Service Level Agreement

Last updated: April 2026

This Service Level Agreement (“SLA”) governs the terms and conditions under which Control Shift Limited provides web services to you as the client. It is important that these terms are fully understood and agreed to prior to requesting any services or signing a client agreement. Any quote accepted and/or services requested will be subject to this SLA.

1. Definitions

“Company”, “us”, “we” and “our” means Control Shift Limited. “Client”, “you” and “your” means the party who utilises the services provided by the Company and accepts the quotation as provided by the Company. “Development services” means any development services requested by the client in respect of the web services, or any remedial or other development services as requested from time to time. “Maintenance services” means the ongoing maintenance and related support services provided by the Company to oversee and manage the web services of the client, which may be included as a monthly plan in the quotation. “Technical support services” means any additional technical support provided to the client at the client’s request, or as otherwise required to successfully implement the web services. “Web services” means the services contained in the quotation provided to you, which may include web development and web hosting services. “SLA” means this Service Level Agreement.

2. Support

We will provide maintenance services in relation to the web services we manage for you, as charged on a monthly basis. It is at our discretion whether any support we provide constitutes maintenance services (included at no additional cost within your plan) or technical support services (charged at the agreed hourly rates as set out in your quotation).

Development services will be provided on request and charged at the agreed hourly rates.

Our standard hours of business are Monday to Friday, 9:00am to 5:30pm, excluding public holidays. We are available by phone and email only.

Response times are variable depending on the nature of the services required and the urgency defined by you. Issues affecting application uptime will be escalated and resolved as a priority. Development services will be completed according to our normal work schedules and capacity.

3. Maintenance

Maintenance services include routine maintenance on servers we manage, performed on a fortnightly schedule. We reserve one hour of server unavailability per month for scheduled maintenance purposes. This scheduled unavailability is excluded from the uptime guarantee calculations in section 6.

The times and days that updates are performed may vary at our discretion according to current workflow and resources. Maintenance that does not affect server availability will typically be performed during normal business hours. Maintenance that could cause disruption will typically be performed during off-peak hours, unless otherwise agreed or in cases of urgent attendance.

Whenever practical, a minimum of 24 hours notice will be provided for any maintenance outside of our usual schedule that could impact availability of your web services.

4. Support Plans

All support plans (Lite, Moderate, and Heavy) include a set number of hours allocated on a monthly basis. Unused hours do not roll over to subsequent months. Any work exceeding the allotted hours will be charged at the standard hourly rate, and an estimate will be provided for approval before proceeding with overage work.

Plans allow for one active request at a time, with additional requests queued until the active request is completed. Clients may upgrade or downgrade their plans, but downgrades will only take effect in the next billing cycle. Each plan requires a three-month minimum term, and plan changes must be requested in writing. Requests covered include development, security, bug fixes, and content updates.

5. Pricing and Payment

The costs of maintenance and support will be invoiced at the quoted and agreed amount, billed either monthly or annually as specified in your quote. All fees are exclusive of GST unless otherwise stated.

All invoices are payable within seven (7) days of the date of issue by electronic funds transfer, unless otherwise agreed in writing. Specific payment milestone dates for project work will be set out in your client agreement.

We review our pricing from time to time and will provide reasonable written notice of any changes before they take effect. Continued use of our services after a price change takes effect constitutes acceptance of the updated pricing.

6. Availability

We guarantee an uptime of 99% for applications hosted on our Virtual Private Servers. We will attempt to rectify the cause of any disruption as quickly as possible to minimise downtime.

Upon written notice from you, if your application availability for a full calendar month falls below the guaranteed uptime level, we will refund 100% of the monthly hosting fee for that month, provided the hosting fees for that month have been paid in full. If paid annually, the refund will be calculated as the annual cost divided by 12.

No refund will be made if the failure to meet guaranteed uptime resulted from any act or omission of the client, their employees, their software or equipment, or any other event or circumstance outside of our direct control.

To verify uptime, we use monitoring services that send HTTP requests to hosted applications every minute, tracking uptime over time and notifying us of any issues. This monitoring is the sole method of calculating uptime for the purposes of the above guarantee.

7. Third-Party Services

We may make use of third-party services as required. Our upstream providers will notify us of any changes affecting availability, which we will relay to you. Issues relating to third-party services are included in our uptime guarantee calculations.

While we have taken reasonable steps to use reputable service providers, we accept no risk or liability arising from the use of such providers, including any security breach. We will notify you of any issues or security breaches as soon as possible after becoming aware of them.

8. DDoS Mitigation

Where possible, we will recommend and/or implement services to help mitigate DDoS (Distributed Denial of Service) attacks, typically including migration of Domain Name Servers to a preferred provider offering this service. In cases of DDoS attacks on applications using shared hosting, we reserve the right to temporarily disable the targeted web service to avoid impacting other applications on the server. We will notify you in writing as soon as we are aware of such an event, and prior to performing any actions that may affect availability, wherever practical.

