99.9% monthly, with numbers that matter.

cifraHQ Enterprise commits to 99.9% monthly availability of each tenant's application and API plane. That translates to roughly 43 minutes of unplanned downtime per month, maximum. Measurement is taken by external synthetic probes against application endpoints, and the result is published on the status page.

• What counts as downtime. Any period in which external probes cannot complete a basic authenticated read transaction against the tenant for more than 60 consecutive seconds.
• Maintenance windows. Scheduled maintenance announced at least 72 hours in advance does not count against the SLA. Capped at 4 hours per month, outside local business hours when possible.
• Reasonable exclusions. Force majeure, upstream Azure outages, customer actions (changes to customer-controlled DNS, revoked credentials), usage outside documented API parameters, and DDoS attacks targeting the tenant.
• Credit claim. The credit is claimed within 30 calendar days of the affected month via a ticket. Customer Success correlates with the status page and applies the credit on the next invoice.

Every quarter we issue an audit report for Enterprise customers. It isn't a marketing PDF — it's signed excerpts from the real work of the compliance team, with references to audited controls.

• SOC 2 excerpts. Executive summary of the independent auditor's SOC 2 Type I report, with control mapping (CC6.1, CC7.2, CC8.1, A1.2, P1/P3) to cifraHQ's design.
• Pen test summary. Annual penetration test by an independent third party. The report summarizes scope, methodology, findings by severity and remediation status. The detailed version is available under NDA.
• Actual availability. Uptime measured per tenant, quarter over quarter, aligned with historical data on the status page. No averages that hide the bad month.
• Control changes. Any change to security controls, to the SQL principal set (app_rw, audit_admin, readonly_investigator) or to the AuditEvents retention policy is logged with date, author and ticket.