Terms of Service

Haijing Security DDoS Protection Service Level Agreement

Haijing Security DDoS Protection Service Level Agreement

Version: V1.0

Applicable to: Online service users and/or their designated customers

Service provider: Haijing Security

Effective date: As agreed in the master agreement, order, or written confirmation between the parties

1. Agreement Description

This Haijing Security DDoS Protection Service Level Agreement (the "SLA") is an important part of the master agreement, order, service description, supplemental agreement, or other written document signed between Haijing Security and online service users and/or their designated customers.

This SLA defines the service levels, service availability, DDoS attack notification, customer support, compensation standards, and exclusions that Haijing Security commits to providing for DDoS protection services during the valid contract term.

Unless otherwise agreed in writing, this SLA remains effective during the contract term. If the contract is renewed, the then-current SLA version of Haijing Security at the start of the renewal term applies to the entire renewal term.

2. Definitions

2.1 Haijing Security Platform

"Haijing Security Platform" means the collection of servers, network devices, scrubbing devices, scheduling systems, monitoring systems, management consoles, related software, and other infrastructure controlled, operated, or managed by Haijing Security to provide DDoS protection, traffic scrubbing, attack monitoring, alert notification, and other services to online service users and/or their designated customers.

2.2 Services

Services mean DDoS protection, traffic scrubbing, attack monitoring, alert notification, and related security support services provided for IP addresses, domain names, business systems, public network egress, dedicated links, interconnection links, or other network resources designated by online service users and/or their designated customers, including but not limited to:

  • DDoS attack detection;
  • attack traffic identification, diversion, and scrubbing;
  • clean business traffic return;
  • attack alert notification;
  • protection policy configuration, adjustment, and optimization;
  • public network egress quality;
  • dedicated link quality;
  • security incident response and support;
  • other related services agreed by the parties in writing.

2.3 Platform Outage

"Platform Outage" means a situation where the Haijing Security Platform is completely unavailable for at least 5 consecutive minutes due to causes attributable to the Haijing Security Platform itself, and such unavailability affects the normal use of the services by online service users and/or their designated customers.

The following situations do not constitute a Platform Outage:

  • temporary exceptions in the management console, report display, or non-core functions that do not affect the normal operation of protection services;
  • unavailability caused by customer-side, online-service-user-side, third-party network, origin server, DNS, link, configuration error, or similar causes;
  • unavailability caused by maintenance, upgrades, changes, attacks exceeding the agreed protection capacity, force majeure, or similar causes;
  • other exclusions specified in this SLA.

2.4 Platform Availability Percentage

The Platform Availability Percentage is calculated by calendar month using the following formula:

Platform Availability Percentage = (total minutes in the month - Platform Outage minutes in the month) / total minutes in the month × 100%

2.5 Service Outage

"Service Outage" means a situation where the purchased and correctly configured DDoS protection service, network egress, and dedicated link of online service users and/or their designated customers are completely unavailable for at least 5 consecutive minutes due to causes attributable to Haijing Security.

A Service Outage must meet all of the following conditions:

  • the service object has been specified in a contract, order, or written document;
  • the service object has completed access and configuration;
  • the unavailability is directly caused by the Haijing Security Platform, protection node, or scrubbing service;
  • online service users and/or their designated customers cannot normally obtain the agreed DDoS protection capability;
  • egress bandwidth resources are unavailable;
  • the situation does not fall under the exclusions specified in this SLA.

2.6 Service Availability Percentage

The Service Availability Percentage is calculated by calendar month using the following formula:

Service Availability Percentage = (total minutes in the month - Platform Outage minutes in the month) / total minutes in the month × 100%

2.7 DDoS Attack

"DDoS Attack" means an abnormal traffic event detected and determined as malicious by Haijing Security, usually shown as an abnormal surge in customer business traffic for 5 consecutive minutes or longer where the abnormal surge traffic reaches or exceeds 30% of total traffic, or any other distributed denial-of-service attack scenario that meets the identification rules of Haijing Security's attack detection system.

