The Service Level Agreement describes the services' availability that the Company provides within the framework of the agreement concluded between the Company and Customer.
The content of this document applies to both partners as bindingly agreed, with the common goal of being able to serve the end customers or companies efficiently, economically and effectively with the appropriate quality and to clarify the responsibility between the contracting parties.
1. Definitions
— "Affiliate" — of a Party means any juridical person that is (a) directly or indirectly owns or controls the Party, or (b) under the same ownership or direct or indirect control of the Party, or (c) owned directly or indirectly or controlled from the Party, as long as such property or control lasts.
— "Agreement" — means the agreement between the Company and the Customer, consisting of these General Conditions and any other clause applicable to the Cloud Services.
— "SLA" — means the Service Level Agreement for the Cloud Services.
— "Cloud Service(s)" — means cloud-based SaaS (software as a service) IoT Platform services provided by the Company to Customer – MCimate Enterprise, MClimate Home App & MClimate MCloud API.
— "Company" — means the company Melissa Climate Jsc a Bulgarian company with registered office at Gen. Gurko 4 Street, Sofia 1000, Bulgaria.
— "Customer" — means the company that signs the Agreement with the Company.
— "General Terms" — means the General Terms and Conditions for Cloud Services as of December 2022.
— "Intellectual Property Rights" — means all patents, utility models, design rights, copyrights (including the right to modify, modify, develop and assign), trademarks, trade names, inventions, trade secrets, domain names, know-how and any other industrial or intellectual property right (including related applications).
— "Party" — and "Parties" mean jointly and separately the Company and the Client.
— "Fee(s)" — means the compensation paid by the Customer for the license to use the Cloud Services.
— "Web Site" — means the Company's website at https://mclimate.eu
2. General information for the services
2.1 This cooperation takes place in the common processes, the services, the logistics and the required exchange of information. All services to be provided and the products used are subject to the agreements described here.
3. Place of the service provided
3.1 The software support and software maintenance services are provided by remote support. Should an onsite service be required except in exceptional cases (eg. training) this will be agreed separately.
4. Service Level Agreement for the Cloud Services
4.1 Ensures the operation and maintenance of the Software using the following metrics:
| METRIC | GUARANTEED AVAILABILITY PER MONTH |
| Accessibility of the MClimate Enterprise. | 99.9% |
| Accessibility of the MClimate Home App. | 99.9% |
| Accessibility of the MClimate backend APIs. | 99.9% |
Table 1: Definition of the metrics
These metrics are used to ensure the measurability of successful compliance with the Company SLA.
The availability of each measure is considered individually.
5. Exceptions
5.1 Availability is not affected if downtime occurs as part of a Cloud Services update or upgrade. Due to the Cloud Services ordered by Customer, the Company guarantees a maximum downtime of one (1) hour during Cloud Service updates and upgrades.
5.2 The Company reserves the right to schedule Cloud Services updates and upgrades at its convenience. The Customer shall be notified in writing with a minimum of two (2) days notice of the scheduled update time and date.
6. Hosting & App Stores
6.1 If it is proved that the Cloud Service outage is caused by an issue with the underlying subcontracted hosting/App Store provider, the SLA between the Company and Customer is not breached.
7. Penalties on breach of guaranteed availability
7.1 The following table describes the reduction of the service fee in the month after the availability could not be met in the month of occurrence to a percentage dependent on the downtime.
Should the Company be unable to meet the guaranteed SLA availability, the following penalties will apply:
| OUTAGE | REDUCTION OF THE SERVICE FEE |
| After 43min to 8h | 15% |
| After 8h to 24h | 25% |
| After 24h to 72h | 32% |
| After 72h | 40% |
Table 2: Downtime and reduction of the Cloud Service fee
8. Service Desk
8 .1 Service Desk business hours
| SERVICE | BUSINESS HOURS |
| SERVICE DESK | Monday - Friday 08:00 - 18:00* *Applies to work days in Bulgaria. |
Table 3: Service desk business hours.
9. Software Support Service
9.1 Software Support business hours:
| SERVICE | BUSINESS HOURS |
| SERVICE DESK | Monday - Friday 08:00 - 18:00* *Applies to work days in Bulgaria. |
Table 4: Software support business hours.
9. 2 Scope of Service.
The software support of the Company supports the Customer in case of faults or questions about the product.
9.3 The Company will provide the support services after Customer’s personnel have performed the initial analysis and diagnosis and reported the results to the Company. The Company is supported in its work by Customers technicians in further work and solution-finding.
9.4 Remote Support. Support for the Company software is provided via telephone, email or remote access to Customer technicians for troubleshooting, installation and configuration changes. Remote support also includes answering questions about technical features or compatibilities.
9.5 Analysis of Log- and Trace data. Upon request, The Company analyses the data of log or trace files that are created or recorded as part of the error containment. The result will be reported to Customers technicians and used for further error analysis.
9.6 Software Hotfixes and Updates. The Company fixes bugs in the software that are at the expense of The Company and takes over the update of the systems.
