Localist shall host and maintain the Service on its servers. The Service will maintain an average availability of no less than 99.9%, calculated monthly, excluding downtime caused by:
(i) scheduled maintenance performed between the hours of 12:00 AM and 6:00 AM Eastern time
(ii) emergency maintenance
(iii) force majeure
(iv) any other events beyond Localist's reasonable control (e.g. ISP outage)
Downtime is any time in which a computer on the global Internet is unable to connect to the Localist production environment, log into the application, access application data or file attachments or execute reporting jobs due to unavailability of the Service.
All disruptions in service will be communicated to customers via Localist's status page, accessible at http://status.localist.com.
Service to Localist Service or infrastructure that is announced at least ten business days in advance. Localist may periodically perform server maintenance between 12:00 AM (midnight) and 6:00 AM Eastern ("Maintenance Window"). While downtime is not typically associated with this maintenance, an involved upgrade may render the platform inaccessible.
"Software Error" is defined as an HTTP return status code between 500-599. In the event that software errors are experienced, the Licensee must submit a report to firstname.lastname@example.org which includes the time the error was experienced, any URLs or screenshots of the error, and any steps to reproduce the error.
Administrative support shall be provided by both email and telephone from Monday to Friday, 9:00am to 6:00PM EST ("Business Hours"). Should support be required outside of Business Hours for non-mission-critical issues, support will be provided at Licensee's expense. Licensee is solely responsible for providing support to its Users.
Localist shall keep offsite back-ups of Licensee's data. Restoration of Licensee's data due to the fault of Licensee will be at Licensee's expense and if due to the fault of Localist, at Localist's expense.
Supported Licensee Content can be retrieved at any time at Licensee's discretion using the Localist API.
Localist commits to one week of data retention. At this time, all Licensee data is retained indefinitely, as space allows for it.
Should Licensee wish to discontinue service, and Licensee's current term is not expired, Localist will remove access to Licensee's platform on the determined expiration date and provide a dump file of Licensee's Event, Place, Groups, and taxonomy information.
We have a globally distributed infrastructure and security team on-call 24/7. Our team is constantly monitoring security notifications from all 3rd party software libraries and if identified, we immediately apply any relevant security patches as soon as they are released. Our engineers work together with the product teams to ensure that all Localist code and infrastructure follows a secure development lifecycle process.
Our application and data infrastructure is designed with redundancy, fault tolerance and disaster recovery at the forefront, our services are distributed across three separate availability zones (data centers). All infrastructure production access is restricted to operations support staff only. This allows us to leverage complete firewall protection, private IP addresses, and other security features.
We design all services with high availability in mind. In order to achieve our uptime goal, we follow a number of engineering best practices:
Immutable infrastructure - We don’t make changes to live code or running servers in production. Where applicable, we treat both our software and our infrastructure configuration as code. Which means all changes go through a formal code review, automated testing and automated deployment process.
Continuous integration and delivery - We are using continuous integration and deployment automation and configuration management tools to build, test and deploy code multiple times a day.
Incident response - Our dedicated infrastructure and security team is on a rotating on-call schedule to respond to any security or availability incidents immediately.
Security audits - Every year we have an independent security firm execute a white-box penetration test audit across our system and code base.Any uncovered vulnerability is prioritized, resolved and deployed as soon as possible following discovery.