DDoS Attack types include but are not limited to:

  • SYN Flood;
  • UDP Flood;
  • ICMP Flood;
  • ACK Flood;
  • DNS Query Flood;
  • HTTP/HTTPS Flood;
  • CC attack;
  • reflection and amplification attacks;
  • hybrid attacks;
  • other malicious traffic attacks that may cause business unavailability or service quality degradation.

2.8 DDoS Attack Protection

"DDoS Attack Protection" means the service process in which, when online service users and/or their designated customers suffer a DDoS Attack, Haijing Security identifies, filters, scrubs, rate-limits, or blocks abnormal attack traffic based on the agreed protection capacity and protection policies, and returns normal business traffic to the customer origin server or designated network resources.

2.9 DDoS Attack Notification

"DDoS Attack Notification" means an attack alert or event notification sent by Haijing Security to online service users and/or their designated customers through the console, user center, SMS, email, API, instant messaging tool, ticket system, or other agreed method after detecting a qualifying DDoS Attack event.

2.10 Monthly Service Fee

"Monthly Service Fee" means the service fee actually paid or payable to Haijing Security by online service users and/or their designated customers for the affected service in a calendar month, excluding one-time fees, installation and deployment fees, custom development fees, professional service fees, third-party fees, taxes, historical arrears, liquidated damages, or other non-recurring fees.

The SLA monthly service fee penalty applies only to the business actually affected by the fault or event. Normal business not affected by the event is not included in the monthly service fee penalty calculation.

3. Service Level Commitments

3.1 Platform Availability Commitment

Haijing Security commits that the monthly platform availability of the Haijing Security Platform will be no less than 99.99%.

If Haijing Security fails to meet the above platform availability commitment and the situation does not fall under the exclusions specified in this SLA, online service users and/or their designated customers have the right to apply for service compensation in accordance with Section 7 of this SLA.

3.2 Service Availability Commitment

Haijing Security commits that the monthly service availability of the DDoS protection service will be no less than 99.95%.

If Haijing Security fails to meet the above service availability commitment and the situation does not fall under the exclusions specified in this SLA, online service users and/or their designated customers have the right to apply for service compensation in accordance with Section 7 of this SLA.

3.3 DDoS Attack Notification Commitment

Haijing Security commits that, after detecting and confirming a DDoS Attack, it will send an attack notification to online service users and/or their designated customers within no more than 5 minutes.

If Haijing Security fails to perform the above attack notification commitment and the situation does not fall under the exclusions specified in this SLA, online service users and/or their designated customers have the right to apply for service compensation in accordance with Section 7 of this SLA.

3.4 Customer Support Commitment

Haijing Security commits to providing 24×7 customer support.

Support methods include but are not limited to:

  • ticket;
  • telephone;
  • email;
  • instant messaging tool;
  • dedicated service group;
  • other methods agreed by the parties.

Haijing Security support email: hy.swzx@hiddos.cn

3.5 Service Quality During Attacks

During a DDoS Attack and for a short period after the attack ends, affected IP addresses, domain names, or business systems may experience increased latency, packet loss, connection jitter, partial access failure, or similar issues.

Haijing Security will, based on the agreed protection capacity, existing technical capabilities, and commercially reasonable efforts, assist online service users and/or their designated customers in reducing the impact of attacks on business, but does not commit to completely eliminating latency, packet loss, jitter, or access quality degradation during attacks.

If the service is in normal protection status but access quality decreases due to the attack itself, attack scale, attack type, origin server performance, customer architecture, link quality, third-party networks, or similar causes, such situation does not automatically constitute a Service Outage under this SLA.

4. Service Statistics and Calculation Rules

4.1 Statistical Period

Platform availability, service availability, and related service compensation under this SLA are calculated by calendar month.

4.2 Outage Time Calculation

Outage time starts from the time confirmed by the Haijing Security monitoring system, a monitoring system jointly confirmed by both parties, or valid fault evidence submitted by online service users and/or their designated customers and confirmed by Haijing Security, and ends when the service returns to normal or the relevant impact is eliminated.

