Contracts

Hosting Services Agreement

Document ID: WBL-CTR-HST-[ID]-v1.0

Hosting Services Agreement

Document ID: WBL-CTR-HST-[ID]-v1.0 Agreement Date: [DATE] Service Start Date: [DATE] Client: [CLIENT LEGAL NAME] Hosting Plan: ☐ Starter ☐ Professional ☐ Business ☐ Enterprise

Parties

Service Provider:

Webility ("Agency", "Host") [Legal Business Name, Registered Address] Email: hosting@webility.local | legal@webility.local

Client:

[CLIENT LEGAL NAME] ("Client") [Registered Address, Represented by: Name, Title, Email]

1. Hosting Services

1.1 Plan Details

Feature	Starter	Professional	Business	Enterprise
Monthly fee	[AMOUNT]	[AMOUNT]	[AMOUNT]	Custom
Websites	1	1	1	Multiple
SSD Storage	5 GB	20 GB	50 GB	Custom
Monthly Bandwidth	50 GB	200 GB	500 GB	Unlimited
Server type	Shared	VPS	VPS + CDN	Dedicated
Daily backups	✓	✓	✓	✓
Backup retention	30 days	60 days	90 days	365 days
Free SSL	✓	✓	✓	✓
DDoS protection	Basic	Standard	Advanced	Enterprise
CDN	—	—	✓	✓
Managed server updates	✓	✓	✓	✓
Support response	2 business days	1 business day	4 business hours	1 hour
Uptime SLA	99.5%	99.9%	99.95%	99.99%

1.2 Hosting Region

Primary server region: ☐ Canada (Montreal) ☐ USA (East) ☐ USA (West) ☐ EU (Frankfurt) ☐ EU (Paris) ☐ UK (London) ☐ Other: ___

Data residency confirmation: By selecting a region, the Client confirms that hosting in this region is appropriate for their data processing obligations under applicable privacy law. The Agency does not verify the Client's data residency compliance obligations.

1.3 Domain & DNS

Domain registration is not included in this Agreement. The Client is responsible for registering and renewing their domain independently.
The Agency will configure DNS records required for hosting upon written request.
The Client must authorize all DNS changes in writing.
Domain expiry causing website downtime is not covered by the uptime SLA and is solely the Client's responsibility.

1.4 Email Hosting

Email hosting (mailboxes, email forwarding, SMTP) is not included in this Agreement unless explicitly added by written amendment. This Agreement covers web hosting only.

2. Service Level Agreement

2.1 Uptime Guarantee

The Agency guarantees the following uptime levels, measured monthly:

Plan	Uptime Guarantee
Starter	99.5% (≤ ~3.6 hours downtime/month)
Professional	99.9% (≤ ~43 minutes downtime/month)
Business	99.95% (≤ ~22 minutes downtime/month)
Enterprise	99.99% (≤ ~4.3 minutes downtime/month)

Measurement: Uptime is measured by the Agency's monitoring system from the hosting environment. It does not include network latency at the Client's end, CDN delivery issues outside the primary infrastructure, or any exclusion listed in Section 2.2.

2.2 Uptime SLA Exclusions

The following events are excluded from uptime SLA calculations:

Scheduled maintenance windows (48-hour advance notice provided)
Emergency security patches (applied immediately; notice provided as soon as practicable)
Force Majeure events (natural disasters, datacenter power failures, major ISP outages, etc.)
DDoS attacks exceeding the mitigation capacity of the Client's hosting plan
Issues caused by the Client's own content, code, database queries, or plugins (e.g., a plugin running a resource-intensive query that causes a PHP crash)
Issues caused by the Client or third parties unauthorized by the Agency making server-side changes
Domain expiry, DNS misconfiguration caused by the Client's registrar, or propagation delays
Third-party CDN, SSL authority, or DNS provider outages
Actions required by law, regulation, or court order
Client failure to pay invoices resulting in service suspension

2.3 SLA Breach Remedies

If uptime falls below the guaranteed level, the Client is entitled to a service credit:

Uptime Achieved	Credit (as % of monthly fee)
99.0% – [SLA threshold]	10% credit
98.0% – 98.99%	20% credit
95.0% – 97.99%	40% credit
Below 95.0%	100% credit

How to claim: Submit a written credit request to hosting@webility.local within 15 days of the month in which the breach occurred, including the dates and times of observed downtime. The Agency will verify against monitoring logs.