9. Email Services

We do not provide email hosting, mail server management, or email support of any kind. All email-related services are outside our scope and should be directed to your IT provider. Email services are not included in our uptime guarantee.

10. Bugs and Code Maintenance

While we endeavour to avoid introducing bugs or errors, the nature of web development and software integration is such that issues are sometimes unavoidable. Ongoing maintenance including the resolution of bugs and unexpected behaviours will be invoiced at our standard rates according to the time spent and the type of support provided.

Where your quotation includes a maintenance plan, that plan represents an estimate of maintenance required in the ordinary course. Once the estimated hours are reached, any additional maintenance will be charged at the agreed hourly rate and is payable on presentation of invoice.

11. Client Responsibilities and Access

You are responsible for ensuring that we maintain full administrative access to your website at all times. This includes maintaining our administrator user account in WordPress, ensuring our access credentials remain valid, and notifying us promptly of any changes to login URLs, security configurations, or access methods – including the use of login protection tools such as WP Hide Login or similar plugins. If our access is removed, restricted or altered without our knowledge, we cannot be held responsible for any issues, outages or security vulnerabilities that arise as a result, and any work required to restore access will be charged at our standard rates.

You must not install, activate or remove plugins, themes or other software on your hosted website without consulting us first, unless you are on a care plan that includes content and development access. Installing poorly coded, unsupported or conflicting plugins can cause site instability, security vulnerabilities and data loss. We are not liable for any issues arising from software installed without our knowledge or approval.

If you engage a third-party developer or IT provider to make changes to your hosted website, you do so at your own risk. We are not liable for any damage, data loss, instability or security issues caused by third-party access or modifications. Any remedial work required to restore your website following third-party changes will be assessed and charged at our standard rates.

For websites migrated to our hosting environment or built by a third party, we accept no liability for issues arising from poor code quality, non-standard configurations, unsupported plugins, or practices that do not meet current WordPress best practice. We will flag known issues where possible but remediation is outside the scope of standard hosting and will be quoted separately.

If a plugin used on your website becomes unsupported, abandoned or incompatible with current versions of WordPress, we will notify you and recommend a course of action. If you choose not to act on our recommendation, we accept no liability for any issues, security vulnerabilities or data loss that result from continuing to use unsupported software.

You are responsible for ensuring that any users with WordPress administrator access to your website exercise appropriate care. We are not liable for data loss or site damage caused by actions taken by you, your staff, or any other party granted access to your website – including accidental deletion of content, users, posts or other data. Restoration of data lost through client or third-party actions will be carried out using our most recent available backup and will be charged at our standard rates. Complex restorations, including those involving WooCommerce or other ecommerce configurations, may incur additional charges due to the technical complexity involved.

12. DNS Access and Security Configuration

To provide optimal security and performance for your hosted website, we require access to your domain’s DNS settings and recommend the use of Cloudflare as your DNS provider. Cloudflare enables us to implement additional security protections, performance enhancements and DDoS mitigation that are not available through standard DNS configurations.

If you or your IT provider are unable or unwilling to grant us DNS access or to use Cloudflare, we will still host and maintain your website to the best of our ability, but our ability to guarantee security, performance and uptime may be reduced as a result. In such cases, our standard uptime and security guarantees may not apply in full, and we accept no liability for issues that could have been prevented with full DNS access and Cloudflare in place.

Where you or any third party – including your IT provider – have access to your Cloudflare account or DNS settings, we are not liable for any outages, security vulnerabilities, performance degradation or other issues that result from changes made to those settings without our knowledge or approval. If you intend to make or authorise any changes to your DNS configuration or Cloudflare settings, you must notify us in advance. Any remedial work required to identify and resolve issues caused by unauthorised DNS or Cloudflare changes will be charged at our standard rates.

13. Domain Registration and Renewal

Where we manage your domain registration on your behalf, we will endeavour to notify you ahead of your domain renewal date and to process renewals in a timely manner. However, domain renewals are subject to the availability of valid payment details, registrar systems operating correctly, and other factors that may be outside our direct control. We accept no liability for any loss, disruption or damage arising from a domain failing to renew, including but not limited to website downtime, loss of email access, or loss of the domain name itself.

It is your responsibility to ensure that your billing details held with us are kept up to date, and to respond promptly to any renewal notices we send. If a domain lapses due to outdated payment details or failure to respond to renewal communications, any costs associated with recovering or re-registering the domain will be borne by you.

Where your domain is managed by you or a third party such as your IT provider, we have no visibility over or responsibility for renewal schedules, expiry dates or lapsed registrations. Any disruption arising from a domain not managed by us is entirely outside our scope and responsibility.

14. Security and Hacking

We take reasonable steps to secure all websites hosted with us, including the use of security plugins, server-level protections and monitoring. However, no hosting environment can be guaranteed to be entirely immune from security breaches, hacking attempts or malicious activity.

We are not liable for any security breach, hack, malware infection, or injection of malicious content or pages that results from factors outside our direct control. This includes but is not limited to: vulnerabilities in third-party plugins or themes, weak passwords set by the client or their users, access granted to unauthorised third parties, client-installed software, or attacks that bypass reasonable security measures.

