Support Policy (Enterprise SaaS) — Colorado
ENTERPRISE SAAS SUPPORT POLICY
COLORADO-SPECIFIC EDITION
Support Policy Reference Number: [________________________________]
Effective Date: [__/__/____]
Last Revised: [__/__/____]
This Enterprise SaaS Support Policy ("Support Policy" or "Policy") is incorporated into and forms part of the Master SaaS Agreement or equivalent subscription agreement ("Master Agreement") between the parties identified below. Capitalized terms not defined herein shall have the meanings set forth in the Master Agreement.
Provider: [________________________________] ("Provider")
- Address: [________________________________]
- State of Organization: [________________________________]
Customer: [________________________________] ("Customer")
- Address: [________________________________]
- State of Organization: [________________________________]
Master Agreement Date: [__/__/____]
Master Agreement Reference: [________________________________]
TABLE OF CONTENTS
- Definitions
- Scope of Support
- Support Tiers and Pricing
- Support Hours and Channels
- Named Support Contacts
- Severity Definitions
- Response and Resolution Targets
- Escalation Matrix
- Customer Obligations
- Exclusions
- Status Updates and Communication
- Maintenance Windows
- Version Support and End-of-Life
- Service Credits
- Support Performance Reporting
- Security Incident Support
- Changes to Support Policy
- Order of Precedence
- Colorado-Specific Legal Provisions
- Electronic Signatures
- Signature Blocks
- Exhibit A: Support Contact Information
- Exhibit B: Supported Configurations
1. DEFINITIONS
For the purposes of this Support Policy, the following terms shall have the meanings ascribed below:
1.1 "Authorized Contact" means an individual designated by Customer who is authorized to submit support requests, access the Support Portal, and communicate with Provider's support personnel on Customer's behalf. Authorized Contacts must be Named Support Contacts or designated alternates.
1.2 "Business Day" means Monday through Friday, excluding federal holidays observed in the United States and state holidays observed in the State of Colorado, including but not limited to Colorado Day (first Monday of August).
1.3 "Business Hours" means 8:00 AM to 6:00 PM Mountain Time (MT) on Business Days, unless otherwise specified in the applicable Support Tier.
1.4 "Customer Environment" means the totality of Customer's hardware, software, network infrastructure, configurations, third-party integrations, and operating conditions in which the SaaS Service operates or with which it interacts.
1.5 "Defect" means a reproducible failure of the SaaS Service to perform materially in accordance with the applicable Documentation.
1.6 "Enhancement" means a request for new functionality, features, or capabilities not described in the current Documentation, which shall be addressed through Provider's product roadmap process rather than through this Support Policy.
1.7 "Error" means any verifiable and reproducible failure of the SaaS Service to conform to the specifications set forth in the Documentation.
1.8 "Fix" means a permanent code change or configuration modification that resolves a Defect or Error and is incorporated into a generally available release of the SaaS Service.
1.9 "Hot Fix" means an emergency code change deployed outside of the standard release cycle to address a Severity 1 or Severity 2 Incident in the Production Environment.
1.10 "Incident" means any event that is not part of the standard operation of the SaaS Service and that causes, or may cause, an interruption to or a reduction in the quality of the SaaS Service.
1.11 "Maintenance Window" means a pre-designated period during which Provider may perform scheduled maintenance, updates, patches, or upgrades to the SaaS Service infrastructure.
1.12 "Named Support Contact" means a specific individual designated by Customer in Exhibit A who is trained and authorized to serve as the primary liaison between Customer and Provider's support organization.
1.13 "Production Environment" means the live, operational instance of the SaaS Service used by Customer's end users for actual business operations, as distinguished from staging, testing, or development environments.
1.14 "Resolution" means the point at which an Incident has been resolved through a Fix, Hot Fix, Workaround, or other corrective action such that the SaaS Service operates materially in accordance with the Documentation.
1.15 "Root Cause Analysis" ("RCA") means a structured investigation to identify the underlying cause of a Severity 1 or Severity 2 Incident, resulting in a written report that includes the timeline of events, contributing factors, corrective actions taken, and preventive measures implemented.
1.16 "Service Credit" means a credit against future fees owed by Customer to Provider, calculated in accordance with Section 14 of this Policy, issued when Provider fails to meet specified Service Levels.
1.17 "Service Level" means a measurable standard of performance that Provider commits to meeting, as specified in Section 7 (Response and Resolution Targets) and the Master Agreement.
1.18 "Severity Level" means the classification assigned to an Incident based on its impact and urgency, as defined in Section 6 of this Policy.
