Prova SLA template
Status: contract-ready Markdown. Use this as the basis of any Service Level Agreement attached to an Enterprise contract. Numbers below mirror the public commitments at /status. Replace
{CUSTOMER}/{EFFECTIVE_DATE}/{REGION}placeholders before sending.
This Service Level Agreement (SLA) is incorporated into and forms part
of the agreement between Prova, by Cobound ("Prova") and {CUSTOMER}
("Customer"), effective {EFFECTIVE_DATE}. This SLA applies only to
the production Prova platform at https://api.prova.cobound.dev and
the dashboard at https://prova.cobound.dev in {REGION}.
1. Service commitments
Prova will use commercially reasonable efforts to make the platform available with the following performance targets, measured monthly.
| Target | Commitment |
|---|---|
| Platform availability | 99.9% per calendar month |
POST /api/v1/audit/ingest p95 latency | 250 ms |
POST /api/v1/gateway/check p95 latency | 200 ms |
| Receipt signature integrity | 100%. Every receipt the API returns is signed with Prova's published Ed25519 key. Verification instructions at /docs/verify-independently. |
Availability is computed as (total_minutes - downtime_minutes) / total_minutes for the calendar month, rounded to two decimal places.
"Downtime" means a sustained period of more than 5 consecutive minutes
in which the platform returns 5xx errors for more than 50% of valid
requests, as measured by Prova's status-page infrastructure.
Latency is computed as the 95th-percentile response time over all valid requests in the month, excluding requests that exceeded their applicable rate limit (429 responses).
2. Exclusions
The following do not count toward downtime or latency calculations:
- Scheduled maintenance windows announced at least 48 hours in advance via the status page.
- Outages caused by factors outside Prova's reasonable control, including third-party infrastructure (the upstream cloud provider, the customer's network, DNS), customer-side misconfiguration, or attacks intended to disrupt service.
- Requests rejected for valid policy or detector reasons (HTTP 200
with
action: block, HTTP 422 for malformed payloads, HTTP 401/403 for auth failures). - Periods during which Customer has exceeded its plan's request budget or has unpaid invoices outstanding more than 30 days past due.
3. Service credits
If Prova fails to meet the availability commitment in any calendar month, Customer is entitled to a service credit calculated as a percentage of the monthly fee for the affected production deployment:
| Monthly availability | Service credit |
|---|---|
| Less than 99.9% and at least 99.0% | 10% |
| Less than 99.0% and at least 95.0% | 25% |
| Less than 95.0% | 50% |
Credits are the sole and exclusive remedy for any failure to meet the availability commitment.
To claim a credit, Customer must submit a written request to
support@cobound.dev within 30 days of the end of the calendar month
in which the failure occurred. The request must include the dates and
times of unavailability, request IDs or evidence sufficient for Prova
to verify the claim, and the affected production deployment.
4. Status page and incident communication
Prova publishes a live status page at https://prova.cobound.dev/status
with current availability and latency posture. During incidents Prova
will post initial acknowledgement within 30 minutes and follow-up
updates at least every 60 minutes until resolution.
Severity 1 incidents (platform-wide outage, signing-key compromise, data exposure) trigger direct notification to the Customer's designated technical contact within 2 hours of confirmation.
5. Data residency
The production deployment is hosted in {REGION}. Prova will not move
Customer data out of {REGION} without 30 days written notice and the
Customer's option to terminate without penalty.
For air-gapped or self-hosted deployments, see the deploy bundle at
https://github.com/cobound/prova-deploy and the accompanying SLA
addendum.
6. Security and audit
Prova does not yet maintain a SOC 2 report; a SOC 2 Type 1 audit is planned. Prova will support reasonable Customer audit requests, scheduled with at least 30 days notice, no more than once per 12-month period, conducted under a mutually agreed audit protocol.
For the procurement security questionnaire, see
docs/security/security-questionnaire.md in the Prova trust bundle.
7. Term and termination
This SLA is effective for the duration of the underlying agreement. On termination of the underlying agreement, Customer's right to claim credits ends, but Prova will honor any previously approved credit on the final invoice.
8. Changes
Prova may modify this SLA on 60 days written notice. Changes that materially reduce the commitments above will give Customer the right to terminate the underlying agreement without penalty during the notice period.
Prova, by Cobound · support@cobound.dev · https://prova.cobound.dev/status