suPlayPoll

Service Level Agreement

Effective: April 2026 · Last reviewed: April 2026

This Service Level Agreement (“SLA”) applies to paid, business-to-business subscriptions of the suPlayPoll service operated by suPlay B.V., Ruwerstraat 9, 7545 SM Enschede, The Netherlands. It supplements our Terms of Service. Service credits under this SLA are available exclusively to customers on Professional and Enterprise tiers with a signed Data Processing Agreement and an account in good standing (no past-due invoices). Free and Academic tiers use the service as-is on a best-effort basis. Consumer rights under mandatory EU consumer-protection law are unaffected by this SLA.

Sole and exclusive remedy.The service credits described in §4 are the customer’s sole and exclusive financial remedy for any unavailability or missed performance target under this SLA, save for liability that cannot be excluded under mandatory law.

1. Service Definition

“Service” means the suPlayPoll web application available at poll.suplay.nl, including its presenter admin, participant join flow, live-feed, presenter embeds, and REST/Socket.io APIs. The SLA does not cover, and service credits do not accrue for, any of the following:

  • Failures of the customer’s own networks, browsers, devices, firewalls, VPN/proxy, or access credentials.
  • Failures attributable to a third-party subprocessor listed on our Subprocessors page, or to any other third party outside suPlay B.V.’s reasonable control.
  • Distributed denial-of-service attacks, volumetric attacks, and any mitigation traffic-shaping applied in response.
  • DNS propagation, routing-protocol (BGP), certificate-authority, or public-internet transit issues not originating from our infrastructure.
  • Force-majeure events, including but not limited to natural disasters, labour disputes, governmental or regulatory actions, war, terrorism, and pandemics.
  • Beta features, experimental endpoints, or features explicitly flagged as “preview” or “best-effort”.
  • Abuse of rate limits or any breach of the Acceptable Use policy.
  • Scheduled maintenance windows announced under §3, including emergency maintenance required to address a security vulnerability with a best-effort notice shorter than 72 hours.
  • Individual incidents of unavailability shorter than 10 consecutive minutes, which are considered transient and do not count toward downtime calculations.
  • Downtime during periods in which the customer’s account is suspended, past-due on payment, or otherwise not in good standing.
  • Failures where the customer has not provided reasonable cooperation to diagnose or remediate the incident on request.

2. Uptime Target

99.5 % monthly availability, measured as the percentage of one-minute intervals per calendar month during which the Service’s /api/health endpoint returns a healthy response from at least two EU probe locations, excluding time spent in announced maintenance windows.

suPlayPoll runs on a single Netherlands-based VPS. 99.5 % is the honest ceiling for that topology; we do not advertise four or five nines. Customers requiring higher guarantees can request a commercial upgrade to a hot-standby or multi-region setup — email info@suplay.nl.

3. Scheduled Maintenance

  • Standard window: Sunday 02:00–04:00 CET, up to two hours per window.
  • Announced at least 72 hours in advance via email.
  • At most two windows per calendar month.
  • Emergency security patches may be applied outside this window with best-effort notice.

4. Service Credits

If measured uptime in a calendar month falls below target, and all eligibility requirements below are met, the customer may claim a service credit against the next month’s subscription fee.

Monthly uptimeCredit
< 99.5 %10 % of the monthly fee for the affected month
< 99.0 %25 %
< 98.0 %50 %
< 95.0 %100 %

Caps: monthly credit is capped at 100 % of one month’s subscription fee; aggregate credits in any rolling twelve-month period are capped at two months’ subscription fees. Credits do not accumulate, cannot be converted to cash, are not transferable, and expire at the end of the subscription.

How to claim: email info@suplay.nl within 15 days of the end of the calendar month in question. The claim must include:

  • Customer account identifier and the month concerned.
  • Timestamps (UTC) of the outage(s) relied on.
  • Evidence of unavailability — either the customer’s own synthetic-probe logs or a reasonable substitute.
  • A statement that the customer’s account is in good standing.

Claims submitted after the 15-day window, without the required evidence, or during a period in which the customer is past-due on payment, are not eligible. suPlay B.V. may reconcile claims against its own monitoring records; in case of discrepancy, our records prevail unless the customer’s logs clearly demonstrate otherwise. Approved credits are applied as a deduction on the next invoice.

5. Support Response Targets

Professional and Enterprise customers can open support tickets by email to info@suplay.nl. First-response targets apply during CET business hours (Mon–Fri, 09:00–18:00).

SeverityDescriptionFirst responseTarget workaround
P1Service unavailable or unusable for all users1 hour4 hours
P2Major feature unavailable or degraded4 hours2 business days
P3Minor bug or question2 business daysBest-effort

6. Backups, Recovery, Data Portability

  • Backup frequency: a full PostgreSQL dump is taken every 24 hours at 02:00 CET. Backups are encrypted at rest and stored off-site in an EU region.
  • Retention: 30 rolling daily backups, 12 rolling monthly backups.
  • RPO (Recovery Point Objective): 24 hours.
  • RTO (Recovery Time Objective): 8 hours from confirmed disaster to restored service on a clean environment.
  • Data export: customers may export their own data at any time via GET /api/account/export or by emailing privacy@suplay.nl.

7. Security

See our Security Summary for the full list of technical and organisational measures. Minimum commitments under this SLA:

  • TLS 1.2 or higher for all external traffic; HSTS enforced.
  • bcrypt password hashing (cost factor 12) and SHA-256 token hashing at rest.
  • Rate limiting on all authentication and rate-sensitive endpoints.
  • Application runs as an unprivileged system user, not root.
  • Dependency updates reviewed at least monthly.
  • Admin access is audit-logged; 2FA available for Enterprise admin accounts.

8. Breach Notification

If we become aware of a personal-data breach affecting customer data, we will notify the customer’s primary contact in writing within 72 hours of confirmation, in accordance with Art. 33 GDPR. The notice will include the nature of the breach, data categories affected, likely consequences, and remediation steps.

9. Subprocessor Changes

We will notify customers with a signed DPA at least 30 days in advance of adding or replacing any subprocessor. The customer may object within that period; if the objection cannot be resolved, either party may terminate the affected subscription pro-rata.

10. Termination and Data Return

  • On termination, the customer may export their data via the self-service endpoint or an email request for 30 days.
  • After that 30-day window, all customer data is permanently deleted within 90 days, including from backups on their next rotation.

11. Customer obligations

The customer agrees to:

  • Nominate a single primary contact for SLA-related communications and keep that contact current.
  • Provide reasonable cooperation to diagnose and reproduce incidents, including access to browser console output, HAR captures, and affected user IDs when lawful.
  • Apply recommended mitigations (browser upgrades, credential rotations, rate-limit compliance) within a reasonable period once notified.
  • Keep the account in good standing (no past-due invoices) throughout the period for which credits are claimed.

Failure to meet these obligations may disqualify a claim in full or in part.

12. Changes to this SLA

suPlay B.V. may amend this SLA from time to time. Non-material changes (clarifications, corrections, additions that improve service) take effect on publication. Material adverse changes take effect no sooner than 30 daysafter notice by email to the customer’s primary contact. If the customer reasonably objects within that 30-day window and the parties cannot resolve the objection, the customer may terminate the affected subscription on a pro-rata basis; continued use of the Service after the effective date constitutes acceptance.

13. Contact

Operational, support, or legal questions: info@suplay.nl
Privacy / data-subject requests: privacy@suplay.nl