Service levels
Service levels and support.
Support and availability commitments depend on the workspace stage and the signed order form. This page gives procurement a clear baseline before contract review.
best effort
Public demo
The public demo is for evaluation and uses fictional data. It is monitored, but it is not covered by paid availability credits.
targeted
Private beta tenants
Private beta tenants receive support targets and incident updates in the order form. Availability credits do not apply unless explicitly agreed.
order form
Production enterprise
Production uptime targets, support hours, credits, data residency, recovery objectives, and escalation paths are set in the enterprise order form.
Support severity targets
| Severity | Examples | Initial response | Update cadence |
|---|---|---|---|
| P1 Critical | Production service unavailable, cross-tenant data exposure, credential signing unavailable, or active security incident. | 1 business hour | Continuous during business hours until mitigated |
| P2 High | Major workflow blocked for multiple users, verifier API degraded, billing or SSO failure, or significant data import failure. | 4 business hours | Daily business-day updates |
| P3 Normal | Single-customer issue, non-critical product defect, configuration help, or data correction request. | 1 business day | As status changes |
| P4 Low | How-to question, documentation issue, feature request, or cosmetic defect. | 3 business days | Best effort |
Support scope
- Account access, SSO, SCIM, HRIS, and tenant configuration support.
- Credential, passport share, verifier API, wallet export, and audit evidence support.
- Security triage for suspected unauthorised access or data exposure.
- Billing setup, invoice status, plan change, and Stripe configuration support.
- Guidance on product configuration for retention, residency, roles, and scope policies.
Exclusions
- Customer network, identity-provider, HRIS, or device outages outside Thesmios control.
- Misconfiguration by customer administrators unless Thesmios caused the configuration.
- Suspension required by law, sanctions, abuse prevention, non-payment, or security protection.
- Preview, demo, sandbox, beta, or free surfaces unless an order form says otherwise.
- Force majeure events and third-party provider incidents outside reasonable control.
Operational readiness
| Status page | Planned external status page before general production rollout. |
|---|---|
| Incident notice | Security and personal-data incidents assessed promptly, with UK GDPR Article 33 notification where legally required. |
| Backups | Managed backups and restore testing are required before production enterprise rollout. |
| Recovery targets | RPO and RTO are set per production order form and depend on selected data residency. |
| Maintenance | Planned maintenance is announced in advance where practical; emergency maintenance may happen immediately to protect security or availability. |