If your website is compromised, we will work with you to restore it from the most recent available backup and investigate the cause where possible. This remediation work will be charged at our standard rates unless it is determined that the breach resulted directly from a failure on our part.

We strongly recommend that all WordPress administrator accounts use strong, unique passwords and two-factor authentication where available. We accept no liability for breaches that result from inadequate password practices by you or your users.

15. Ecommerce and Payment Gateways

Where your website includes ecommerce functionality, payment processing is handled by third-party payment gateways such as Stripe, PayPal or similar providers. These providers maintain their own security standards and PCI DSS compliance. We are responsible only for the technical integration of the payment gateway into your website and are not liable for any security breach, data loss, fraudulent transaction, or failure that occurs within the payment gateway itself.

If your ecommerce store is compromised in a way that affects payment data, you should contact your payment gateway provider directly and immediately. We will assist with website restoration and investigation where we are able, charged at our standard rates.

16. Capacity and Fair Use

All web hosting services are subject to fair use. We expect most clients to fall comfortably within our fair use guidelines. Unreasonable usage is defined as bandwidth, data storage, file storage, CPU, memory or labour exceeding the following thresholds:

• 40GB total bandwidth
• 5GB file storage
• 2GB database storage
• 2 hours labour
• CPU or memory usage exceeding 80% capacity for longer than 30 minutes

Where usage falls outside these limits, we will notify you ahead of any action taken to address it, and work with you to find a solution. This may result in increased costs to maintain your application. Any additional costs outside of the agreed billing amounts will be notified at a minimum of 7 days in advance.

17. Data Backups and Retention

We perform routine backups of all hosted web applications on the following schedule:

• Database: daily
• File storage: daily

Backups are retained for a minimum of four weeks. We ensure any application we host is securely backed up, meaning there is always a reliable method to restore the current version of the application. In the unlikely event of hardware failure resulting in total data loss, we will restore data from the most recent backup as per the schedule above.

Notwithstanding the above, we accept no risk or liability arising from any failure to restore any information or data.

18. Indemnity

By agreeing to this SLA, you agree to waive any and all claims against the Company, its directors, shareholders, employees and agents for any costs, damages or losses howsoever arising, including but not limited to any costs, damages or losses resulting directly or indirectly from your use of our web services or any other goods or services provided by us.

You indemnify and hold the Company harmless for any and all costs, losses or damages incurred by the Company in providing web services or any other goods or services to you, including any costs arising from claims relating to the infringement of any third-party intellectual property rights arising from your use of the web services.

19. Termination

If you wish to move your web services to another provider, we will cooperate and supply exports of data, files and code, along with any information relating to the current hosting environment required for migration. You will be required to pay for the time spent preparing this information and any other time spent on the handover, payable on demand. We reserve the right to retain any data until all outstanding amounts have been paid in full.

You may cancel this SLA on written notice to us. Cancellation will be effective from the first day of the following calendar month. If fees have been paid in advance, they will be refunded except for the calendar month in which the cancellation notice is received.

If you do not pay an invoice by the due date, we reserve the right to suspend all further works and ongoing services – including web hosting – until payment is received in full. All overdue invoices will accrue interest at the BNZ ruling overdraft rate plus 2%, calculated from the due date until payment is received in full.

If you frustrate the progress of any ongoing services or contract with us, we reserve the right to give fourteen (14) days written notice that the agreement will be terminated if the cause of frustration is not remedied. If not remedied within that period, we may terminate and invoice you for the full value of all work carried out to that date, payable on demand.

20. Confidentiality and Privacy

We will treat as confidential all information we become aware of in relation to your business, whether provided electronically or on site. We will comply with the New Zealand Privacy Act 2020 when processing data on your behalf. Please see our Privacy Policy at controlshift.co.nz/privacy-policy for full details.

We require some of your personal details and information to process a quotation and provide services. This information will be handled in accordance with our privacy policy.

21. General

This SLA, together with the quotation, constitutes the entire agreement between the parties in respect of the services covered herein. No variation to this SLA is effective unless made in writing and signed by both parties. All amounts are exclusive of GST unless otherwise specified. You may not transfer or assign your obligations under this SLA without our prior written consent. If any provision of this SLA is found to be invalid or unenforceable, the remaining provisions continue in full force.

You warrant that you are entering into this SLA for trade or business use and that you are in trade. Accordingly, the parties agree to contract out of the provisions of the Consumer Guarantees Act 1993 and the Fair Trading Act 1986 (including sections 9, 12A, 13 and 14(1)), and you acknowledge that it is fair and reasonable to do so.

22. Governing Law

This SLA is governed by the laws of New Zealand. Any disputes will be resolved in the New Zealand courts.

23. Contact

If you have any questions about this SLA, please contact us:

• Email: [email protected]
• Phone: 09 390 7975
• Address: Level 4, 253 Queen Street, Auckland CBD, Auckland 1010