Credits are applied to the next invoice. They are not refundable as cash. Total credits in any month are capped at 100% of the monthly fee.

2.4 Scheduled Maintenance

Standard window: [Tuesday / Thursday], [11pm–2am Agency local time] — max [2] hours
48-hour advance notice for all scheduled maintenance
Emergency maintenance may occur without advance notice for critical security patches

3. Client's Website & Content Obligations

3.1 Acceptable Content

All content hosted on the Agency's servers must comply with the Agency's Acceptable Use Policy (WBL-POL-AUP-v1.0). Prohibited content includes but is not limited to: illegal content, CSAM, malware distribution, copyright-infringing material, spam relay, and content that facilitates fraud or harassment.

3.2 Resource Use

The Client's website must not consume server resources in a way that: (a) Degrades the performance or availability of other clients on shared infrastructure; (b) Consistently exceeds the CPU, memory, or I/O limits of the Client's plan; (c) Generates excessive database queries (more than [X,000] queries/hour on Starter/Professional plans).

If resource overuse is detected, the Agency will:

Notify the Client in writing with details of the excess resource consumption
Give the Client [5] business days to resolve the issue
If unresolved: throttle resources, require a plan upgrade, or suspend the account

3.3 Security of Client's Application

The Agency manages the server infrastructure security (OS patches, firewall, server software). The Client is responsible for the application-layer security of their own website:

Keeping CMS core, themes, and plugins updated (unless covered by a Maintenance Plan)
Using strong, unique passwords for all CMS accounts
Not installing nulled, pirated, or untrusted plugins/themes
Configuring appropriate permissions on files and directories
Ensuring application code does not introduce SQL injection, XSS, or other vulnerabilities

If the Client's website is compromised due to application-layer vulnerabilities (e.g., outdated plugin, weak password, malicious code introduced by the Client), malware removal and remediation are not included in this hosting plan and will be quoted separately.

3.4 Bandwidth Overages

If the Client's website exceeds the monthly bandwidth allocation:

Starter / Professional: Overage billed at [RATE] per additional GB, invoiced at month-end
Business: First [X] GB overage at no charge; billed at [RATE]/GB thereafter
Enterprise: Negotiated per agreement

The Agency will notify the Client when bandwidth reaches 80% of the monthly allocation.

3.5 Storage Overages

Storage beyond the plan limit is billed at [RATE] per additional GB/month. The Agency will notify the Client when storage reaches 80% of the plan limit.

4. Backups

4.1 Backup Scope

Daily automated backups include:

Full website files (public_html / application directory)
Database(s) associated with the hosted website
Email data (if email hosting is included)
Server configuration files relevant to the Client's site

Backups are stored in a geographically separate location from the primary server.

4.2 Backup Restoration

Plan	Restoration Time	Cost
Starter	Best effort (up to 2 business days)	Included (1 restore/month)
Professional	1 business day	Included (2 restores/month)
Business	4 business hours	Included (unlimited)
Enterprise	1 hour	Included (unlimited)

Additional restores beyond the included quota: [RATE] per restoration.

4.3 Backup Limitations

(a) Backups are a safety net, not a replacement for version control: For code, the Client should maintain a separate version control repository (Git). Backups restore the server state but may not reflect the latest development changes if the Client self-manages code deployment.

(b) Backup age: Restoration restores to a point in time. Data entered or modified after the backup point will be lost. The Client is responsible for re-entering any such data.

(c) Backup integrity: The Agency tests backup integrity monthly. However, the Agency does not guarantee that every backup will be perfectly restorable in all circumstances (e.g., database corruption that occurred before the backup was taken).

(d) Client-generated data loss: If the Client deletes content from the CMS, database, or server and requests a restore, the restoration cost applies per Section 4.2.