If the parties dispute the outage time, the following information should be considered comprehensively:

  • Haijing Security monitoring system data;
  • online service user monitoring system data;
  • customer-side business logs;
  • network probe data;
  • Traceroute, MTR, Ping, Curl, and other test records;
  • ticket records;
  • alert records;
  • other reasonably available technical evidence.

4.3 Multiple Outage Events

If multiple valid Service Outage events occur in the same calendar month, the Service Outage duration may be accumulated.

However, continuous impact caused by the same cause, the same attack event, or the same faulty link should be treated as one Service Outage event.

4.4 No Duplicate Compensation

If the same event triggers multiple SLA metrics such as platform availability, service availability, or attack notification, compensation will not be calculated repeatedly. The highest compensation standard available for the corresponding event will apply.

5. Cooperation Obligations of Customers and Online Service Users

To ensure the normal operation of DDoS protection services, online service users and/or their designated customers must perform the following cooperation obligations:

  • correctly configure high-defense IPs, domain name resolution, CNAME, origin addresses, ports, protocols, protection policies, and other settings as required by Haijing Security;
  • provide true, accurate, complete, and valid origin server information, contact information, alert receiving methods, and business information;
  • ensure that the origin server has reasonable business carrying capacity;
  • not proactively bypass Haijing Security protection nodes to directly expose the origin server;
  • not include businesses that have not been purchased, authorized, or connected in the scope of SLA claims;
  • promptly provide necessary logs, test results, network link information, and troubleshooting cooperation when a fault or attack event occurs;
  • pay service fees in a timely manner as agreed in the contract;
  • comply with laws, regulations, regulatory requirements, and service use rules agreed by the parties.

If service abnormalities, service unavailability, reduced attack protection effect, or notification failure is caused by the failure of online service users and/or their designated customers to perform the above obligations, Haijing Security will not bear the corresponding SLA liability.

6. Exclusions

Any of the following situations will not be included in Platform Outage, Service Outage, or SLA compensation:

6.1 Trial, Testing, and Configuration Stage

  • the service is in a trial period, testing period, proof-of-concept period, or POC stage;
  • the service has not been officially activated, connected, or accepted;
  • the service is in the process of configuration, debugging, migration, or change.

6.2 Customer or Online Service User Side Causes

  • online service users and/or their designated customers fail to configure high-defense IPs, domain names, DNS, origin addresses, ports, protocols, or protection policies as agreed;
  • online service users and/or their designated customers provide incorrect, invalid, or incomplete origin server information;
  • customer origin server failure, insufficient origin server resources, application abnormalities, database abnormalities, or system configuration errors;
  • customer-side network, data center, carrier line, BGP routing, DNS, CDN, load balancer, firewall, WAF, business system, or similar abnormalities;
  • the customer proactively changes configuration without timely notifying Haijing Security, or fails to make configuration adjustments according to Haijing Security's recommendations;
  • customer security policies, allowlists/blocklists, access control, rate limiting policies, or similar configurations restrict normal access.

6.3 Attacks Exceeding the Agreed Protection Scope

  • attack traffic exceeds the protection bandwidth, scrubbing capacity, or protection scope agreed in the contract, order, or written document;
  • the attack type exceeds the protection capability agreed by the parties;
  • the attack target is not a protected IP, domain name, or resource agreed in the contract or order;
  • attacks cause unavailability of upstream carriers, third-party links, customer origin servers, or other resources outside Haijing Security's control.

6.4 Planned Maintenance and Emergency Maintenance

  • system maintenance, upgrades, cutovers, capacity expansion, tuning, or changes notified by Haijing Security in advance;
  • emergency maintenance performed to fix security vulnerabilities, eliminate major risks, respond to regulatory requirements, or handle urgent security events;
  • maintenance, migration, configuration change, or joint debugging operations implemented with the cooperation of online service users and/or their designated customers.