1.19 "Support Portal" means Provider's web-based ticketing and knowledge base system accessible at [________________________________] through which Authorized Contacts submit and track support requests.
1.20 "Ticket" means a uniquely numbered record created in the Support Portal to track a support request from initial submission through Resolution, including all communications, status updates, and resolution details.
1.21 "Uptime" means the percentage of time during a given calendar month that the Production Environment is available and operational, calculated as set forth in the Master Agreement.
1.22 "Workaround" means a temporary method of achieving a result equivalent or comparable to the intended function of the SaaS Service, which circumvents a known Defect or Error without constituting a permanent Fix.
2. SCOPE OF SUPPORT
2.1 Included Support Services
Provider shall furnish the following support services under this Policy:
(a) Break/Fix Support — Diagnosis and resolution of Errors, Defects, and Incidents that cause the SaaS Service to fail to perform materially in accordance with the Documentation.
(b) Configuration Assistance — Guidance on configuring the SaaS Service within the parameters described in the Documentation, including standard settings, user management, and role-based access configuration.
(c) Standard Integration Support — Assistance with integrations that are documented and supported by Provider as part of the SaaS Service, including API usage guidance for published endpoints.
(d) Software Updates — Delivery and deployment of patches, minor releases, and major releases as part of the subscription, including release notes and migration guidance.
(e) Knowledge Base Access — Self-service access to Provider's searchable library of articles, how-to guides, FAQs, and troubleshooting documentation.
(f) Health Checks — For Premium and Enterprise tier customers, periodic reviews of Customer's usage patterns, configuration, and performance metrics with recommendations for optimization.
2.2 Excluded Services
The following services are not included within the scope of this Support Policy and, if available, shall be provided under a separate statement of work or professional services agreement at Provider's then-current rates:
(a) Custom software development, bespoke integrations, or modifications to the SaaS Service source code.
(b) On-site support, including travel to Customer's physical locations.
(c) Training services beyond standard onboarding documentation and knowledge base materials.
(d) Data migration, extraction, or conversion services.
(e) Support for third-party software, hardware, or services not expressly listed in Exhibit B.
(f) Performance tuning or optimization of Customer's network, hardware, or third-party infrastructure.
(g) Support for deprecated or end-of-life versions of the SaaS Service as described in Section 13.
3. SUPPORT TIERS AND PRICING
Provider offers three (3) support tiers. Customer's selected tier is identified in the Master Agreement or applicable Order Form.
| Feature | Standard | Premium | Enterprise |
|---|---|---|---|
| Monthly Fee | Included in subscription | [____]% of annual subscription | [____]% of annual subscription |
| Support Hours | Business Hours (MT) | Extended: 7:00 AM – 9:00 PM MT, Business Days | 24/7/365 |
| Channels | Portal, Email | Portal, Email, Phone | Portal, Email, Phone, Dedicated Slack/Chat |
| Named Support Contacts | 2 | 5 | 10 |
| Severity 1 Response | 60 minutes | 30 minutes | 15 minutes |
| Dedicated Account Engineer | No | No | Yes |
| Quarterly Business Reviews | No | Yes | Yes (Monthly) |
| Root Cause Analysis | Sev 1 only | Sev 1 and Sev 2 | All Severities |
| Custom Health Checks | No | Semi-annual | Quarterly |
| Priority Roadmap Input | No | No | Yes |
| Uptime SLA | 99.5% | 99.9% | 99.95% |
Customer's Selected Tier: ☐ Standard | ☐ Premium | ☐ Enterprise
4. SUPPORT HOURS AND CHANNELS
4.1 Support Hours by Tier
| Tier | Hours | Days | Timezone |
|---|---|---|---|
| Standard | 8:00 AM – 6:00 PM | Monday – Friday (Business Days) | Mountain Time (MT) |
| Premium | 7:00 AM – 9:00 PM | Monday – Friday (Business Days) | Mountain Time (MT) |
| Enterprise | 24 hours | 7 days per week, 365 days per year | All U.S. time zones |
4.2 Support Channels
| Channel | Standard | Premium | Enterprise |
|---|---|---|---|
| Support Portal | ☐ Available | ☐ Available | ☐ Available |
| ☐ Available | ☐ Available | ☐ Available | |
| Phone | Not included | ☐ Available | ☐ Available |
| Dedicated Chat/Slack | Not included | Not included | ☐ Available |
| Dedicated Account Engineer | Not included | Not included | ☐ Available |
4.3 After-Hours Support
For Severity 1 and Severity 2 Incidents occurring outside of standard Support Hours, Premium and Enterprise tier customers may reach the on-call support team via the emergency support line at [________________________________]. Standard tier customers may leave a voicemail or submit a Portal ticket; the SLA clock for Standard tier customers begins at the start of the next Business Day.
