SLA
Per-tier uptime targets, severity classification, service credits, exclusions, and recovery objectives.
COHESION saves humanity by keeping human judgment alive in the age of AI.
Per-tier uptime commitment
| Tier | Monthly Uptime | Maximum Unavailable Minutes / month | Service Credit cap |
|---|---|---|---|
| Starter | 99.5% | 216 min (~3.6 h) | 50% of monthly fee |
| Audited | 99.9% | 43.2 min | 100% of monthly fee |
| Enterprise | Negotiated (floor: 99.9%) | varies | 100% (floor) |
Uptime is measured as the edge success rate of GET /v1, excluding client-initiated 4xx errors, via independent external synthetic monitoring (BetterUptime monitor 4356034, 180-second probes from four global regions, two-consecutive-failure threshold, detection budget ~6–9 minutes). The status page at status.cohesionauth.com is the system of record. Following a redeploy of the internal monitoring worker, the internal path may take up to 30 minutes to begin firing; during that window, the external path governs alone (full terms in the per-tier MSA SLA clause).
Roadmap (informational, not contractual). A 99.95% Enterprise tier is on the roadmap conditional on multi-region active-active database support. Customers who require a higher commitment in writing should reach out to discuss enterprise terms.
Severity classification
| Sev | Definition | Initial response |
|---|---|---|
| S1 | API returning 5xx for >1% of traffic, OR auth failing globally, OR known security compromise | 15 minutes; status-page update within 15 min; customer email within 30 min |
| S2 | Significant latency regression sustained 5+ min, OR partial endpoint outage | 60 minutes; status-page update within 30 min |
| S3 | Non-blocking issue, single-customer issue, dashboard cosmetic issue | 1 business day |
The severity definitions and response targets here mirror the incident response page; the controlling document for severity is the per-tier MSA SLA clause matched to your subscription tier.
Latency
Targets per endpoint in performance. Edge-to-edge.
Service credits — Starter (99.5%)
If the Monthly Uptime Percentage falls below 99.5% in a calendar month, Starter customers are entitled to a Service Credit applied against the next invoice:
| Monthly uptime achieved | Service Credit |
|---|---|
| ≥ 99.5% | 0% (no credit due) |
< 99.5% and >= 99.0% | up to 10% of fees for the affected month |
< 99.0% and >= 95.0% | up to 25% of fees for the affected month |
< 95.0% | up to 50% of fees for the affected month |
Cap. Service Credits for Starter are capped at 50% of the affected month’s fees and are the Customer’s sole and exclusive remedy.
Service credits — Audited (99.9%)
If the Monthly Uptime Percentage falls below 99.9% in a calendar month, Audited customers are entitled to a Service Credit applied against the next invoice:
| Monthly uptime achieved | Service Credit |
|---|---|
| ≥ 99.9% | 0% (no credit due) |
< 99.9% and >= 99.0% | up to 25% of fees for the affected month |
< 99.0% and >= 95.0% | up to 50% of fees for the affected month |
< 95.0% | up to 100% of fees for the affected month |
Cap. Service Credits for Audited are capped at 100% of the affected month’s fees and are the Customer’s sole and exclusive remedy.
Service credits — Enterprise
Service Credits and credit cap are negotiated per Enterprise MSA. The floor is the Audited ladder (above) with a 100% cap.
Claim procedure (all tiers)
Credit requests must be filed within 30 days of the affected month, per the procedure in the per-tier MSA SLA clause. The MSA SLA clause is the controlling document for service-credit calculation, claim procedure, and any dispute. This page is informational.
Exclusions
Excluded from monthly uptime calculations (all tiers):
- Scheduled maintenance with at least 7 days’ prior written notice via the status page or email.
- Force majeure events.
- Customer-initiated 4xx errors (malformed requests, expired or revoked API keys, exceeded rate limits).
- Cloudflare-wide outages where Cloudflare itself has declared an incident.
- Third-party platform outages of services Customer has explicitly opted into (e.g., Sentry, Customer’s own webhook destination).
- Customer-side network connectivity issues between Customer’s environment and COHESION’s edge.
Recovery objectives
Recovery objectives govern recovery from data-loss incidents (separate from the uptime commitment above):
- RPO (Recovery Point Objective): 24 hours or better. Maximum acceptable data loss in a recovery scenario.
- RTO (Recovery Time Objective): 4 hours or better. Maximum time from declared incident to restored read-write service.
The backup architecture, restore procedure, and test cadence are available on request under NDA as part of the trust-and-compliance package; the canonical authority is the MSA.
Reporting
- Status page: status.cohesionauth.com — public, real-time, system of record for incidents.
- Monthly uptime report: delivered to the Customer’s administrative contact within the first 10 business days of each month.
- Quarterly Methodology Annex refresh: Audited tier and above; delivered within the first 10 business days of each calendar quarter.
- Post-mortems: for every S1 incident, published within 5 business days of incident closure (10 business days for incidents arising from a Cloudflare-wide outage), linked from the status-page incident page. Blameless in form.
- Audit-log access: Customer queries its own organization’s audit events via
GET /v1/admin/audit-logper the API reference.
Next step
- Incident response
- Status page
- Pricing — match your subscription tier to the per-tier credit cap above.