SLA Policy (Enterprise SaaS) — Arkansas

SERVICE LEVEL AGREEMENT POLICY — ENTERPRISE SAAS

Arkansas Jurisdiction

Effective Date: [__/__/____]

Provider: [________________________________] ("Provider")

Customer: [________________________________] ("Customer")

Master Agreement Reference: [________________________________] (the "SaaS Agreement")

Order Form / SOW Reference: [________________________________]

ARKANSAS PRACTICE NOTE: Arkansas courts apply common-law contract principles to service agreements. Under Ark. Code Ann. § 16-30-104, contractual jury trial waivers are authorized only in contracts to borrow or lend money. Pre-dispute jury waivers in SaaS/technology contracts are likely unenforceable under Arkansas law, as the Arkansas Supreme Court's decision in Tilley v. Malvern National Bank (2017) held pre-dispute jury waivers violate the Arkansas Constitution, and the subsequent statutory fix (§ 16-30-104) was narrowly tailored to lending contracts. Practitioners should use arbitration if jury avoidance is desired.

TABLE OF CONTENTS

1. Purpose and Scope
2. Definitions
3. Uptime Commitment and Service Levels
4. Measurement Methodology
5. Exclusions from Downtime Calculations
6. Service Credit Structure
7. Credit Claim Process
8. Chronic Failure and Termination Rights
9. Scheduled Maintenance Windows
10. Emergency Maintenance
11. Incident Response and Escalation
12. Change Management
13. Data Security and Breach Notification
14. Order of Precedence
15. Modifications to This SLA
16. Governing Law and Dispute Resolution
17. Arkansas-Specific Provisions
18. Signatures

1. PURPOSE AND SCOPE

1.1 This Service Level Agreement Policy ("SLA" or "SLA Policy") is incorporated into and forms part of the SaaS Agreement between Provider and Customer. It defines the performance commitments, measurement standards, remedies, and operational procedures applicable to the hosted services identified in the applicable Order Form(s) (the "Services").

1.2 This SLA applies exclusively to the Production Environment of the Services. Staging, development, sandbox, and beta environments are excluded unless expressly stated in an Order Form.

1.3 Capitalized terms not defined herein shall have the meanings assigned to them in the SaaS Agreement.

2. DEFINITIONS

2.1 "Availability" or "Uptime Percentage" means the percentage of total minutes in a calendar month during which the Production Environment is operational and accessible, calculated as:

Availability (%) = [(Total Minutes in Month − Downtime Minutes) ÷ Total Minutes in Month] × 100

2.2 "Downtime" means any period of five (5) or more consecutive minutes during which the Production Environment is materially unavailable or materially degraded such that Customer's end users cannot perform core business functions. Partial degradation affecting non-critical features does not constitute Downtime unless it renders the Services substantially unusable.

2.3 "Excluded Downtime" means any period of unavailability attributable to the causes identified in Section 5.

2.4 "Measurement Period" means each calendar month during the term of the applicable Order Form.

2.5 "Monthly Fee" means the fees payable by Customer for the affected Service during the Measurement Period in which a Downtime event occurs, as specified in the applicable Order Form.

2.6 "Production Environment" means the live, customer-facing instance of the Services designated as "Production" in the Order Form.

2.7 "Response Time" means the elapsed time between Customer's submission of a support ticket and Provider's initial substantive acknowledgment (not an automated receipt).

2.8 "Resolution Time" means the elapsed time between Provider's acknowledgment of an incident and restoration of the affected Service to normal operating parameters.

2.9 "Scheduled Maintenance" means planned maintenance performed during the maintenance windows defined in Section 9, with advance notice as specified therein.

2.10 "Service Credit" means a credit against future invoices, calculated as a percentage of the Monthly Fee, issued to Customer as the remedy for failure to meet the Uptime Commitment.

3. UPTIME COMMITMENT AND SERVICE LEVELS

3.1 Uptime Target. Provider commits to maintaining a minimum monthly Availability of [____]% (the "Uptime Commitment") for the Production Environment during each Measurement Period.

Drafting Note: Common enterprise targets are 99.9% (~43.8 min/month downtime), 99.95% (~21.9 min/month), or 99.99% (~4.4 min/month). Select a target consistent with Provider's operational capacity and Customer's business criticality requirements.