10. Software Maintenance
10.1 Software Maintenance business hours:
| SERVICE | BUSINESS HOURS |
| SERVICE DESK | Monday - Friday 08:00 - 18:00* *Applies to work days in Bulgaria. |
Table 5: Software Maintenance business hours
10.2 Scope of Service. With software maintenance, Customer is entitled to new (up-to-date) software versions for the contractual software products and can bring the request for new functions to the Company. The Company continually analyzes the Software to find potential for improvement, enhanced security, expanded functionality, and greater user-friendliness. Suggestions by the Customer will be analyzed and incorporated into the functionality of the Software at the discretion of the Company.
10.3 Categories of software maintenance:
10.6 The bugs fixed with the software package, the requirements met, and any dependencies on other products are provided in the Company update documentation.
10.8 The Company creates software upgrades for the current software version. This is at the discretion of the Company, but typically at least once a calendar year.
10.9 The upgrade packages are distributed by the Company to the Cloud Services of the Customer. The time of distribution is defined solely by the Company with a minimum of two (2) days notice for the Customer.
10.10 The upgrade package includes all previous functions as well as standard product enhancements by the Company according to the roadmap as well as the further development of the LoRaWAN standard according to the LoRa Alliance specification.
10.11 — Scope of security patch obligation
The Company shall make security patches available for all supported Products (including device firmware and Cloud Services) for a minimum of five (5) years from the date each Product is first placed on the EU market, or longer where required by applicable law. This obligation applies regardless of whether the patch is commercially advantageous to the Company.
10.12 — Severity classification
Security vulnerabilities shall be classified by the Company using CVSS v3.1 (Common Vulnerability Scoring System) as follows:
| Severity | CVSS v3.1 Score | Patch Availability Target |
|---|---|---|
| Critical | 9.0 – 10.0 | 30 calendar days from confirmation of vulnerability |
| High | 7.0 – 8.9 | 60 calendar days from confirmation of vulnerability |
| Medium | 4.0 – 6.9 | 90 calendar days from confirmation of vulnerability |
| Low | 0.1 – 3.9 | Next scheduled maintenance release |
"Confirmation of vulnerability" means the date on which the Company's security team verifies that a reported or discovered issue constitutes an exploitable vulnerability.
10.13 — Notification
10.13.1 The Company shall make security patch notifications available no later than the date of patch availability through the following channels:
(a) Public publication — release notes at https://docs.mclimate.eu and security advisories at https://mclimate.eu/pages/security-policy, marked with [SECURITY] and the severity level. This is the primary notification channel and satisfies the Company's obligation under EU CRA (Regulation (EU) 2024/2847) regardless of the Customer's distribution model.
(b) MClimate Enterprise platform — in-platform notification for Customers whose LoRaWAN Network Server is connected to the Enterprise platform at the time of patch availability.
(c) Direct email — where the Customer has provided contact details and given consent to receive product communications, the Company will additionally send notification by email to the Customer's designated contact.
Notification shall include: the severity classification, the affected Products and firmware versions, the nature of the fix (without disclosing exploit details), and instructions for applying the patch. Where the Customer operates through a distributor, it is the distributor's responsibility to ensure downstream notification to end users.
10.13.2 The minimum two (2) days' advance notice requirement in § 10.5 applies to security patches deployed to the Cloud Services backend. For Critical severity patches affecting Cloud Services, the Company may deploy immediately and shorten or waive the advance notice period where immediate deployment is required to prevent active exploitation; in such cases notification via channel (a) shall be made simultaneously with or immediately prior to deployment. This shortened notice provision reflects the primacy of MClimate's obligations under EU CRA (Regulation (EU) 2024/2847) over any conflicting contractual notice period.
For device firmware patches delivered via FUOTA, the Company will make the patch available and notify the Customer in accordance with § 10.13.1, but will not initiate FUOTA on any Customer device without the Customer's explicit consent. Initiating a FUOTA session remains solely at the Customer's discretion via the MClimate Enterprise platform.
10.13.3 Security patches shall be identified with a [SECURITY] marker in all release notes and update documentation, together with the severity level.
10.14 — Customer responsibility for firmware patch delivery
10.14.1 The Company's obligation under § 10.11 is to make security patches available. Application of firmware patches via FUOTA (Firmware Update Over the Air) requires the Customer's LoRaWAN Network Server (LNS) to be connected to the MClimate Enterprise platform. Establishing and maintaining this connectivity is the Customer's responsibility.
10.14.2 The Company publishes integration instructions at https://docs.mclimate.eu. The Customer is responsible for following these instructions to maintain the connectivity required to receive firmware updates. The Company is not liable for unpatched devices where the Customer has failed to establish or maintain the required LNS connectivity.
10.15 — Extended timeline
Where a patch cannot be made available within the timelines in § 10.12 due to technical complexity, the Company shall notify the Customer of the revised target date and the reason for the extension. Extensions shall not exceed thirty (30) additional calendar days without written agreement between the parties. During any extension period, the Company shall provide available mitigations or workarounds where technically feasible.