4.4 SLA Clock Commencement
The SLA clock for Response Time begins when a Ticket is created in the Support Portal with sufficient information for Provider to begin diagnosis. Tickets submitted via email shall be deemed received upon confirmation of Ticket creation in the Portal. The SLA clock pauses when Provider is awaiting information or action from Customer and resumes when Customer responds.
5. NAMED SUPPORT CONTACTS
5.1 Number of Named Support Contacts
Customer may designate the following number of Named Support Contacts based on the selected Support Tier:
- Standard Tier: Up to two (2) Named Support Contacts
- Premium Tier: Up to five (5) Named Support Contacts
- Enterprise Tier: Up to ten (10) Named Support Contacts
5.2 Role Requirements
Each Named Support Contact shall:
(a) Have completed Provider's standard support training or onboarding process;
(b) Possess sufficient technical knowledge of the SaaS Service and Customer's environment to provide first-level triage before engaging Provider support;
(c) Have authority to approve Workarounds, schedule maintenance, and authorize access to Customer's environment for diagnostic purposes; and
(d) Be available during Business Hours to respond to Provider inquiries related to open Tickets.
5.3 Contact Change Process
Customer may change Named Support Contacts by submitting a written request to Provider through the Support Portal or by email to [________________________________]. Changes shall become effective within two (2) Business Days of Provider's confirmation. New Named Support Contacts must complete the onboarding process within fifteen (15) calendar days of designation.
5.4 Contact Information
Named Support Contacts and their details are listed in Exhibit A, which Customer shall keep current at all times.
6. SEVERITY DEFINITIONS
All Incidents shall be classified according to the following Severity Levels. Provider reserves the right to reclassify Severity Levels in good faith based on investigation findings, provided that Provider shall communicate any reclassification to Customer with a written justification.
| Severity | Classification | Description | Examples |
|---|---|---|---|
| Severity 1 — Critical | Production Down | The SaaS Service is completely unavailable or a critical business function is entirely non-operational in the Production Environment, with no Workaround available. Data loss or corruption is occurring or imminent. | Complete system outage; inability to log in for all users; data corruption affecting financial records; security breach in progress |
| Severity 2 — High | Major Degradation | A major feature or function of the SaaS Service is severely impaired or degraded in the Production Environment. A Workaround may exist but is not sustainable for continued business operations. | Key reporting module non-functional; significant performance degradation (>50% slowdown); intermittent outages affecting >25% of users; integration failure with critical third-party system |
| Severity 3 — Medium | Limited Impact | A feature or function of the SaaS Service is impaired but a reasonable Workaround is available. The issue does not materially affect core business operations. | Minor feature malfunction with available Workaround; cosmetic defects in non-critical areas; single-user access issues; non-critical integration anomalies |
| Severity 4 — Low | Minimal Impact | General questions, Enhancement requests, cosmetic issues, or documentation errors that do not affect the functionality of the SaaS Service. | How-to questions; Enhancement requests; documentation corrections; user interface preferences; minor cosmetic defects |
6.1 Severity Classification Disputes
If Customer disagrees with Provider's Severity classification or reclassification, Customer may escalate the matter to Provider's Support Manager, who shall review and respond within two (2) hours during Business Hours. If the dispute remains unresolved, it shall be escalated in accordance with the Escalation Matrix in Section 8.
7. RESPONSE AND RESOLUTION TARGETS
7.1 Response and Resolution Times by Severity and Tier
| Severity | Metric | Standard Tier | Premium Tier | Enterprise Tier |
|---|---|---|---|---|
| Severity 1 | Initial Response | 60 minutes | 30 minutes | 15 minutes |
| Workaround/Containment | 8 hours | 4 hours | 2 hours | |
| Resolution Target | 48 hours | 24 hours | 12 hours | |
| Root Cause Analysis | 10 Business Days | 5 Business Days | 3 Business Days | |
| Severity 2 | Initial Response | 4 Business Hours | 2 Business Hours | 1 Business Hour |
| Workaround/Containment | 2 Business Days | 1 Business Day | 8 Business Hours | |
| Resolution Target | 5 Business Days | 3 Business Days | 2 Business Days | |
| Root Cause Analysis | N/A | 10 Business Days | 5 Business Days | |
| Severity 3 | Initial Response | 1 Business Day | 8 Business Hours | 4 Business Hours |
| Workaround/Containment | As needed | As needed | As needed | |
| Resolution Target | Next maintenance release | Next maintenance release | 10 Business Days | |
| Severity 4 | Initial Response | 2 Business Days | 1 Business Day | 1 Business Day |
| Resolution Target | Future release (backlog) | Future release (backlog) | Next maintenance release |
7.2 Measurement and Assumptions
(a) Response Time is measured from the time a properly submitted Ticket is received in the Support Portal to the time Provider's support personnel acknowledge the Ticket and begin active diagnosis.