3.2 Service Level Objectives. In addition to the Uptime Commitment, Provider shall use commercially reasonable efforts to meet the following performance targets:

3.3 Failure to meet the response or resolution targets in Section 3.2 shall not independently trigger Service Credits but shall be documented and factored into periodic service reviews and any chronic-failure analysis under Section 8.

4. MEASUREMENT METHODOLOGY

4.1 Monitoring Tools. Availability shall be measured using Provider's monitoring infrastructure, which shall include synthetic transaction monitoring, server health checks, and endpoint availability tests conducted at intervals of no greater than [____] minutes from geographically distributed monitoring nodes.

4.2 Customer Validation. Customer may deploy its own third-party monitoring tools. If Customer's monitoring data materially differs from Provider's data (by more than [____]%), the parties shall confer in good faith to reconcile the discrepancy. If no resolution is reached within [____] business days, an independent third-party monitor mutually agreed upon shall be engaged, with costs shared equally.

4.3 Reporting. Provider shall make Availability data available to Customer through a real-time status dashboard and shall deliver a monthly Availability report within [____] business days after the close of each Measurement Period. Each report shall include:

• (a) Total Uptime and Downtime minutes;
• (b) Availability percentage;
• (c) Incident log with root-cause summaries;
• (d) Scheduled and emergency maintenance windows utilized;
• (e) Comparison to the prior three (3) Measurement Periods.

5. EXCLUSIONS FROM DOWNTIME CALCULATIONS

The following shall not count as Downtime for purposes of Availability calculations:

• (a) Scheduled Maintenance performed in accordance with Section 9;
• (b) Emergency Maintenance performed in accordance with Section 10;
• (c) Downtime caused by Customer's acts or omissions, including misconfiguration, violations of the Acceptable Use Policy, or unauthorized modifications;
• (d) Failures of Customer's equipment, network connections, or third-party software not provided or controlled by Provider;
• (e) Force majeure events as defined in the SaaS Agreement;
• (f) DNS propagation delays outside Provider's authoritative DNS infrastructure;
• (g) Features or environments designated as "beta," "preview," "experimental," or "unsupported";
• (h) Downtime resulting from Customer's failure to implement Provider-recommended updates, patches, or configuration changes within [____] days of notification;
• (i) Governmental actions, court orders, or regulatory mandates requiring suspension of Services.

6. SERVICE CREDIT STRUCTURE

6.1 Credit Tiers. If Provider fails to meet the Uptime Commitment in any Measurement Period, Customer shall be entitled to Service Credits as follows:

Example (99.9% target):

Monthly Availability	Service Credit
< 99.9% to ≥ 99.5%	5% of Monthly Fee
< 99.5% to ≥ 99.0%	10% of Monthly Fee
< 99.0% to ≥ 95.0%	20% of Monthly Fee
< 95.0%	30% of Monthly Fee

6.2 Credit Cap. Total Service Credits in any single Measurement Period shall not exceed [____]% of the Monthly Fee for the affected Service (typically 30%-100%).

6.3 Application. Service Credits shall be applied to Customer's next invoice following validation. Credits are not redeemable for cash, are non-transferable, and may not be carried forward beyond [____] Measurement Periods.

6.4 Sole and Exclusive Remedy. Service Credits constitute Customer's sole and exclusive monetary remedy for failure to meet the Uptime Commitment, except that:

• (a) Customer retains the right to terminate under Section 8 (Chronic Failure);
• (b) Nothing in this Section limits Customer's remedies for Provider's breach of other obligations under the SaaS Agreement, including data security, confidentiality, or indemnification obligations;
• (c) Service Credits do not limit Provider's liability for willful misconduct, gross negligence, or breach of confidentiality obligations.

7. CREDIT CLAIM PROCESS

7.1 Submission. Customer must submit a Service Credit request in writing (email to [________________________________] or via the support portal) within [30] calendar days after the end of the Measurement Period in which the Availability shortfall occurred.

7.2 Required Information. Each credit request shall include:

• ☐ Measurement Period (month/year)
• ☐ Date(s) and time(s) of claimed Downtime (in Central Time or UTC)
• ☐ Duration of each Downtime event
• ☐ Description of impact on Customer's operations
• ☐ Supporting evidence (screenshots, logs, third-party monitoring data)

7.3 Review and Response. Provider shall review the claim and respond within [15] business days. If Provider disputes the claim, it shall provide its own monitoring data and a written explanation. Unresolved disputes shall be escalated pursuant to Section 16.