(e) No backup guarantee for data not in scope: Data stored in third-party services integrated with the website (external CRMs, SaaS databases, email marketing platforms, cloud storage services) is not backed up under this Agreement.

5. Security

5.1 Agency-Managed Security Controls

The Agency implements the following server-level security controls:

Control	Implementation
Firewall	Network-level and application-level firewall rules
DDoS mitigation	Per plan capacity
Malware scanning	Server-level file scanning (Business and Enterprise plans)
SSL/TLS	TLS 1.2+ enforced; TLS 1.0/1.1 disabled
Security headers	HSTS, X-Frame-Options, CSP (basic) configured at server level
Intrusion detection	Log monitoring for brute force and suspicious access patterns
Server OS patching	Critical patches applied within [72] hours of release

5.2 Security Incident Response

If the Agency detects or becomes aware of a security incident affecting the Client's hosting environment:

(a) Client is notified within 4 hours of confirmed incident (P1 priority) (b) Agency takes immediate containment action (isolating the affected environment if necessary) (c) Agency provides a written incident report within 48 hours (d) Remediation is performed: server-level issues at no charge; application-level issues (see Section 3.3) billed separately

5.3 Client's Security Obligations

Never share hosting credentials with unauthorized parties
Use SFTP or SSH key authentication (not plain FTP) for file transfers
Immediately notify the Agency at security@webility.local if credentials are compromised
Do not attempt to access or test other clients' hosting environments
Do not run cryptocurrency mining software, botnet software, or other resource-abusing applications

6. Migration & Setup

6.1 Initial Setup

Upon signing and receipt of the first payment, the Agency will:

Provision the hosting environment within [2] business days
Configure SSL certificate
Configure backup system
Set up monitoring
Provide the Client with server credentials via secure transfer

6.2 Website Migration

Website migration from an existing host is: ☐ Included — the Agency will migrate the existing website and database ☐ Not included — the Client is responsible for migrating their website to the new environment

If migration is included:

Migration is performed on a staging basis (new environment tested before going live)
DNS cutover is performed only after the Client confirms the migrated site is functioning correctly
The Client is responsible for DNS propagation timing (typically 24–48 hours globally; some regions may take longer)
Old hosting account: The Client should not cancel their old hosting account until the migration is fully confirmed — typically [5] business days after DNS cutover

6.3 Migration Exclusions

Not included in migration (even if migration is included):

Migrating email accounts or mailboxes to a new email host
Migrating third-party SaaS data (CRM, ERP, etc.)
Reconfiguring website code to work on the new platform/stack if incompatible
Migrating more than [X] GB of data without a written amendment

7. Fees & Billing

7.1 Monthly Fee

Hosting Plan: [PLAN NAME] Monthly Fee: [CURRENCY] [AMOUNT]/month (exclusive of taxes) Setup Fee (one-time, if applicable): [CURRENCY] [AMOUNT]

7.2 Billing

First month's fee + setup fee due on signing, before provisioning
Subsequent months invoiced on the 1st business day of each month
Due within 15 days; auto-billing available and recommended

7.3 Suspension for Non-Payment

If any invoice is 15 days past due: (a) Written notice is sent to the Client's billing contact (b) If payment is not received within 7 days of notice, hosting is suspended (website goes offline) (c) A [AMOUNT] reactivation fee applies to restore service after suspension (d) If payment is not received within 30 days of suspension notice, the hosting account may be terminated and data deleted after a 15-day final notice

The Agency is not responsible for any business losses resulting from suspension due to non-payment.

7.4 Termination & Data Retrieval

Upon termination of this Agreement (by either Party):

A 30-day data retrieval window is provided during which the Client may download all files and databases
After 30 days, all data is securely deleted
The Agency is not liable for data loss if the Client fails to retrieve data within the window
No refunds for unused portions of pre-paid months after termination

8. Term & Cancellation

8.1 Initial Term

Minimum term: [1 month] (month-to-month by default; annual plans available at 10% discount)

8.2 Cancellation

Client may cancel with 30 days' written notice to hosting@webility.local
Cancellation is effective at the end of the current billing cycle
No partial-month refunds
Annual plans: non-cancellable mid-term; upon expiry, month-to-month unless renewed

8.3 Agency Termination Rights

The Agency may terminate immediately for: non-payment (after notice); AUP violation; illegal content discovered on the server; actions required by law; or any event posing an imminent security risk to shared infrastructure.