(b) Resolution Targets are goals, not guarantees, except to the extent that failure to meet them triggers Service Credits as described in Section 14.
(c) The SLA clock pauses when: (i) Provider is awaiting information or action from Customer; (ii) the Incident requires a third-party vendor fix outside Provider's control; or (iii) a force majeure event is occurring.
(d) Resolution Targets assume Customer provides timely access to systems, logs, and personnel as described in Section 9.
8. ESCALATION MATRIX
8.1 Internal Escalation Path
| Escalation Level | Role | Triggered When | Severity 1 Timeframe | Severity 2 Timeframe | Severity 3/4 Timeframe |
|---|---|---|---|---|---|
| Level 1 | Support Engineer | Ticket created | Immediate | Immediate | Immediate |
| Level 2 | Senior Support Engineer | L1 unable to resolve | 30 minutes | 2 hours | 1 Business Day |
| Level 3 | Support Manager / Team Lead | L2 unable to resolve | 1 hour | 4 hours | 3 Business Days |
| Level 4 | Engineering Team (Development) | Requires code change | 2 hours | 1 Business Day | 5 Business Days |
| Level 5 | VP of Engineering / VP of Customer Success | Continued non-resolution | 4 hours | 2 Business Days | 10 Business Days |
| Level 6 | Chief Technology Officer (CTO) | Executive escalation | 8 hours | 5 Business Days | At Provider discretion |
8.2 Customer-Initiated Escalation
Customer may initiate an escalation at any time by:
(a) Requesting escalation through the Support Portal or by contacting Provider's Support Manager at [________________________________];
(b) Emailing Provider's escalation team at [________________________________]; or
(c) For Enterprise tier customers, contacting the Dedicated Account Engineer directly.
8.3 Escalation Documentation
All escalations shall be documented in the Ticket, including the reason for escalation, the escalation level, the personnel involved, and the expected next steps.
9. CUSTOMER OBLIGATIONS
Customer acknowledges that Provider's ability to meet the Service Levels and Resolution Targets set forth in this Policy depends on Customer's fulfillment of the following obligations:
9.1 Supported Configurations
Customer shall maintain its environment within the supported configurations listed in Exhibit B, including supported browsers, operating systems, network requirements, and third-party integration versions.
9.2 Log and Diagnostic Access
Customer shall provide Provider with reasonable access to relevant system logs, error messages, screenshots, and diagnostic data necessary to investigate and resolve reported Incidents. For Severity 1 and Severity 2 Incidents, Customer shall use commercially reasonable efforts to provide such access within one (1) hour of Provider's request.
9.3 Patch and Update Application
Customer shall apply critical security patches within fourteen (14) calendar days of Provider's release notification and shall apply non-critical updates within thirty (30) calendar days, or within such other timeframes as may be specified in the release notes.
9.4 Contact Availability
Customer shall ensure that at least one (1) Named Support Contact is available during Business Hours and, for Severity 1 Incidents, within thirty (30) minutes outside of Business Hours to respond to Provider inquiries and provide information necessary for Incident resolution.
9.5 Incident Reporting Quality
Customer shall submit Tickets that include, at minimum: (a) a description of the Incident; (b) the expected versus actual behavior; (c) steps to reproduce the issue (if known); (d) the business impact; (e) the Customer Environment in which the Incident occurred; and (f) any relevant screenshots, logs, or error messages.
9.6 Environment Change Notification
Customer shall notify Provider at least five (5) Business Days in advance of any material changes to the Customer Environment that may affect the SaaS Service, including infrastructure migrations, network changes, or third-party integration modifications.
10. EXCLUSIONS
Provider shall have no obligation under this Support Policy to provide support for Incidents arising from or related to:
(a) Customer's network, hardware, or telecommunications infrastructure;
(b) Third-party software, services, or integrations not expressly listed in Exhibit B as supported;
(c) Use of the SaaS Service in a manner not authorized by the Documentation or the Master Agreement;
(d) Modifications to the SaaS Service made by anyone other than Provider or Provider's authorized agents;
(e) Customer's failure to implement required patches or updates within the timeframes specified in Section 9.3;
(f) Customer's failure to maintain supported configurations as specified in Exhibit B;
(g) Browsers, operating systems, or devices that are not listed as supported in the Documentation;
(h) Force majeure events as defined in the Master Agreement, including but not limited to acts of God, government actions, natural disasters, pandemics, cyberattacks originating from state-sponsored threat actors, and utility failures beyond Provider's reasonable control;
(i) Issues arising from Customer's data or content, including corrupt data inputs; and
(j) Unsupported or end-of-life versions of the SaaS Service as described in Section 13.