7.4 Late Claims. Credit requests submitted after the deadline in Section 7.1 are waived unless Customer demonstrates that timely submission was not reasonably practicable.

8. CHRONIC FAILURE AND TERMINATION RIGHTS

8.1 Chronic Failure Trigger. A "Chronic Failure" occurs if:

• (a) Availability falls below [____]% in any [2] out of [3] consecutive Measurement Periods; or
• (b) Availability falls below [____]% in any single Measurement Period; or
• (c) Provider fails to meet Severity 1 response-time targets more than [____] times in any [____]-month period.

8.2 Termination Right. Upon a Chronic Failure, Customer may terminate the affected Order Form(s) by providing [30] days' prior written notice to Provider. Upon such termination:

• (a) Provider shall refund the pro-rata portion of any prepaid, unused fees for the terminated Services;
• (b) Provider shall cooperate with Customer's data export and transition efforts for a period of [____] days following the effective date of termination (the "Transition Period"), at no additional charge;
• (c) Customer's termination right under this Section is in addition to, and does not limit, any other termination rights under the SaaS Agreement.

8.3 Cure Period. Provider may, within [15] days of receiving Customer's termination notice, present a written remediation plan. If Customer accepts the plan (acceptance not to be unreasonably withheld), the termination shall be suspended for a period of [____] days. If Provider fails to meet the remediation milestones, Customer's termination right shall be immediately reinstated.

9. SCHEDULED MAINTENANCE WINDOWS

9.1 Standard Maintenance Window. Provider shall perform routine maintenance during the following recurring window(s):

• Day(s): [________________________________]
• Time: [________________________________] (Central Time — CT)
• Maximum Duration per Window: [____] hours

9.2 Advance Notice. Provider shall provide at least [____] hours' advance notice for Scheduled Maintenance, delivered via [status page / email / in-app notification].

9.3 Monthly Cap. Total Scheduled Maintenance shall not exceed [____] hours per Measurement Period. Maintenance exceeding this cap shall count as Downtime.

9.4 Customer Preferences. Provider shall use commercially reasonable efforts to accommodate Customer's requests to reschedule maintenance when business-critical operations would be adversely affected.

10. EMERGENCY MAINTENANCE

10.1 Provider may perform unscheduled emergency maintenance to address security vulnerabilities, imminent system failures, or regulatory requirements.

10.2 Provider shall use commercially reasonable efforts to provide advance notice of emergency maintenance. Where advance notice is not practicable, Provider shall notify Customer as soon as reasonably possible after commencement.

10.3 Emergency maintenance shall be excluded from Downtime calculations only if: (a) it is genuinely necessitated by an urgent threat to security or system integrity; and (b) Provider uses commercially reasonable efforts to minimize duration and impact.

10.4 If emergency maintenance exceeds [____] hours in any Measurement Period, the excess shall count as Downtime.

11. INCIDENT RESPONSE AND ESCALATION

11.1 Incident Notification. Provider shall notify Customer of any Severity 1 or Severity 2 incident within [____] minutes of detection via [email / phone / status page / PagerDuty integration].

11.2 Status Updates. During an ongoing Severity 1 incident, Provider shall issue status updates at intervals of no greater than [____] minutes until resolution.

11.3 Post-Incident Review. For each Severity 1 or Severity 2 incident, Provider shall deliver a root-cause analysis ("RCA") report to Customer within [____] business days. The RCA shall include:

• (a) Timeline of events;
• (b) Root cause identification;
• (c) Corrective actions taken;
• (d) Preventive measures to avoid recurrence.

11.4 Escalation Path.

12. CHANGE MANAGEMENT

12.1 Provider shall not implement material changes to the Services' architecture, functionality, or APIs that could adversely affect Customer's use without providing [____] days' advance written notice and, for breaking changes, a migration path and documentation.

12.2 Customer may object to a proposed material change within [____] days of notice. The parties shall confer in good faith to resolve the objection. If no resolution is reached, Customer may elect to remain on the prior version for a period not to exceed [____] days, or exercise termination rights under the SaaS Agreement.

12.3 Non-material changes (bug fixes, security patches, performance optimizations) may be deployed without advance notice but shall be documented in release notes.

