Policies and Commitments

(including Security Commitments and Service Level Agreements)

Purpose

This Policy consolidates CleanStart's key commitments regarding the security, availability, and reliability of its products and services. It supplements the Master Services Agreement and forms the foundation of CleanStart's contractual obligations to its customers, alongside the Service Level Agreement (“SLA”) and related supporting documents.

Security Commitments

CleanStart is committed to maintaining the confidentiality, integrity, and availability of customer data and to implementing industry-standard security practices across its operations. Security measures include continuous vulnerability scanning, patch management, access controls, encryption of data at rest and in transit, and incident response protocols. These commitments are reinforced by the Vulnerability Management and Remediation SLA, which defines strict timelines for addressing vulnerabilities classified under the Common Vulnerability Scoring System (CVSS).

Availability and Performance Commitments

CleanStart guarantees high levels of availability for its image registry and related services, with commitments of 99.9% uptime for registry services and 99.95% uptime for image pull availability, measured monthly. In addition, CleanStart ensures timely support response based on priority levels, ranging from a two-hour response time for critical issues to an eight-business-hour response for medium or low-priority issues.

Transparency and Reporting

CleanStart provides ongoing transparency into its security posture and service performance. Customers receive monthly vulnerability reports, proactive notifications of critical and high-severity issues, and access to a public security dashboard that displays current vulnerability status for generally available images. CleanStart also commits to documenting any exceptions or exclusions to remediation and reviewing its security posture annually to incorporate industry best practices.

Customer Responsibilities

CleanStart's ability to deliver on these commitments depends on the active cooperation of its customers. Customers are responsible for submitting accurate and complete support requests, designating primary points of contact, and responding promptly to CleanStart's security communications. Customers must also ensure that their use of CleanStart products complies with applicable laws and third-party terms, and that their own networks and environments are secured against vulnerabilities outside CleanStart's control.

Service Credits and Remedies

In the event that CleanStart fails to meet its defined SLA obligations, customers may be entitled to service credits as set forth in the SLA. These credits serve as the sole and exclusive remedy for SLA breaches, ensuring accountability while providing customers with meaningful compensation where commitments are not met.

Continuous Improvement

CleanStart is dedicated to continuous improvement of its policies, security practices, and commitments. Security measures, remediation processes, and service standards are reviewed annually and updated to reflect customer feedback, regulatory developments, and advancements in industry best practices.