every 60 min; others: by agreement.

6. Maintenance Windows & Change Management
  • Planned Maintenance Window: Sundays 02:00–04:00 (Europe/Dublin).
  • Notice: Major changes – 72 hours’ notice; Minor – 24 hours; Emergency – as soon as practicable.
  • Post‑Incident Reviews: For Sev 1 incidents, a written post‑mortem is provided within 5 business days.

7. Backup, DR & Business Continuity
  • Backups: Encrypted daily full backups and 15‑minute incremental backups.
  • Retention: 30 days by default (configurable).
  • RPO (Recovery Point Objective): ≤ 15 minutes.
  • RTO (Recovery Time Objective): ≤ 4 hours for Core Service.
  • Data Location: EU/EEA data residency; secondary failover in EU region.
  • POS Offline Mode: Limited order capture is available during short connectivity issues; card payments require network connectivity or a payment terminal with supported offline mode per the payment processor’s terms (Customer assumes associated risk/fees).

8. Performance & Capacity
  • Designed to handle ≥ 50 orders/minute per tenant with bursts to 200 orders/minute (typical).
  • API rate limits: 600 requests/minute per tenant (adjustable).
  • Real‑time analytics dashboards refresh in near‑real time (up to 1–5 minutes delay).

10. Exclusions

Downtime or degradation will not count against Availability and no credits apply where caused by:

  • Customer’s networks, devices, OS, or browsers; local Wi‑Fi, POS tablets, printers, or routers.
  • Internet, ISP, or telecom provider failures outside Provider’s control.
  • Third‑party services (incl. payment processors, SMS/email gateways, mapping, app stores).
  • Customer configuration errors, unauthorised changes, misuse, or breach of the Agreement.
  • Force majeure: natural disasters, strikes, government action, war, pandemics, DDoS beyond reasonable mitigation.
  • Planned Maintenance within notified windows or emergency changes to address security/threats.
  • Beta features or trial environments.

11. Security & Compliance
  • Provider maintains appropriate technical and organisational measures (encryption in transit/at rest, RBAC/least privilege, MFA for admin access, monitoring/logging, vulnerability management).
  • GDPR compliance is addressed under the Data Processing Agreement (DPA).
  • Cardholder data is handled by third‑party payment processors; YepYet does not store card PAN or CVV.

12. Customer Responsibilities
  • Maintain accurate account data, menu content, pricing, and tax settings.
  • Use supported devices and up‑to‑date browsers; apply recommended configurations.
  • Provide stable internet connectivity and an alternative ISP/4G backup (e.g., Three, Vodafone).
  • Manage user access (RBAC), enforce strong passwords/MFA, and secure local hardware.
  • Comply with applicable laws (consumer protection, E‑commerce, GDPR, food labelling/allergens).
  • Ensure lawful use of API and adherence to rate limits.

13. Onboarding, Training & De‑Provisioning
  • Typical onboarding: 2–5 business days after receipt of required information.
  • Training: remote sessions and knowledge base documentation.
  • Data export available in common formats on request; upon termination, data return/deletion per the DPA.
  • De‑support or deprecation of features: ≥ 90 days’ notice where practicable.

14. Reporting & Reviews
  • Monthly availability summary available on request.
  • Quarterly service review meetings available for eligible plans.

15. Changes to SLA

Provider may update this SLA to reflect improvements or changes in law. Material changes will be notified at least 30 days in advance.


16. Term, Precedence & Governing Law
  • This SLA is effective from the date above and continues for the Subscription Term.
  • In case of conflict, the Master Terms & Conditions prevail, then this SLA, then Order Form.
  • Governing law and jurisdiction: Ireland.