13. DATA SECURITY AND BREACH NOTIFICATION

13.1 Security Standards. Provider shall maintain administrative, technical, and physical safeguards consistent with industry standards (e.g., SOC 2 Type II, ISO 27001) and applicable law.

13.2 Arkansas Data Breach Notification. In the event of a breach of security involving Customer data that includes personal information of Arkansas residents, Provider shall:

• (a) Notify Customer within [____] hours of confirming the breach (and in no event later than required to enable Customer to comply with the Arkansas Personal Information Protection Act, Ark. Code Ann. § 4-110-101 et seq.);
• (b) Cooperate with Customer's investigation and notification obligations;
• (c) Assist Customer in providing required notifications in the most expedient time possible and without unreasonable delay, consistent with law enforcement needs (per Ark. Code Ann. § 4-110-105);
• (d) If the breach affects more than 1,000 individuals, assist Customer in notifying the Arkansas Attorney General within forty-five (45) days of determining a reasonable likelihood of harm, or at the same time notice is given to affected individuals, whichever is earlier (per Ark. Code Ann. § 4-110-105);
• (e) Be aware that substitute notice is available if the cost of notice exceeds $250,000, the affected class exceeds 500,000 persons, or the entity lacks sufficient contact information (per Ark. Code Ann. § 4-110-105(d)).

13.3 Cooperation. Provider shall reasonably cooperate with Customer to mitigate harm, preserve forensic evidence, and comply with applicable regulatory requirements.

14. ORDER OF PRECEDENCE

In the event of a conflict among the contract documents, the following order of precedence shall apply (highest priority first):

1. Data Processing Agreement / Business Associate Agreement (if applicable)
2. The SaaS Agreement
3. This SLA Policy
4. The applicable Order Form(s) / SOW(s)
5. Provider's Documentation and Acceptable Use Policy

Notwithstanding the foregoing, this SLA shall control with respect to Availability calculations, Service Credit entitlements, and Chronic Failure termination rights.

15. MODIFICATIONS TO THIS SLA

15.1 Provider may update this SLA prospectively upon [30] days' prior written notice to Customer.

15.2 Any modification that materially reduces Uptime Commitments, increases Exclusions, or reduces Service Credit percentages shall require Customer's written consent. If Customer does not consent, the prior SLA terms shall remain in effect for the balance of the then-current Order Form term.

15.3 Immaterial modifications (e.g., formatting changes, clarifications that do not alter substantive obligations) may take effect upon posting to Provider's website or customer portal.

16. GOVERNING LAW AND DISPUTE RESOLUTION

16.1 Governing Law. This SLA shall be governed by and construed in accordance with the laws of the State of Arkansas, without regard to its conflict-of-laws principles. To the extent that any goods are bundled with the Services, the Arkansas Uniform Commercial Code (Ark. Code Ann. Title 4, Subtitle 1) shall apply to the goods component.

16.2 Venue. The parties consent to the exclusive jurisdiction and venue of the state and federal courts located in [Pulaski County / Benton County / Washington County], Arkansas.

16.3 Jury Trial Waiver — Not Applicable.

ARKANSAS PRACTICE NOTE: Ark. Code Ann. § 16-30-104 authorizes contractual jury trial waivers only in contracts to borrow or lend money. The Arkansas Supreme Court in Tilley v. Malvern National Bank, 2017 Ark. 343, held that pre-dispute jury waivers violated the Arkansas Constitution, and the legislature's subsequent statutory fix was limited to lending contracts. Accordingly, a pre-dispute jury waiver in a SaaS/technology contract is likely unenforceable in Arkansas. Parties desiring to avoid jury trial should elect binding arbitration.

16.4 Informal Resolution. Before initiating formal proceedings, the parties shall attempt to resolve any dispute arising under this SLA through good-faith negotiation between designated executives for a period of [30] days.

16.5 Mediation. If informal resolution fails, either party may initiate non-binding mediation before a mediator mutually agreed upon, conducted in [Pulaski County / Benton County], Arkansas. Mediation costs shall be shared equally.

16.6 Arbitration (Optional). [If the parties elect arbitration, insert the following: "Any dispute not resolved through mediation shall be submitted to binding arbitration administered by [AAA / JAMS] under its Commercial Arbitration Rules, conducted in [Pulaski County / Benton County], Arkansas, before a single arbitrator with experience in technology contracts. The arbitrator's award shall be final and binding and may be entered as a judgment in any court of competent jurisdiction."]

