Effective date: 1 February 2026
This policy (the "Service Level Policy") describes Etain's standard service availability, support practices, and baseline security measures for SMB customers and does not constitute a service level agreement or guarantee unless expressly agreed in an Order Form.
This Service Legal Policy shall apply for Customers without a Service Level Agreement. For Customers with a Service Level Agreement, the Service Level Agreement shall fully replace this Service Level Policy. Whether a Service Level Agreement applies or not is defined in the applicable Order Forms.
Unless otherwise specified, this Service Level Policy shall be deemed an integrated part of the and the Customer Terms, as well as Etain's standard data processing agreement (the "Etain DPA").
In the event of inconsistency between the Applicable Terms and this Service Level Policy, the Applicable Terms shall take precedence.
The agreement between Etain and the Customer (the "Agreement") consists of:
In the event of any conflict or inconsistency, the following order of precedence applies (highest priority first):
Etain shall use commercially reasonable efforts to make the Service available for the Customer and all Users in material conformity with the Customer Terms. For the avoidance of doubt, this Service Level Policy does not constitute a guarantee of uninterrupted or error-free operation.
Customer acknowledges that the Service is intended as a productivity and knowledge tool and not as a system of record unless expressly stated otherwise.
Availability shall be defined without regard to downtime or degradation that is due to any of the following ("Exceptions"):
(i) misuse of the Services by the Customer or a User,
(ii) failure of internet connectivity,
(iii) the Customer's failure to meet any minimum hardware or software requirements as defined by Etain to access or use the Services,
(iv) force majeure events,
(v) data corruption due to user errors,
(vi) compromise of Customer's or a User's credentials;
(vii) use of beta, preview, or experimental features;
(viii) failures caused by Customer- or User-configured integrations or third-party AI models selected by Customer
(ix) any actions, inactions, or omissions (including but not limited to technical failures) of a third-party provider outside of Etain's reasonable control, or
(x) planned downtime communicated clearly to the Customer a reasonable time in advance of the downtime.
Etain shall use commercially reasonable efforts to respond to and correct any failures of the Service compared to the quality agreed in the Customer Terms (each, an "Error") in accordance with the provisions set out herein, including by providing bug fixes and critical updates to the Service.
Etain will use commercially reasonable efforts to monitor and manage the Service to optimize availability, function and user experience. Such monitoring and management may include, at Etain's sole discretion
(i) proactively monitoring all Service functions,
(ii) if such monitoring identifies, or Etain otherwise becomes aware of, any circumstance that is reasonably likely to threaten the availability of, or quality of performance of, the Service, taking necessary and reasonable remedial measures to eliminate such threat,
(iii) prompt fix of bugs, failures and defaults on the Service if Etain otherwise receives information about such, and / or
(iv) providing to the Customer and its Users updates, bug fixes, enhancements, new releases, new versions and other improvements to the Service in accordance with the Customer Terms.
Fixing Errors is highly prioritized at Etain and known Errors will continuously and proactively be fixed. Etain will use commercially reasonable efforts to address all Errors reported to Etain as soon as practically possible. Etain's maximum response time guidelines are included below.
Etain will, in its sole discretion, classify requests for Error corrections in accordance with the descriptions set forth in the chart below (each an "Error Notice"). The response times below are indicative targets and not guaranteed response or resolution times:
| Error Notice Classification | Description | Etain's Response |
|---|---|---|
| Critical | A critical part of the Service is unavailable or inaccessible other than due to Exceptions, resulting in total disruption of work or critical business impact. Software error that results in the loss of critical documented feature/function for which there is no suitable Workaround. Data is corrupted or lost and must be restored from backup. | Etain will Respond within 12 hours. Response shall include a Workaround or Plan for resolving the Error. Etain shall assign all necessary resources on a priority basis to resolve the issue and work on the issue on a priority basis during reasonable working hours or as otherwise determined by Etain based on severity. |
| Major | The Service is operational but highly degraded performance to the point of major impact on usage. Important features of the Service are unavailable with no acceptable Workaround; however, operations can continue in a restricted fashion. | Etain will respond within 24 hours. Response shall include a Workaround or Plan for resolving the Error. Etain shall address the Error as soon as reasonably possible taking into account the effect of the Error for the user. |
| Minor | The Service is operational but partially degraded for some or all users, and an acceptable Workaround or solution exists. Problem with non-critical feature or functionality. | Etain will respond within 48 hours. Response shall include a Workaround or Plan for resolving the Error within reasonable time. |
If a Service hosted by Etain becomes inoperable, inaccessible, or subject to a material disruption, Etain may switch to an alternate hosting environment, where available, using commercially reasonable efforts.