11. STATUS UPDATES AND COMMUNICATION
11.1 Update Cadence by Severity
| Severity | Update Frequency | Method |
|---|---|---|
| Severity 1 | Every 30 minutes until Workaround is in place; hourly thereafter until Resolution | Phone, Email, and Portal update |
| Severity 2 | Every 2 hours during Business Hours until Workaround; every 4 hours thereafter | Email and Portal update |
| Severity 3 | Every Business Day until Resolution | Portal update |
| Severity 4 | Upon meaningful status changes | Portal update |
11.2 Communication Content
Each status update shall include: (a) current status of the investigation; (b) actions taken since the last update; (c) planned next steps; (d) estimated time to next milestone (Workaround or Resolution); and (e) any information or action required from Customer.
11.3 Incident Resolution Notification
Upon Resolution of any Incident, Provider shall deliver a closing notification that includes: (a) a summary of the Incident; (b) the root cause (for Severity 1 and Severity 2); (c) the Resolution or Workaround applied; (d) any actions required by Customer; and (e) preventive recommendations.
12. MAINTENANCE WINDOWS
12.1 Scheduled Maintenance
Provider shall perform routine maintenance during the standard Maintenance Window of [________________________________] (e.g., Sundays 2:00 AM – 6:00 AM MT). Provider shall provide at least seventy-two (72) hours' advance written notice of scheduled maintenance via email to Named Support Contacts and posting on the Support Portal.
12.2 Emergency Maintenance
Provider may perform emergency maintenance outside the standard Maintenance Window when necessary to address critical security vulnerabilities, data integrity risks, or Severity 1 issues affecting multiple customers. Provider shall use commercially reasonable efforts to provide at least four (4) hours' advance notice and shall notify Customer as soon as practicable if advance notice is not feasible.
12.3 Planned Downtime
Planned downtime during scheduled Maintenance Windows that is properly noticed shall not count against Provider's Uptime SLA. Emergency maintenance downtime shall count against the Uptime SLA unless the emergency maintenance is required due to a force majeure event or an action attributable to Customer.
12.4 Maintenance Communication
Provider shall maintain a status page at [________________________________] that displays real-time system status, upcoming maintenance events, and historical uptime data.
13. VERSION SUPPORT AND END-OF-LIFE
13.1 Supported Versions
Provider shall support the current generally available version and the two (2) most recent prior major versions of the SaaS Service ("Supported Versions"). Provider shall publish and maintain a version support matrix in the Documentation.
13.2 End-of-Life Notice
Provider shall provide at least one hundred eighty (180) calendar days' written notice before designating any major version as end-of-life ("EOL"). The EOL notice shall include: (a) the EOL date; (b) migration guidance; (c) a description of any available migration tools or assistance; and (d) the date after which support will no longer be available for the EOL version.
13.3 Security Patches Post-EOL
Provider shall continue to provide critical security patches for EOL versions for a period of ninety (90) calendar days following the EOL date ("Extended Security Support Period"). After the Extended Security Support Period, Provider shall have no obligation to provide any support or patches for EOL versions.
13.4 Migration Assistance
For Premium and Enterprise tier customers, Provider shall provide reasonable migration assistance for transitioning from EOL versions to Supported Versions at no additional charge, provided Customer initiates the migration within the notice period.
14. SERVICE CREDITS
14.1 Eligibility
Service Credits shall be available to Customer when Provider fails to meet the Response Time targets specified in Section 7 or the Uptime SLA specified in the Master Agreement, subject to the exclusions in Section 10.