17. ARKANSAS-SPECIFIC PROVISIONS

17.1 Trade Secrets. Any Confidential Information constituting a trade secret shall be protected in accordance with the Arkansas Trade Secrets Act, Ark. Code Ann. § 4-75-601 et seq. The Act provides for injunctive relief, damages (including unjust enrichment), and, for willful and malicious misappropriation, exemplary damages up to twice any award made under the damages provision, plus attorney's fees (Ark. Code Ann. § 4-75-606, § 4-75-607).

17.2 Electronic Signatures. This SLA and all related documents may be executed electronically in accordance with the Arkansas Uniform Electronic Transactions Act (Ark. Code Ann. § 25-32-101 et seq.). Electronic signatures shall have the same legal effect, validity, and enforceability as manual signatures.

17.3 Deceptive Trade Practices. Nothing in this SLA limits any rights Customer may have under the Arkansas Deceptive Trade Practices Act (Ark. Code Ann. § 4-88-101 et seq.), to the extent applicable. The Act prohibits unconscionable, false, or deceptive acts or practices in business, commerce, or trade.

17.4 Unfair Practices Act. The parties acknowledge that contracts violating the Arkansas Unfair Practices Act (Ark. Code Ann. § 4-75-201 et seq.) are illegal and void. Nothing in this SLA is intended to create an arrangement that would constitute an unfair practice under the Act.

17.5 Limitation of Liability. The limitations of liability set forth in the SaaS Agreement shall be enforced to the maximum extent permitted under Arkansas law. Arkansas courts generally uphold contractual limitations of liability in commercial transactions between sophisticated parties, subject to exceptions for fraud, willful misconduct, and statutory violations.

17.6 Statute of Limitations. Written contract claims in Arkansas are subject to a five-year statute of limitations (Ark. Code Ann. § 16-56-111). SLA-related claims should be identified and preserved within this window.

18. SIGNATURES

By executing below, the parties acknowledge that they have read, understood, and agreed to be bound by this SLA Policy as part of the SaaS Agreement.

PROVIDER:

Signature: [________________________________]

Printed Name: [________________________________]

Title: [________________________________]

Date: [__/__/____]

CUSTOMER:

Signature: [________________________________]

Printed Name: [________________________________]

Title: [________________________________]

Date: [__/__/____]

PRACTICE TIPS FOR ARKANSAS PRACTITIONERS

1. No Pre-Dispute Jury Waiver for SaaS Contracts. Ark. Code Ann. § 16-30-104 limits contractual jury waivers to lending contracts. For SaaS agreements, use binding arbitration if jury avoidance is a priority.

2. Data Breach — Attorney General Notification. The 1,000-person threshold for AG notification and the 45-day deadline run concurrently with individual notice obligations. Build in sufficient lead time from Provider's notification to Customer.

3. Substitute Notice. Arkansas law provides a substitute notice mechanism (email + website posting + statewide media) when the cost exceeds $250,000 or the affected class exceeds 500,000. This may be relevant for large-scale SaaS deployments.

4. Trade Secret Exemplary Damages. Arkansas allows up to 2x exemplary damages for willful and malicious trade secret misappropriation. Ensure confidentiality provisions in the SaaS Agreement are robust and cross-reference the Arkansas Trade Secrets Act.

5. Five-Year Statute of Limitations. Arkansas applies a five-year limitations period to written contracts (Ark. Code Ann. § 16-56-111), shorter than some neighboring states. Ensure credit claims and breach claims are timely asserted.

6. Unconscionability. Arkansas courts apply the unconscionability doctrine (both procedural and substantive). SLA credit structures that are grossly one-sided may face challenge. Ensure credit tiers bear a reasonable relationship to actual harm.

SOURCES AND REFERENCES

• Ark. Code Ann. § 4-110-105 — Disclosure of Security Breaches
• Ark. Code Ann. § 16-30-104 — Contractual Waiver of Jury Trial
• Ark. Code Ann. § 4-75-601 et seq. — Arkansas Trade Secrets Act
• Ark. Code Ann. § 25-32-101 et seq. — Arkansas UETA
• Ark. Code Ann. § 4-88-101 et seq. — Arkansas Deceptive Trade Practices Act
• Arkansas Attorney General — Data Breach Reporting