6.5 Force Majeure and External Factors

  • natural disasters, war, terrorist attacks, social abnormal events, government actions, regulatory requirements;
  • large-scale internet failures, carrier failures, backbone network failures, domain name system failures;
  • abnormalities of third-party services, third-party software, third-party platforms, third-party devices, or open-source components;
  • service restriction or interruption caused by laws, regulations, policies, regulatory measures, or administrative orders;
  • other events that Haijing Security cannot reasonably control, cannot reasonably foresee, or cannot avoid even if reasonably foreseen.

6.6 Violating Use or Security Risks

  • online service users and/or their designated customers use the service for illegal, non-compliant, infringing, attacking, scanning, spam, fraud, gambling, pornography, malware distribution, or similar activities;
  • service abnormalities caused by leakage of customer accounts, keys, passwords, API Tokens, or improper permission management;
  • attack expansion or business damage caused by the customer's failure to promptly fix vulnerabilities or implement security hardening recommendations;
  • Haijing Security suspends, restricts, or terminates the service according to laws, regulations, regulatory requirements, judicial authorities, administrative authorities, or security management requirements.

7. Service Compensation

7.1 Compensation Form

If Haijing Security fails to meet the service levels specified in this SLA and Haijing Security verifies and confirms that the compensation conditions are met, Haijing Security will provide compensation to online service users and/or their designated customers in the form of service credit, service extension, service voucher, bill credit, or another form confirmed by the parties in writing.

Unless otherwise agreed in writing, SLA compensation will not be refunded in cash.

7.2 Compensation Cap

In the same calendar month, the total compensation available to online service users and/or their designated customers under this SLA will not exceed 12% of the monthly service fee corresponding to the affected service in that calendar month.

SLA compensation is Haijing Security's sole and entire liability for failure to meet service levels, unless the master agreement between the parties expressly provides otherwise.

7.3 Service Outage Compensation Standard

When a valid Service Outage event occurs, compensation is calculated according to the accumulated Service Outage duration in that calendar month:

Monthly accumulated Service Outage durationCompensation ratio
4.32 minutes < outage duration ≤ 4 hours3% of the monthly service fee
4 hours < outage duration ≤ 8 hours5% of the monthly service fee
8 hours < outage duration ≤ 12 hours8% of the monthly service fee
outage duration > 12 hours12% of the monthly service fee

7.4 Compensation for Platform Availability Not Met

If monthly platform availability is lower than 99.99% and such failure actually affects the use of the service by online service users and/or their designated customers, compensation will be provided according to the corresponding standard in Section 7.3 of this SLA.

7.5 Compensation for Service Availability Not Met

If monthly service availability is lower than 99.95% and the situation does not fall under the exclusions, compensation will be provided according to the corresponding standard in Section 7.3 of this SLA.

7.6 Compensation for DDoS Attack Notification Not Met

If Haijing Security fails to send an attack notification within 5 minutes after detecting and confirming a DDoS Attack, and this causes actual impact on online service users and/or their designated customers, compensation may be provided according to the impact confirmed by the parties after Haijing Security verifies and confirms it.

Unless otherwise agreed in writing, compensation for a single failure to meet the DDoS Attack notification commitment will not exceed 3% of the monthly service fee of the affected service for that month, and will be included in the monthly compensation cap specified in Section 7.2 of this SLA.

8. Claim Process

8.1 Claim Submission

If online service users and/or their designated customers believe that an event meeting the SLA compensation conditions has occurred, they must submit a written claim application to Haijing Security within thirty (30) days from the date of the event.

The claim application should be sent to:

hy.swzx@hiddos.cn

and the corresponding Haijing Security business representative, customer success manager, or technical support lead should be contacted at the same time.