9. Limitation of Liability

THE AGENCY'S TOTAL LIABILITY FOR ANY CLAIM UNDER THIS AGREEMENT SHALL NOT EXCEED THE TOTAL HOSTING FEES PAID BY THE CLIENT IN THE THREE (3) MONTHS PRECEDING THE CLAIM. THE AGENCY IS NOT LIABLE FOR LOST REVENUE, LOST DATA, BUSINESS INTERRUPTION, OR REPUTATIONAL HARM ARISING FROM HOSTING OUTAGES, SECURITY INCIDENTS, OR SERVICE SUSPENSION.

The SLA remedies in Section 2.3 are the Client's sole remedy for uptime breaches.

10. Confidentiality, Data Protection, Governing Law & General

Confidentiality: Agency treats all Client data and credentials with confidentiality (5-year post-termination obligation)
Data protection: Agency acts as data processor; Client is data controller for end-user data. A DPA is available upon request.
Governing law: [Province/State, Country]
Disputes: Good-faith negotiation, then mediation, then litigation in courts of [City, Province/State, Country]
Entire agreement: This Agreement, the AUP, and the Privacy Policy constitute the entire agreement for hosting services
Electronic signatures: Valid and binding

Signatures

Webility LLC

Signature: ___________________________ Date: _______________ Name / Title: ___________________________

[CLIENT LEGAL NAME]

Signature: ___________________________ Date: _______________ Name / Title: ___________________________

Webility — WBL-CTR-HST-[ID]-v1.0

Back to all policies

Legal Library

Contracts

Hosting Services Agreement

Document ID: WBL-CTR-HST-[ID]-v1.0

Hosting Services Agreement

Parties

Service Provider:

Webility ("Agency", "Host") [Legal Business Name, Registered Address] Email: hosting@webility.local | legal@webility.local

Client:

[CLIENT LEGAL NAME] ("Client") [Registered Address, Represented by: Name, Title, Email]

1. Hosting Services

1.1 Plan Details

Feature	Starter	Professional	Business	Enterprise
Monthly fee	[AMOUNT]	[AMOUNT]	[AMOUNT]	Custom
Websites	1	1	1	Multiple
SSD Storage	5 GB	20 GB	50 GB	Custom
Monthly Bandwidth	50 GB	200 GB	500 GB	Unlimited
Server type	Shared	VPS	VPS + CDN	Dedicated
Daily backups	✓	✓	✓	✓
Backup retention	30 days	60 days	90 days	365 days
Free SSL	✓	✓	✓	✓
DDoS protection	Basic	Standard	Advanced	Enterprise
CDN	—	—	✓	✓
Managed server updates	✓	✓	✓	✓
Support response	2 business days	1 business day	4 business hours	1 hour
Uptime SLA	99.5%	99.9%	99.95%	99.99%

1.2 Hosting Region

Primary server region: ☐ Canada (Montreal) ☐ USA (East) ☐ USA (West) ☐ EU (Frankfurt) ☐ EU (Paris) ☐ UK (London) ☐ Other: ___

1.3 Domain & DNS

Domain registration is not included in this Agreement. The Client is responsible for registering and renewing their domain independently.
The Agency will configure DNS records required for hosting upon written request.
The Client must authorize all DNS changes in writing.
Domain expiry causing website downtime is not covered by the uptime SLA and is solely the Client's responsibility.

1.4 Email Hosting

Email hosting (mailboxes, email forwarding, SMTP) is not included in this Agreement unless explicitly added by written amendment. This Agreement covers web hosting only.