14.2 Service Credit Calculation — Response Time Failures
| Failure Type | Standard Tier Credit | Premium Tier Credit | Enterprise Tier Credit |
|---|---|---|---|
| Severity 1 Response Time missed by ≤ 2x | 2% of monthly fee | 3% of monthly fee | 5% of monthly fee |
| Severity 1 Response Time missed by > 2x | 5% of monthly fee | 7% of monthly fee | 10% of monthly fee |
| Severity 2 Response Time missed by ≤ 2x | 1% of monthly fee | 2% of monthly fee | 3% of monthly fee |
| Severity 2 Response Time missed by > 2x | 2% of monthly fee | 4% of monthly fee | 5% of monthly fee |
| 3+ Severity 1/2 Response Time misses in a calendar month | Additional 5% of monthly fee | Additional 7% of monthly fee | Additional 10% of monthly fee |
14.3 Service Credit Calculation — Uptime Failures
| Monthly Uptime Percentage | Service Credit (% of monthly fee) |
|---|---|
| Less than SLA but ≥ 99.0% | 5% |
| Less than 99.0% but ≥ 98.0% | 10% |
| Less than 98.0% but ≥ 95.0% | 20% |
| Less than 95.0% | 30% |
14.4 Credit Cap
The total Service Credits issued in any single calendar month shall not exceed one hundred percent (100%) of the monthly fees paid or payable by Customer for the affected month. Service Credits are not redeemable for cash, are not transferable, and shall be applied as a credit against the next invoice.
14.5 Claim Process
To receive a Service Credit, Customer must submit a written request to Provider within thirty (30) calendar days following the end of the month in which the Service Level failure occurred. The request shall identify the specific Service Level failure, the Ticket number(s), and the dates and times of the failure. Provider shall respond to the claim within fifteen (15) Business Days.
14.6 Sole Remedy
Under Colorado law, including the Colorado Consumer Protection Act (C.R.S. § 6-1-101 et seq.), Service Credits shall constitute Customer's sole and exclusive remedy, and Provider's sole and exclusive liability, for Provider's failure to meet the Service Levels set forth in this Policy, except that this limitation shall not apply to claims arising from Provider's willful misconduct, gross negligence, or breach of confidentiality obligations. Nothing in this Section shall limit remedies available under applicable Colorado consumer protection statutes where Customer qualifies as a consumer under such statutes.
15. SUPPORT PERFORMANCE REPORTING
15.1 Monthly Reports
Provider shall deliver to Customer a monthly support performance report within ten (10) Business Days following the end of each calendar month. The report shall include:
(a) Total number of Tickets opened and closed, broken down by Severity Level;
(b) Response Time performance versus targets, by Severity Level;
(c) Resolution Time performance versus targets, by Severity Level;
(d) Number of Tickets escalated beyond Level 2;
(e) Uptime percentage for the month;
(f) Summary of any Severity 1 or Severity 2 Incidents and their Root Cause Analysis status; and
(g) Service Credit calculations, if applicable.
15.2 Quarterly Business Reviews
For Premium and Enterprise tier customers, Provider shall conduct quarterly business reviews ("QBRs") to discuss support performance trends, recurring issues, upcoming changes, and optimization opportunities. Enterprise tier customers shall receive monthly reviews.
15.3 Key Performance Indicators (KPIs)
The following KPIs shall be tracked and reported:
(a) First Response Time (average and percentile) by Severity;
(b) Mean Time to Resolution (MTTR) by Severity;
(c) Customer Satisfaction Score (CSAT) from post-resolution surveys;
(d) Ticket Reopen Rate;
(e) Escalation Rate; and
(f) Uptime percentage.
16. SECURITY INCIDENT SUPPORT
16.1 Security Incident Classification
Security-related Incidents shall be classified as Severity 1 by default and shall receive immediate priority treatment through the Escalation Matrix, regardless of the Customer's Support Tier.
16.2 Elevated Support During Security Incidents
During a confirmed or suspected security incident affecting Customer data, Provider shall:
(a) Assign a dedicated incident coordinator within fifteen (15) minutes of classification;
(b) Provide status updates every thirty (30) minutes until containment is confirmed;
(c) Coordinate with Customer's IT security team and provide forensic data as reasonably available;
(d) Deliver an interim incident report within twenty-four (24) hours of containment; and
(e) Deliver a full Root Cause Analysis within five (5) Business Days of Resolution.
16.3 Colorado Data Breach Notification Compliance
In accordance with the Colorado Data Breach Notification Act (C.R.S. § 6-1-716), Provider acknowledges the following obligations:
(a) Notification Timeline. If a security breach involving Customer's personal information occurs, notification must be provided in the most expedient time possible and without unreasonable delay, but no later than thirty (30) calendar days after the date of determination that a security breach occurred.
(b) Attorney General Notification. If a breach affects five hundred (500) or more Colorado residents, Provider shall cooperate with Customer in notifying the Colorado Attorney General.
(c) Investigation Duty. Upon becoming aware that a security breach may have occurred, Provider shall conduct a good-faith, prompt investigation to determine the likelihood that personal information has been or will be misused.
(d) Colorado Privacy Act. Provider shall also comply with applicable requirements under the Colorado Privacy Act (C.R.S. § 6-1-1301 et seq.), including data processing obligations and consumer rights provisions.