8.2 Claim Materials

The claim application should include at least the following:

  • customer name, contact person, and contact information;
  • order number, contract number, or service identifier of the affected service;
  • affected IP, domain name, port, protocol, or business system;
  • event start time, end time, and duration;
  • description of the event symptoms;
  • description of business impact;
  • network test records, including but not limited to Ping, Traceroute, MTR, Curl, access logs, and similar records;
  • customer-side monitoring screenshots or logs;
  • monitoring, alert, or ticket records related to online service users;
  • measures taken by the customer to resolve the event;
  • other materials helpful for Haijing Security to verify the event.

8.3 Claim Review

After receiving complete claim materials, Haijing Security will verify the event based on reasonably available information, including but not limited to:

  • Haijing Security Platform monitoring data;
  • scrubbing node logs;
  • attack detection records;
  • alert notification records;
  • materials submitted by the customer;
  • related records on the online service user side;
  • third-party network or carrier information;
  • other reasonable evidence.

Haijing Security will determine in good faith whether an SLA event exists, whether it falls under an exclusion, and whether it meets the compensation conditions, and will reply with the final handling opinion by email, ticket, or another method agreed by the parties.

8.4 Late Submission

If online service users and/or their designated customers do not submit a claim application within thirty (30) days from the date of the event, they are deemed to have waived the right to apply for SLA compensation for that event.

8.5 Fee Credit

Confirmed SLA compensation is generally used to offset subsequent service fees and may not be transferred, cashed out, or used to offset fees for unaffected services, unless otherwise agreed in writing by the parties.

9. Service Change, Suspension, and Termination

9.1 Service Change

Due to business adjustment, architecture optimization, capacity expansion, network scheduling, security policy adjustment, or similar reasons, Haijing Security may make necessary changes to the services. For major changes that may affect service availability, Haijing Security should use reasonable efforts to notify online service users and/or their designated customers in advance.

9.2 Service Suspension

If any of the following situations occurs, Haijing Security has the right to suspend or restrict the service and will not bear SLA liability:

  • online service users and/or their designated customers fail to pay as agreed in the contract;
  • the customer's use of the service violates laws, regulations, regulatory requirements, or the parties' agreement;
  • the customer's business has major security risks and is not remediated in a timely manner;
  • continuing to provide the service may endanger the Haijing Security Platform, other customers, or public internet security;
  • judicial authorities, administrative authorities, regulators, or laws and regulations require suspension or restriction of the service;
  • other suspension circumstances agreed by the parties.

9.3 Service Termination

After service termination, this SLA no longer applies to the terminated service. SLA compensation applications that occurred before service termination and meet the conditions will still be handled according to this SLA.

10. Limitation of Liability

Unless the master agreement between the parties expressly provides otherwise, Haijing Security's liability under this SLA is limited to the service compensation specified in this SLA.

Haijing Security is not liable for the following losses:

  • indirect losses;
  • lost profits;
  • goodwill losses;
  • data loss;
  • derivative losses caused by business interruption;
  • third-party claims;
  • losses caused by attacks, customer configuration, origin server failures, third-party networks, or force majeure;
  • other losses not directly caused by Haijing Security's intentional misconduct or gross negligence.

11. Miscellaneous

11.1 Agreement Priority

If this SLA is inconsistent with the master agreement, order, or supplemental agreement between the parties, the more effective or more specific provisions in the master agreement, order, or supplemental agreement signed by the parties will prevail. If there is no clear agreement, this SLA will prevail.

11.2 SLA Updates

Haijing Security has the right to update this SLA according to service capability, product form, laws and regulations, regulatory requirements, or business needs. The updated SLA will be published or notified through the official website, written notice, email, ticket, or another method agreed by the parties.

For effective orders, unless otherwise agreed in writing, SLA updates will not reduce the core service level commitments already enjoyed by the customer during the current service period.

11.3 Dispute Resolution

Disputes arising from this SLA should be resolved by friendly negotiation between the parties. If negotiation fails, the dispute resolution method agreed in the master agreement between the parties will apply.

12. Contact

Service provider: Haijing Security

Support email: hy.swzx@hiddos.cn

Service hours: 24×7

Other contact methods: As specified in the contract, order, service group, or written confirmation between the parties.