2. Service Level Agreement

2.1 Uptime Guarantee

The Agency guarantees the following uptime levels, measured monthly:

Plan	Uptime Guarantee
Starter	99.5% (≤ ~3.6 hours downtime/month)
Professional	99.9% (≤ ~43 minutes downtime/month)
Business	99.95% (≤ ~22 minutes downtime/month)
Enterprise	99.99% (≤ ~4.3 minutes downtime/month)

2.2 Uptime SLA Exclusions

The following events are excluded from uptime SLA calculations:

Scheduled maintenance windows (48-hour advance notice provided)
Emergency security patches (applied immediately; notice provided as soon as practicable)
Force Majeure events (natural disasters, datacenter power failures, major ISP outages, etc.)
DDoS attacks exceeding the mitigation capacity of the Client's hosting plan
Issues caused by the Client's own content, code, database queries, or plugins (e.g., a plugin running a resource-intensive query that causes a PHP crash)
Issues caused by the Client or third parties unauthorized by the Agency making server-side changes
Domain expiry, DNS misconfiguration caused by the Client's registrar, or propagation delays
Third-party CDN, SSL authority, or DNS provider outages
Actions required by law, regulation, or court order
Client failure to pay invoices resulting in service suspension

2.3 SLA Breach Remedies

If uptime falls below the guaranteed level, the Client is entitled to a service credit:

Uptime Achieved	Credit (as % of monthly fee)
99.0% – [SLA threshold]	10% credit
98.0% – 98.99%	20% credit
95.0% – 97.99%	40% credit
Below 95.0%	100% credit

Credits are applied to the next invoice. They are not refundable as cash. Total credits in any month are capped at 100% of the monthly fee.

2.4 Scheduled Maintenance

Standard window: [Tuesday / Thursday], [11pm–2am Agency local time] — max [2] hours
48-hour advance notice for all scheduled maintenance
Emergency maintenance may occur without advance notice for critical security patches

3. Client's Website & Content Obligations

3.1 Acceptable Content

3.2 Resource Use

If resource overuse is detected, the Agency will:

Notify the Client in writing with details of the excess resource consumption
Give the Client [5] business days to resolve the issue
If unresolved: throttle resources, require a plan upgrade, or suspend the account

3.3 Security of Client's Application

The Agency manages the server infrastructure security (OS patches, firewall, server software). The Client is responsible for the application-layer security of their own website:

Keeping CMS core, themes, and plugins updated (unless covered by a Maintenance Plan)
Using strong, unique passwords for all CMS accounts
Not installing nulled, pirated, or untrusted plugins/themes
Configuring appropriate permissions on files and directories
Ensuring application code does not introduce SQL injection, XSS, or other vulnerabilities

3.4 Bandwidth Overages

If the Client's website exceeds the monthly bandwidth allocation:

Starter / Professional: Overage billed at [RATE] per additional GB, invoiced at month-end
Business: First [X] GB overage at no charge; billed at [RATE]/GB thereafter
Enterprise: Negotiated per agreement

The Agency will notify the Client when bandwidth reaches 80% of the monthly allocation.

3.5 Storage Overages

Storage beyond the plan limit is billed at [RATE] per additional GB/month. The Agency will notify the Client when storage reaches 80% of the plan limit.

4. Backups

4.1 Backup Scope

Daily automated backups include:

Full website files (public_html / application directory)
Database(s) associated with the hosted website
Email data (if email hosting is included)
Server configuration files relevant to the Client's site

Backups are stored in a geographically separate location from the primary server.

4.2 Backup Restoration

Plan	Restoration Time	Cost
Starter	Best effort (up to 2 business days)	Included (1 restore/month)
Professional	1 business day	Included (2 restores/month)
Business	4 business hours	Included (unlimited)
Enterprise	1 hour	Included (unlimited)

Additional restores beyond the included quota: [RATE] per restoration.

4.3 Backup Limitations

(b) Backup age: Restoration restores to a point in time. Data entered or modified after the backup point will be lost. The Client is responsible for re-entering any such data.

(d) Client-generated data loss: If the Client deletes content from the CMS, database, or server and requests a restore, the restoration cost applies per Section 4.2.