16.4 Coordination with Customer's Incident Response
Provider's security incident support shall integrate with Customer's incident response plan. Customer shall provide Provider with a copy of its incident response plan and designate a security incident contact, which shall be documented in Exhibit A.
17. CHANGES TO SUPPORT POLICY
17.1 Notice of Changes
Provider may update this Support Policy from time to time. Provider shall provide at least sixty (60) calendar days' prior written notice to Customer of any material changes. Non-material changes (e.g., editorial corrections, formatting) may be made with thirty (30) calendar days' notice.
17.2 Material Reduction Protections
If any change constitutes a material reduction in the Service Levels, support coverage, or support features previously provided, Customer shall have the right, exercisable within thirty (30) calendar days of receiving notice of such change, to either:
(a) Accept the revised Support Policy; or
(b) Require that Provider continue to provide support under the prior version of the Support Policy for the remainder of the then-current subscription term at no additional charge.
If Customer elects option (b), Provider shall honor the prior Support Policy through the end of the current term. This right shall not limit any other rights Customer may have under the Master Agreement, including termination for material breach.
17.3 Non-Diminishment
Notwithstanding any other provision herein, Provider shall not reduce Response Time or Uptime commitments below the levels in effect as of the Effective Date during the current subscription term without Customer's written consent.
18. ORDER OF PRECEDENCE
18.1 Relationship to Master Agreement
This Support Policy is incorporated into and subject to the Master Agreement. In the event of a conflict between this Support Policy and the Master Agreement:
(a) With respect to support-specific metrics, Service Levels, Response Times, and support procedures, this Support Policy shall control;
(b) With respect to all other matters, including but not limited to limitation of liability, indemnification, confidentiality, and termination, the Master Agreement shall control.
18.2 Relationship to Order Forms
If an Order Form contains support-specific terms that differ from this Support Policy, the Order Form shall control with respect to such differing terms, provided that the Order Form expressly references this Support Policy and identifies the specific provisions being modified.
19. COLORADO-SPECIFIC LEGAL PROVISIONS
19.1 Governing Law
This Support Policy shall be governed by and construed in accordance with the laws of the State of Colorado, without regard to its conflict of laws principles. The parties acknowledge that Colorado law shall apply to the interpretation and enforcement of this Policy, including but not limited to the Colorado Uniform Commercial Code (C.R.S. Title 4) as it may apply to the provision of software services.
19.2 Venue and Jurisdiction
The parties irrevocably submit to the exclusive jurisdiction and venue of the state and federal courts located in [________________________________] County, Colorado (e.g., Denver County, Arapahoe County, or Boulder County) for any disputes arising out of or related to this Support Policy.
19.3 Consumer Protection
Provider acknowledges that the Colorado Consumer Protection Act (C.R.S. § 6-1-101 et seq.) prohibits deceptive trade practices. Provider represents that the Service Levels, support descriptions, and commitments in this Policy are truthful and not misleading. To the extent Customer qualifies as a "consumer" under the Act, the protections afforded by the Act shall not be waived or limited by this Policy.
19.4 Implied Warranty
To the extent the SaaS Service is classified as a "good" under the Colorado Uniform Commercial Code (C.R.S. § 4-2-314 and § 4-2-315), the implied warranties of merchantability and fitness for a particular purpose shall apply as provided by law. Any disclaimer of implied warranties in the Master Agreement shall be conspicuous and shall comply with C.R.S. § 4-2-316. Nothing in this Policy shall be construed as a disclaimer of implied warranties; any such disclaimer is contained solely in the Master Agreement, subject to applicable law.
19.5 Jury Waiver
TO THE FULLEST EXTENT PERMITTED BY COLORADO LAW, EACH PARTY HEREBY KNOWINGLY, VOLUNTARILY, AND INTENTIONALLY WAIVES ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN RESPECT OF ANY LITIGATION ARISING OUT OF, UNDER, OR IN CONNECTION WITH THIS SUPPORT POLICY OR THE MASTER AGREEMENT.
19.6 Cure Period
Under Colorado contract law, Provider shall have a reasonable cure period of thirty (30) calendar days following written notice from Customer of a material breach of this Support Policy before Customer may pursue termination or other remedies, except for Severity 1 failures that remain unresolved beyond twice the applicable Resolution Target.
20. ELECTRONIC SIGNATURES
This Support Policy and any amendments, exhibits, or addenda hereto may be executed by electronic signature in accordance with the Colorado Uniform Electronic Transactions Act (C.R.S. § 24-71.3-101 et seq.) and the federal Electronic Signatures in Global and National Commerce Act (E-SIGN Act, 15 U.S.C. § 7001 et seq.). Electronic signatures shall have the same legal effect, validity, and enforceability as manually executed signatures.
