Service Level Agreement (SLA)
Last updated: April 5, 2026
1. Overview
This Service Level Agreement (“SLA”) applies to all paid VistoShield plans (Pro and Max) and defines the service availability commitments, incident response times, support response times, and service credit policy provided by Vistoweb E.E. (“Vistoweb”, “we”, “us”).
This SLA is a supplement to the Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service. Free plan users are not covered by this SLA.
2. Service Availability
We commit to maintaining 99.9% uptime per calendar month for the VistoShield cloud services, measured across the following components:
- Cloud Dashboard — app.vistoshield.com
- REST API — api.vistoshield.com
Uptime is calculated as the percentage of total minutes in a calendar month during which the Service is available, excluding Scheduled Maintenance and other exclusions listed in Section 7.
Uptime % = ((Total Minutes − Downtime Minutes) / Total Minutes) × 100
3. Monitoring
Service availability is monitored continuously via internal automated health checks executed every 2 minutes from multiple monitoring points. Downtime is recorded when the Service fails to respond to health checks for two consecutive check intervals (4 minutes).
The current status of all VistoShield services is publicly available at vistoshield.com/status. The status page displays real-time availability, recent incidents, and historical uptime data.
4. Incident Response Times
When a service incident occurs, our response and resolution targets are determined by the severity level of the incident:
| Severity | Description | Response Time | Resolution Target |
|---|---|---|---|
| Critical | Service completely down or inaccessible for all users | Within 1 hour | 4 hours |
| High | Significant service degradation affecting a large number of users | Within 4 hours | 12 hours |
| Medium | Partial service impact affecting some users or features | Within 8 hours | 24 hours |
| Low | Minor issue with minimal impact on service functionality | Within 24 hours | 72 hours |
Response time is measured from when we first detect or are notified of an incident to when our engineering team begins actively investigating. Resolution target is measured from first response to when the service is restored to normal operation. Resolution targets are best-effort goals, not guarantees, as some issues may require extended investigation or third-party coordination.
5. Support Response Times
| Plan | Support Channel | Response Time | Notes |
|---|---|---|---|
| Max | Email (priority queue) | 12 hours | Business days (Mon–Fri, 09:00–18:00 EET) |
| Pro | 24 hours | Business days (Mon–Fri, 09:00–18:00 EET) | |
| Free | Community / Documentation | Best effort | No guaranteed response time |
Support requests can be submitted via email to [email protected] or through the dashboard support form. Response times are measured during business hours only (Monday through Friday, 09:00–18:00 Eastern European Time, excluding Greek public holidays).
6. Service Credits
If we fail to meet the 99.9% monthly uptime commitment, eligible paid plan customers may request service credits as follows:
| Monthly Uptime | Service Credit |
|---|---|
| 99.5% – 99.9% | 10% of monthly fee |
| 99.0% – 99.5% | 25% of monthly fee |
| Below 99.0% | 50% of monthly fee |
Credit Terms:
- Service credits must be requested in writing within 30 days of the end of the month in which the downtime occurred, by emailing [email protected].
- Credits are applied to the next billing cycle and are not redeemable for cash.
- The maximum credit for any single month is 50% of the monthly fees for the affected service.
- For annual subscriptions, the monthly fee is calculated as one-twelfth (1/12) of the annual fee.
- Credits are the sole and exclusive remedy for failure to meet the uptime commitment.
7. Exclusions
The following are excluded from uptime calculations and are not eligible for service credits:
- Scheduled maintenance — planned maintenance windows announced at least 48 hours in advance via the status page and/or email notification. We schedule maintenance during low-traffic hours (typically 02:00–06:00 EET) whenever possible.
- Force majeure — events beyond our reasonable control, including natural disasters, acts of war or terrorism, government actions, pandemics, power outages affecting data centers, or widespread internet outages.
- DDoS attacks on customer sites — distributed denial-of-service attacks targeting your WordPress sites (not our infrastructure) are your hosting provider’s responsibility.
- Customer network issues — connectivity problems originating from your internet service provider, local network, or hosting environment.
- Browser compatibility — issues arising from the use of unsupported or outdated browsers.
- Third-party service outages — downtime of third-party services (e.g., Paddle payment processing) that does not affect core VistoShield security functionality.
- Customer-caused issues — service disruptions resulting from actions taken by the customer, including misconfigured plugins or API abuse.
8. Data Backup
- Automated backups: All VistoShield databases are backed up daily with automated processes.
- Backup retention: Backups are retained for 7 days on a rolling basis.
- Backup encryption: All backups are encrypted and stored in a separate location from the primary data.
- Point-in-time recovery: Available on request for Max plan customers. Contact support to arrange recovery from a specific point in time.
- Data export: All plans include self-service data export in JSON format from the dashboard at any time.
9. Security Commitments
- Regular security audits: We conduct periodic security assessments of our infrastructure and application code.
- Responsible disclosure: We maintain a responsible disclosure program for security researchers who identify vulnerabilities in our service. Contact [email protected].
- Incident notification: In the event of a personal data breach, we will notify affected customers within 72 hours as required by GDPR Article 33, including the nature of the breach, likely consequences, and measures taken.
- Infrastructure security: All data is hosted on ISO 27001 and SOC 2 certified infrastructure (Hetzner Cloud, Germany) with encryption in transit (TLS 1.2+) and at rest.
10. Changes to This SLA
We may update this SLA from time to time. Material changes will be communicated to paid plan customers via email at least 30 days before they take effect. The updated SLA will also be posted on this page with a revised “Last updated” date.
Continued use of the Service after changes take effect constitutes acceptance of the updated SLA. If you do not agree with the changes, you may cancel your subscription before the changes take effect.
11. Contact
For questions about this SLA, service credits, or to report a service incident:
- Email: [email protected]
- Status page: vistoshield.com/status
- Phone: +30 210 300 5000
Vistoweb E.E.
235 El. Venizelou Ave., P. Faliro 17563
Suite B9, 2nd Floor
Athens, Greece