Service Level Agreement (SLA) – Aleph
This service agreement applies to the operation of an instance of the research platform Aleph between customers and IDIO Daten Import Export UG (limited liability), hereinafter referred to as "us" or "we."
1. Service Description
We exclusively operate an instance of the research platform Aleph for an editorial team or organization, hereinafter referred to as "customer." The services include:
- Provision and operation of server infrastructure
- Ensuring accessibility and smooth functioning of the application
- Conducting backups (see point 6)
- Providing a login system with MFA or integration of an existing OICD system of the customer
The customer is responsible for:
- Managing users and groups
- Security of user accounts
- Importing, curating, and organizing data
Individual written agreements may supplement this service description.
2. Contact and Support
All Aleph servers include written support during the specified support hours. The customer can submit support requests via email to firstname.lastname@example.org or, if agreed upon, in the Slack channel.
In general, customer support requests are not included in the flat rate. Only requests related to system inaccessibility or other technical errors for which we are responsible are covered in the price. Support requests not covered by the provided documentation but necessary for the smooth operation on the customer's side and not exceeding reasonable effort are also covered. All other support services will be billed at individually agreed rates after prior consultation.
3. Monitored Services
The following services are automatically monitored for failures 24/7:
- Web server (accessibility of the Aleph interface)
- Login server
- Outgoing email system
- Server services and databases
- Server load
4. System Failures
The current system status and failures are usually announced on status.investigativedata.io and on the individual status page of the customer. Planned maintenance work will be announced in advance. If such maintenance work falls during critical working hours for the customer, rescheduling can be agreed upon, but there is no entitlement to it.
System failures will be resolved free of charge at any time. In emergencies, the customer can contact the emergency service through the agreed-upon channels. The response time during business hours is typically one hour, but there is no entitlement outside of those hours.
Requests that do not constitute emergencies will be processed only during regular business hours. An emergency is present when the provided server is not accessible.
5. Server Access
For Managed Aleph servers, customers generally do not have root access.
During the contract period, the customer has the right to obtain read access to their data and backups. This must be requested and agreed upon separately. Access is provided via an S3-compatible interface. The customer is responsible for ensuring access security.
Regardless of other access agreements, the customer will receive a complete backup of raw data, including S3-compatible access to the document archive and SQL exports of databases, at the end of the contract.
6. Data Backup
All Managed Aleph servers have a remote backup that includes the document archive, search index (Elasticsearch), and SQL database. All data is backed up daily and retained for a maximum of 30 days. Restoring a backup can be done upon request. The duration of the restoration depends on the amount of data and may take several hours to several days. Restoration in case of data loss on the customer's side (e.g., accidental deletion) incurs a fee.
7. Content and Data
Changes to content and sensitive data uploaded or received by the customer, such as deletions, moves, or transfers, can only be performed upon request via email from a verified customer email address. Tasks that can be done by the customer themselves and are feasible will typically not be performed by support staff.
8. Access Management
The customer will receive one or more administrator accesses to manage access rights for users and groups. Public documentation will be provided by us. The customer is solely responsible for the security of these accounts.
9. Non-Disclosure Agreement
We do not share any data with third parties and do not access customer data unless expressly requested. Upon request, we are willing to sign a separate non-disclosure agreement with the customer. A template will be provided if needed.