Convesio Service Recovery Policy (SRP)

Effective Date: 3-19-2026
Applies To: Convesio Hosting Platform, ConvesioPay, and related services

1. Purpose

This Service Recovery Policy (“SRP”) defines Convesio’s approach to restoring availability and functionality of its Services following a disruption or failure.

This SRP supports Convesio’s Service Level Agreement (“SLA”) and is incorporated by reference into the Master Services Agreement (“MSA”). This document is intended for informational purposes and does not create additional contractual obligations beyond those expressly set forth in the SLA or MSA.

2. Scope of Services

This policy applies to:

• Managed hosting infrastructure and application services
• ConvesioPay payment orchestration services
• Core platform components required to deliver customer-facing functionality

This policy does not apply to:

• Third-party services outside of Convesio’s control (e.g., payment processors, card networks, DNS providers, cloud infrastructure providers)
• Customer-managed applications, configurations, or integrations
• Issues caused by Customer actions, misuse, or external attacks beyond commercially reasonable mitigation

3. Recovery Objectives

Convesio maintains commercially reasonable recovery objectives aligned with its SLA commitments:

• Recovery Time Objective (RTO): Target time to restore service availability following a qualifying incident
• Recovery Point Objective (RPO): Target maximum data loss measured in time

Specific RTO and RPO targets are defined in the applicable SLA and may vary by service tier.

All recovery objectives are targets, not guarantees, unless explicitly stated otherwise in a signed SLA.

4. Incident Classification

Service disruptions are prioritized based on severity:

• Critical (Severity 1): Complete service outage or major functionality unavailable
• High (Severity 2): Significant degradation impacting multiple customers
• Medium/Low (Severity 3–4): Limited impact or non-critical functionality

Response and recovery efforts are prioritized accordingly.

5. Recovery Procedures

Convesio maintains internal runbooks and automated systems designed to support rapid recovery, including:

• Infrastructure failover across redundant environments (where applicable)
• Restoration from backups and snapshots
• Re-deployment of containerized workloads
• Database recovery and integrity validation
• Traffic rerouting and load balancing

Recovery procedures are periodically tested and updated to reflect evolving infrastructure and threat models.

6. Data Protection & Backups

Convesio performs regular backups of critical system data consistent with its internal data protection standards.

• Backup frequency and retention vary by service and configuration
• Backup restoration is subject to technical feasibility and system state at time of incident

Customers are responsible for maintaining their own backups of application-level data unless otherwise specified in writing.

7. Third-Party Dependencies

Certain components of the Services rely on third-party providers, including:

• Cloud infrastructure providers
• Payment processors and acquiring banks
• Card networks and financial institutions
• DNS and networking providers

Convesio will use commercially reasonable efforts to mitigate and work around third-party failures; however:

👉 Convesio does not guarantee recovery timelines for incidents caused by third-party providers.

8. Payment Services Recovery (ConvesioPay)

For ConvesioPay:

• Transaction processing may be delayed or queued during upstream processor outages
• Settlement and payout timing may be impacted by banking and network constraints
• Convesio does not control or guarantee availability of third-party financial networks

Convesio will take commercially reasonable steps to:

• Preserve transaction integrity
• Resume processing as soon as upstream systems are restored
• Communicate material impacts to customers

9. Communication During Incidents

During a qualifying service disruption, Convesio will:

• Provide status updates via designated communication channels (e.g., status page, email, support tickets)
• Communicate material incidents affecting service availability

Convesio is not obligated to provide real-time updates or detailed forensic information beyond what is commercially reasonable and appropriate.

10. Testing and Continuous Improvement

Convesio periodically reviews and tests its recovery capabilities, including:

• Failover and restoration procedures
• Backup integrity validation
• Incident response workflows

Improvements are made based on testing outcomes, incident learnings, and infrastructure evolution.

11. Limitations

This SRP is subject to the limitations and disclaimers set forth in the MSA and SLA, including:

• Exclusions for force majeure events
• Limitations of liability
• Service credits as the sole remedy for SLA failures (if applicable)

12. Changes to This Policy

Convesio may update this SRP from time to time to reflect changes in its infrastructure, services, or operational practices. The most current version will be made available upon request or via Convesio’s website.