Kongo Industries, Integration Notification Centre, service levels
What you can rely on, in writing.
The Integration Notification Centre is the monitoring and alerting platform for the integrations Kongo builds and operates for you. This page sets out its service levels: how it behaves, how it is secured, and how we support you. Written to be read by your IT team as much as by you.
What the Centre is, and what it is not.
The Centre receives operational events from the integrations we run for you, maintains a live health status for each one, gives your team a dashboard at integrations.hellokongo.com, and emails the people you nominate when something needs attention.
The Centre is a monitoring aid. It is not the system of record for your business data, and it does not process or store the business data flowing through your integrations; it stores operational telemetry only. The presence or absence of an event in the Centre is not evidence that underlying business processing did or did not occur.
Service levels for the integrations themselves, including incident priorities, response and restoration targets, and upstream platform dependencies, are agreed per engagement in the Service Levels Schedule attached to your Statement of Work. This page covers the platform.
Continuously monitored, honestly described.
The Centre runs on serverless, multi-availability-zone managed services in the AWS Sydney region, with no single server to fail and capacity allocated on demand. It is itself monitored: automated alarms watch every Centre function and its queues, and page Kongo’s on-call rotation when they fire.
The Centre is provided on a best-efforts basis with continuous monitoring. No numeric availability target applies in this version of these service levels; we may introduce one in a future version once sufficient operating history exists.
Events are accepted on an at-least-once-attempt basis: under retry exhaustion or abnormal load an individual event may be deduplicated or not recorded, and we do not warrant delivery of any individual event. Sustained inability of an integration to report surfaces as a missed-heartbeat alert.
How you hear about it before you log in.
| Trigger | Behaviour |
|---|---|
| critical / error | Emailed immediately, per event, to the recipients you nominate for that integration. |
| warning | Aggregated into one digest email per integration per hour. |
| info | Dashboard only; no email. |
| missed heartbeat | Where an expected reporting interval is configured, the integration is marked down and your recipients notified when no event arrives within twice that interval. |
| recovery | Your recipients are notified when a degraded or down integration returns to healthy. |
You self-manage recipients and the minimum email severity per integration on the dashboard. Notification emails are sent via Amazon SES; delivery to your mailbox is subject to your own mail infrastructure.
The section your IT team will want to read.
| Data stored | Operational telemetry only: event type, severity, timestamp, message, error details, retry metadata, correlation identifiers, and integration configuration. The Centre is not intended to receive personal or sensitive information; you agree not to include personal information in event payloads beyond the operator contact emails used for alerting. |
| Residency | All data is stored and processed in the AWS Sydney region (ap-southeast-2). No cross-border storage. |
| Encryption | Encrypted in transit (TLS) and at rest (AWS-managed encryption on all data stores and archives). |
| Tenant isolation | Each client is a separate tenant. Data is partitioned per tenant at the storage layer; API credentials are bound to a single tenant and integration; dashboard sessions carry an immutable tenant claim. Cross-tenant access paths are independently security-reviewed. |
| Access control | Dashboard access is via passwordless email sign-in with 10-minute single-use links. Kongo administrative access is restricted to a named admin group, and every administrative action performed in your tenant context is audit-logged. When a team member moves on, tell your Kongo lead and access is revoked the same business day. |
| Credentials | API keys are stored only as cryptographic hashes; the cleartext is shown once at issue and cannot be recovered. Keys are revocable with effect within minutes. |
| Backups | Point-in-time recovery is enabled on the primary data store, allowing restore to any point in the preceding 35 days. |
| Retention | Events are held live for 90 days, then moved to an encrypted cold archive. Archived events can be retrieved on request. Configuration and health data are retained while your integration is active. |
| Deletion on exit | On termination, API keys are revoked and users disabled immediately; live and archived data are deleted or retained per your engagement’s offboarding terms. |
| Subprocessors | Amazon Web Services (hosting, Sydney region); Stripe (billing, only where you are usage-billed). No other third party receives your data. |
| Breach notification | We will notify you of a confirmed data breach involving your data without undue delay, and in any case within 72 hours of confirmation, consistent with the Australian Notifiable Data Breaches scheme. |
Business continuity. The Centre’s architecture is multi-availability-zone within the Sydney region. This version carries no cross-region disaster-recovery commitment; a regional AWS outage would interrupt monitoring until the region recovers. Loss of the Centre does not affect the operation of your integrations themselves; it affects visibility and alerting only.
Where requests land, and how fast.
Email integrations@hellokongo.com. Monitored Monday to Friday, 9:00 to 17:00 AEST/AEDT, excluding national Australian public holidays. Response targets are to first qualified human response, not resolution; incident response for your integrations themselves is governed by your Statement of Work.
| Priority | Definition | Response target |
|---|---|---|
| P1 critical | Centre dashboard or alerting inaccessible, or a suspected security incident. | 1 business hour |
| P2 high | A Centre feature broken with a workaround; alerts not behaving as configured. | 4 business hours |
| P3 normal | Configuration changes, new users, questions. | 1 business day |
| P4 low | Cosmetic issues, documentation, requests. | 3 business days |
The fine print, kept short.
Remedies. Where we miss a target in these service levels materially or repeatedly, we will review the failure with you and present a remediation plan. This is your sole remedy under these service levels, without limiting your master agreement with us.
Exclusions. Targets do not apply to the extent a failure results from: your systems, network, mail infrastructure, or configuration you control; failure or degradation of third-party platforms your integrations depend on (addressed per engagement in your Statement of Work); a regional failure of the underlying cloud provider; suspension for non-payment or misuse; or events beyond our reasonable control.
Maintenance and change. The platform deploys without scheduled downtime windows; releases are zero-downtime in the ordinary course. Where disruptive maintenance is unavoidable, we give at least 2 business days’ notice. Material changes to these service levels are notified 30 days in advance.
Four tiers. No per-event surcharges.
| Tier | Events included / month | Price |
|---|---|---|
| Lite | 5,000 | $99 |
| Starter | 10,000 | $149 |
| Growth | 50,000 | $349 |
| Scale | 200,000 | $599 |
Billing is per calendar month against the tier in your Statement of Work. If a month’s events exceed your tier’s allowance, that month is billed at the smallest tier whose allowance covers the usage, with no per-event surcharge. Heartbeat pings do not count toward the allowance. Annual prepayment is available; prepaid clients receive no monthly invoices.