The Customer shall retain full and exclusive ownership to all right, title, and interest in and to any Customer Data, as defined in the Customer Terms.
Etain may use Customer Data as necessary to provide the Services to the Customer in accordance with the relevant Order Forms and Customer Terms. The Customer may at any time request a copy of all Customer Data stored by Etain.
Etain maintains rolling backups of Customer Data for operational recovery purposes only. Backups are retained for a limited period and are not intended as a substitute for Customer's own data retention or backup policies.
The Customer shall provide Etain at least 20 business days' notice for performing any type of security testing, penetration testing or vulnerability scans of the Service (collectively, "Customer Security Testing") whether such Customer Security Testing is performed directly by the Customer or by a third party.
Etain may reasonably deny or postpone Customer Security Testing that may adversely affect other customers or the security or availability of the Service.
Etain may choose to provide the Customer with a test environment (of a similar configuration of that of Customer's live environment) to perform the penetration test. The Customer agrees to provide the results of such Customer Security Testing to Etain within a reasonable period after completion of the Customer Security Testing, at least in summary format, provided, however, that the Customer shall be under no obligation to share any Confidential Information contained in the test results with Etain.
In addition to the service levels described in this Service Level Policy, Etain may offer additional support services to the Customer, such as user support to the Service or other relevant services provided by Etain or third parties (hereinafter referred to as "Support Services").
Support Services shall be considered add-on services to be governed by separate Order Forms and shall not be subject to the specific requirements set it in this Service Level Policy.
The Service includes artificial intelligence and machine-learning functionality that generates outputs based on patterns, probabilities, and available data. Outputs generated by the Service may be incomplete, inaccurate, outdated, or otherwise incorrect, and should not be relied upon as definitive, authoritative, or error-free.
The Service is intended to assist users with information retrieval, analysis, and productivity and does not replace professional judgment or independent verification. The Customer is solely responsible for reviewing, validating, and determining the suitability of any outputs generated by the Service before relying on them for any business, legal, regulatory, or other decisions.
The Service does not provide legal, financial, regulatory, or other professional advice, and outputs generated by the Service shall not be construed as such.
Subject to the Customer Terms and Etain's data protection obligations, Etain may use Customer Data in an aggregated or anonymized form to operate, maintain, and improve the Service, including its artificial intelligence models, provided that such use does not identify the Customer, its Users or any sensitive information within the Customer Data.
The Service is not intended to function as a system of record unless expressly stated in an applicable Order Form, and Etain does not guarantee the completeness or accuracy of data made available through integrated third-party systems.
Etain shall comply with all Applicable Laws, the Customer Terms, and this Service Level Policy including, without limitation with respect to privacy and personal information.
Without limiting the generality of the foregoing, Etain shall not use Customer Data for any purpose other than performing its obligations towards the Customer except for (i) aggregated or anonymized analytics, (ii) service improvement, and (iii) training, tuning, or improving Etain's models, provided Customer Data is not used to identify the Customer or Users.
Etain shall limit access to and disclosure of Customer Data solely to personnel on a "need to know" basis, i.e., personnel that are essential for Etain to be able to perform its obligations towards the Customer.
Further, Etain shall not sell, license, distribute, make available or otherwise disclose Customer Data or any portion thereof to any third party except to approved subprocessors acting on Etain's behalf under appropriate confidentiality and data protection obligations, or specifically permitted by Customer in its sole discretion, or otherwise expressly required by Applicable Laws or the Applicable Terms.
If Etain is obliged to disclose Customer Data to third parties, including public authorities, Etain shall, if permitted, provide the Customer with an advance written notice to the Customer in order to provide the Customer with the opportunity to object to the disclosure.
The Parties acknowledge and agree that all Customer Data shall be deemed and always remain the Confidential Information of the Customer.
Etain shall implement and maintain a security controls program (the "Security Program") that complies with all Applicable Laws, accepted industry standards, and the Customer Terms to address security and confidentiality concerns, protect against any anticipated or actual threats or hazards to its security or integrity, and prevent unauthorized access, acquisition, destruction, use, modification and/or disclosure thereof.
Additionally, the Security Program shall include security and privacy policies that provides guidance to Etain's personnel ensuring the confidentiality and integrity of Customer's Confidential Information which at least addresses the following:
(i) instructions regarding the steps to take in the event of a compromise or other anomalous event;
(ii) delegation and assignment of responsibilities for security and privacy;
(iii) management oversight for the policy and its deployment;
(iv) means for managing security and privacy within the enterprise;
(v) policies and procedures for data confidentiality and privacy and data protection and access thereto;
(vi) handling of Confidential Information; and
(vii) planning for incident response in the event of a Security Breach or unauthorized disclosure of any Confidential Information.