5. Security

5.1 Agency-Managed Security Controls

The Agency implements the following server-level security controls:

Control	Implementation
Firewall	Network-level and application-level firewall rules
DDoS mitigation	Per plan capacity
Malware scanning	Server-level file scanning (Business and Enterprise plans)
SSL/TLS	TLS 1.2+ enforced; TLS 1.0/1.1 disabled
Security headers	HSTS, X-Frame-Options, CSP (basic) configured at server level
Intrusion detection	Log monitoring for brute force and suspicious access patterns
Server OS patching	Critical patches applied within [72] hours of release

5.2 Security Incident Response

If the Agency detects or becomes aware of a security incident affecting the Client's hosting environment:

5.3 Client's Security Obligations

Never share hosting credentials with unauthorized parties
Use SFTP or SSH key authentication (not plain FTP) for file transfers
Immediately notify the Agency at security@webility.local if credentials are compromised
Do not attempt to access or test other clients' hosting environments
Do not run cryptocurrency mining software, botnet software, or other resource-abusing applications

6. Migration & Setup

6.1 Initial Setup

Upon signing and receipt of the first payment, the Agency will:

Provision the hosting environment within [2] business days
Configure SSL certificate
Configure backup system
Set up monitoring
Provide the Client with server credentials via secure transfer

6.2 Website Migration

If migration is included:

Migration is performed on a staging basis (new environment tested before going live)
DNS cutover is performed only after the Client confirms the migrated site is functioning correctly
The Client is responsible for DNS propagation timing (typically 24–48 hours globally; some regions may take longer)
Old hosting account: The Client should not cancel their old hosting account until the migration is fully confirmed — typically [5] business days after DNS cutover

6.3 Migration Exclusions

Not included in migration (even if migration is included):

Migrating email accounts or mailboxes to a new email host
Migrating third-party SaaS data (CRM, ERP, etc.)
Reconfiguring website code to work on the new platform/stack if incompatible
Migrating more than [X] GB of data without a written amendment

7. Fees & Billing

7.1 Monthly Fee

Hosting Plan: [PLAN NAME] Monthly Fee: [CURRENCY] [AMOUNT]/month (exclusive of taxes) Setup Fee (one-time, if applicable): [CURRENCY] [AMOUNT]

7.2 Billing

First month's fee + setup fee due on signing, before provisioning
Subsequent months invoiced on the 1st business day of each month
Due within 15 days; auto-billing available and recommended

7.3 Suspension for Non-Payment

The Agency is not responsible for any business losses resulting from suspension due to non-payment.

7.4 Termination & Data Retrieval

Upon termination of this Agreement (by either Party):

A 30-day data retrieval window is provided during which the Client may download all files and databases
After 30 days, all data is securely deleted
The Agency is not liable for data loss if the Client fails to retrieve data within the window
No refunds for unused portions of pre-paid months after termination

8. Term & Cancellation

8.1 Initial Term

Minimum term: [1 month] (month-to-month by default; annual plans available at 10% discount)

8.2 Cancellation

Client may cancel with 30 days' written notice to hosting@webility.local
Cancellation is effective at the end of the current billing cycle
No partial-month refunds
Annual plans: non-cancellable mid-term; upon expiry, month-to-month unless renewed

8.3 Agency Termination Rights

9. Limitation of Liability

The SLA remedies in Section 2.3 are the Client's sole remedy for uptime breaches.

10. Confidentiality, Data Protection, Governing Law & General

Confidentiality: Agency treats all Client data and credentials with confidentiality (5-year post-termination obligation)
Data protection: Agency acts as data processor; Client is data controller for end-user data. A DPA is available upon request.
Governing law: [Province/State, Country]
Disputes: Good-faith negotiation, then mediation, then litigation in courts of [City, Province/State, Country]
Entire agreement: This Agreement, the AUP, and the Privacy Policy constitute the entire agreement for hosting services
Electronic signatures: Valid and binding

Signatures

Webility LLC

Signature: ___________________________ Date: _______________ Name / Title: ___________________________

[CLIENT LEGAL NAME]

Signature: ___________________________ Date: _______________ Name / Title: ___________________________

Webility — WBL-CTR-HST-[ID]-v1.0

Back to all policies