21. SIGNATURE BLOCKS
IN WITNESS WHEREOF, the parties have executed this Enterprise SaaS Support Policy as of the Effective Date.
PROVIDER:
Signature: [________________________________]
Printed Name: [________________________________]
Title: [________________________________]
Date: [__/__/____]
CUSTOMER:
Signature: [________________________________]
Printed Name: [________________________________]
Title: [________________________________]
Date: [__/__/____]
EXHIBIT A: SUPPORT CONTACT INFORMATION
Provider Support Contacts
| Role | Name | Phone | |
|---|---|---|---|
| Support Portal URL | [________________________________] | ||
| General Support Email | [________________________________] | ||
| Support Phone (Standard) | [________________________________] | ||
| Emergency Support Line (Sev 1/2) | [________________________________] | ||
| Escalation Manager | [________________________________] | [________________________________] | [________________________________] |
| Account Engineer (Enterprise) | [________________________________] | [________________________________] | [________________________________] |
Customer Named Support Contacts
| # | Name | Title | Phone | Authorized Severities | |
|---|---|---|---|---|---|
| 1 | [________________________________] | [________________________________] | [________________________________] | [________________________________] | All |
| 2 | [________________________________] | [________________________________] | [________________________________] | [________________________________] | All |
| 3 | [________________________________] | [________________________________] | [________________________________] | [________________________________] | Sev 1-3 |
| 4 | [________________________________] | [________________________________] | [________________________________] | [________________________________] | Sev 1-3 |
| 5 | [________________________________] | [________________________________] | [________________________________] | [________________________________] | Sev 1-3 |
(Additional contacts for Premium and Enterprise tiers as applicable)
Customer Security Incident Contact
| Name | Title | Phone | |
|---|---|---|---|
| [________________________________] | [________________________________] | [________________________________] | [________________________________] |
EXHIBIT B: SUPPORTED CONFIGURATIONS
Supported Browsers
| Browser | Minimum Version |
|---|---|
| Google Chrome | [________________________________] |
| Mozilla Firefox | [________________________________] |
| Microsoft Edge | [________________________________] |
| Apple Safari | [________________________________] |
Supported Operating Systems
| Operating System | Minimum Version |
|---|---|
| Windows | [________________________________] |
| macOS | [________________________________] |
| iOS | [________________________________] |
| Android | [________________________________] |
Network Requirements
| Requirement | Specification |
|---|---|
| Minimum Bandwidth | [________________________________] |
| Latency | [________________________________] |
| Supported Protocols | HTTPS (TLS 1.2 or higher) |
Supported Third-Party Integrations
| Integration | Supported Versions | Notes |
|---|---|---|
| [________________________________] | [________________________________] | [________________________________] |
| [________________________________] | [________________________________] | [________________________________] |
| [________________________________] | [________________________________] | [________________________________] |
SOURCES AND REFERENCES
-
Colorado Consumer Protection Act — C.R.S. § 6-1-101 et seq.
https://colorado.public.law/statutes/crs_title_6_article_1 -
Colorado Data Breach Notification Act — C.R.S. § 6-1-716
https://colorado.public.law/statutes/crs_6-1-716 -
Colorado Privacy Act — C.R.S. § 6-1-1301 et seq.
https://coag.gov/resources/data-protection-laws/ -
Colorado Uniform Electronic Transactions Act — C.R.S. § 24-71.3-101 et seq.
https://law.justia.com/codes/colorado/title-24/electronic-transactions/article-71-3/ -
Colorado Uniform Commercial Code (Sales) — C.R.S. Title 4, Article 2
https://content.leg.colorado.gov/sites/default/files/images/olls/crs2024-title-04.pdf -
Colorado Attorney General — Consumer Protection Division
https://coag.gov/office-sections/consumer-protection/
This template is provided for informational purposes only and does not constitute legal advice. It must be reviewed and customized by a qualified attorney licensed in Colorado before use. Laws and regulations change frequently; verify all citations before relying on this document. This template is designed for the ezel.ai platform.
About This Template
A contract is a written record of what two or more parties agreed to and what happens if someone does not follow through. Clear language, defined terms, and clean signature blocks keep disputes small and enforceable. The most common mistakes in contracts come from vague promises, missing details about timing or payment, and skipping standard protective clauses like governing law and dispute resolution.
Important Notice
This template is provided for informational purposes. It is not legal advice. We recommend having an attorney review any legal document before signing, especially for high-value or complex matters.
Last updated: March 2026