The Security Program shall include the implementation of administrative, physical and technical safeguards to protect any Customer Data and all Customer's Confidential Information in a way which is consistent with accepted industry practices, and shall take commercially reasonable efforts to ensure that all such safeguards, including, without limitation, the manner in which Personal Information is collected, accessed, used, stored, processed, disposed of and disclosed, whether by Etain or its providers comply with all Applicable Laws, as well as the Applicable Terms.
Etain will provide documentation on the Security Program upon request.
If the Customer Security Manager reasonably identifies gaps in the Security Program, Etain agrees to make commercially reasonable efforts to work with the Customer in good faith to update the Security Program in line with industry-recommended solutions to ensure an adequate level of security.
Etain shall provide the Customer with the name and contact information for an employee of Etain who shall serve as the Customer's primary security contact in resolving obligations associated with a Security Breach.
In the event Etain becomes aware of a Security Breach, Etain shall promptly and without undue delay notify the Customer Security Manager.
Immediately following Etain's notification to the Customer of a Security Breach, the Parties shall coordinate with each other to investigate the Security Breach. Etain shall make commercially reasonable efforts to assist with the Customer's handling of the matter, taking the nature and potential impact of the Security Breach into account.
Except as required by Applicable Laws or supervisory authorities, Etain will not inform any third party of any Security Breach without first obtaining the Customer's prior written consent.
Etain shall conduct penetration testing of the Service at least annually.
Upon the Customer's reasonable request, and subject to confidentiality obligations that may be owed to other customers of Etain, Etain shall make the executive summary from the penetration report available to the Customer for review subject to Etain's reasonable discretion and availability of such reports.
The Customer shall treat such reports as Etain's Confidential Information.
Customer Data may be processed outside the Hosting Location subject to appropriate safeguards in accordance with Applicable Laws and the Etain DPA.
The Customer acknowledges that, under the anticipated use of the Service, the authorized users of the Customer may be located outside of the Hosting Location and may transfer and download content, including Customer Data, to locations outside of the Hosting Location. Notwithstanding anything to the contrary herein, Etain shall not be responsible or liable for any such use of Customer Data.
Unless otherwise defined, capitalized terms in this Service Level Policy shall have the same meaning as defined in the Applicable Terms.
The terms defined in this Service Level Policy are:
| Applicable Law | means any law, statute, rule, regulation, judgment, order or other binding requirement of a governmental body in the jurisdiction of the Customer and / or Etain, |
| Confidential Information | means any and all information about any party, its customers, clients, employees, hired consultants or other stakeholders involved in using or receiving the Services, including, but is not limited to: (a) any information concerning technology, such as systems, source code, databases, hardware, software, programs, applications, engaging protocols, routines, models, displays, and manuals, (b) any unpublished information concerning research activities and plans, customers, clients, shareholders, strategies and plans, costs, operational techniques, (c) any unpublished financial information, including information concerning revenues, profits and profit margins, and costs or expenses; and (d) any other information stored in, transferred through or otherwise made available to either party as a result of Etain's delivery of the Services. Confidential Information is deemed confidential and proprietary to the party disclosing such information regardless of whether such information was disclosed intentionally or unintentionally, or marked appropriately; |
| Customer Security Manager | means a representative designated by the Customer to be Etain's main point of contact with the Customer for security related issues, |
| Customer Security Testing | shall have the meaning set forth in clause 4.5, |
| Customer Terms | means the Customer Terms and Conditions governing the customer relationship between Etain and its Customers; |
| Error | shall have the meaning set forth in clause 4.1, |
| Error Notice | shall have the meaning set forth in clause 4.2, |
| Etain DPA | shall have the meaning set forth in clause 1, |
| Exceptions | shall have the meaning set forth in clause 3, |
| Hosting Location | |
| Personal Information | means personally identifiable information (a) that, when used separately and/or in combination with other information, identifies and/or can be used to identify or authenticate an individual or (b) as otherwise may be defined by Applicable Laws, |
| Plan | means a high-level description of the steps being taken by Etain to resolve the Error, |
| Security Breach | means any act or omission that compromises either the security, confidentiality or integrity of the Customer's Confidential Information, |
| Security Program | shall have the meaning set forth in clause 5.2, |
| Service | shall have the meaning set forth in clause 1, |
| Service Level Policy | shall have the meaning set forth in clause 1, |
| Support Services | shall have the meaning set forth in clause 4.6, and |
| Response | means acknowledgement of receipt and initial assessment, not resolution; |
| Users | shall have the meaning set forth in clause 3, |
| Workaround | means a feasible change in operating procedures whereby an Authorized User can avoid the deleterious effects of an Error without material inconvenience, |