Skip to content

Service Standards

Service Level Agreements (SLAs), quality standards, and operational guidelines for MDHosting Ltd services.

Overview

MDHosting Ltd is committed to providing reliable, high-quality hosting services with transparent performance standards and responsive support. This document outlines our service commitments, performance benchmarks, and operational standards.

Core Principles: - Transparency: Clear communication of service levels and limitations - Reliability: Consistent uptime and performance - Responsiveness: Prompt support and issue resolution - Quality: Maintained infrastructure and security standards - Fair Use: Balanced resource allocation for all clients

Service Level Agreement (SLA)

Uptime Guarantee

Hosting Services: - Target Uptime: 99.9% per month - Measured Service: HTTP/HTTPS web hosting and email services - Exclusions: Scheduled maintenance, client-side issues, force majeure - Measurement Period: Calendar month - Monitoring: Automated uptime monitoring (external)

Uptime Calculation: 

Uptime % = (Total Minutes in Month - Downtime Minutes) / Total Minutes in Month × 100

Example: - Month: January (31 days, 44,640 minutes) - Downtime: 30 minutes - Uptime: (44,640 - 30) / 44,640 = 99.93% - Target Met:

Historical Performance: - 2025 Average: 99.98% uptime - Typical Monthly Downtime: <5 minutes - Longest Outage (2025): 12 minutes (scheduled maintenance overrun)

Downtime Definitions

Planned Downtime (Excluded from SLA): - Scheduled Maintenance: First Tuesday of each month, 02:00-04:00 GMT - Client Notification: 7 days advance notice - Typical Duration: <30 minutes - Impact: Minimal (low-traffic period)

Unplanned Downtime (Included in SLA): - Service Outages: Unexpected service interruption - Hardware Failures: Server or network equipment failure - Security Incidents: DDoS attacks, security breaches

Not Counted as Downtime: - Client account suspension (nonpayment, AUP violation) - DNS propagation delays (client-controlled nameservers) - Client-side network or ISP issues - SSL certificate issues caused by client - Force majeure events (natural disasters, datacenter failures beyond our control)

Service Credits

In the event of SLA breach (< 99.9% uptime):

Service Credit Tiers: - 99.0% - 99.8% uptime: 10% monthly service credit - 98.0% - 98.9% uptime: 25% monthly service credit - < 98.0% uptime: 50% monthly service credit

How to Claim: 1. Email admin@mdhosting.co.uk within 7 days of month end 2. Include account details and affected period 3. Credits applied to next month's invoice 4. Maximum credit: 50% of monthly fee (no cash refunds)

Service Credit Exclusions: - Credits not applicable for free services or trials - Credits not applicable during scheduled maintenance - Credits not transferable or redeemable for cash

Proactive Credit Application

MDHosting reserves the right to proactively apply service credits for significant outages without requiring client claims.

Performance Standards

Website Performance

Page Load Time (Target): - Static Content: <500ms (measured from server) - Dynamic Content (PHP): <2 seconds (uncached) - WordPress Sites: <3 seconds (with typical plugins)

Factors Affecting Performance: - Website code optimization - Image sizes and compression - Database query efficiency - Third-party script loading - Traffic volume and concurrent users

Performance Optimization Support: - Free consultation for performance issues - Guidance on caching and optimization plugins - Review of resource-intensive processes - Recommendations for upgrades if needed

Server Resource Allocation

Shared Hosting Resources (per account): - CPU: Fair use allocation (no hard limit) - Memory: 512MB PHP memory limit (configurable) - Storage: As per package allocation - Bandwidth: 20TB monthly aggregate (fair use) - I/O: 10MB/s typical (fair use) - Processes: 50 concurrent processes max - Inodes: 250,000 files max per account

Fair Use Policy: - Resources shared among ~30 accounts on eu1.cp - No single account should consume >20% sustained resources - Automated monitoring alerts excessive usage - Proactive contact before any restrictions

Resource Limit Actions: 1. 80% Resource Usage: Friendly notification and optimization guidance 2. Sustained High Usage: Consultation and upgrade recommendations 3. Extreme Abuse: Temporary throttling with immediate notification 4. Repeated Violations: Account upgrade requirement

Email Service Standards

Email Delivery: - Outbound Sending Limit: 500 emails/hour per account (fair use) - Attachment Size: 50MB maximum - Mailbox Size: 2GB default (unlimited for business accounts) - Spam Filtering: SpamAssassin (enabled by default) - Virus Scanning: ClamAV (automatic on all email)

Email Reliability: - Delivery Success Rate: >99% (to valid, non-blocking recipients) - Spam False Positive Rate: <1% (legitimate emails marked as spam) - Email Storage: RAID-protected, daily backups

Email Performance: - SMTP Queue Time: <5 minutes during normal operation - IMAP Sync Delay: Immediate (push notifications supported) - Webmail Availability: 99.9% uptime (same as hosting SLA)

DNS Service Standards

DNS Resolution: - Query Response Time: <50ms (average, measured from nameserver) - DNS Availability: 99.95% uptime (dual nameserver redundancy) - DNS Propagation: Immediate on ns1/ns2 (global propagation depends on TTL) - Zone Update Time: <60 seconds from cPanel to nameservers

DNS Redundancy: - Primary Nameserver: ns1.mdhosting.co.uk (Hetzner Germany) - Secondary Nameserver: ns2.mdhosting.co.uk (Hetzner Germany) - Automatic Failover: Resolver queries alternate nameserver if primary unavailable

Backup and Recovery Standards

Backup Frequency: - Full Account Backups: Daily at 02:00-04:00 GMT - Retention Period: 30 days rolling retention - Backup Location: Off-site Hetzner Storage Box (BX11) - Backup Verification: Automated integrity checks

Recovery Time Objectives (RTO): - Single File Restore: <15 minutes (self-service via cPanel) - Database Restore: <30 minutes (self-service via cPanel) - Full Account Restore: 1-4 hours (depending on account size) - Server Disaster Recovery: <24 hours (full restoration from backups)

Recovery Point Objectives (RPO): - Maximum Data Loss: 24 hours (time since last backup) - Typical Data Loss: <24 hours (most recent backup available)

Backup Success Rate: - Target: 99%+ successful backup completion rate - Monitoring: Automated alerts on backup failures - Client Notification: Email notification on repeated backup failures

Support Standards

Support Channels

Primary Support: - Email: admin@mdhosting.co.uk - Ticketing System: https://mdhosting.co.uk/billing/submitticket.php - Client Portal: https://mdhosting.co.uk/billing

Support Hours: - Email/Ticket Support: 24/7 (monitored during UK business hours) - Best Response Time: Monday-Friday, 09:00-18:00 GMT - Weekend/Holiday Support: Emergency issues only (best effort)

Not Provided: - Phone support (email/ticket only) - Real-time live chat (asynchronous support only) - On-site support (remote infrastructure only)

Response Time Commitments

Priority Levels:

Critical (Priority 1): - Definition: Complete service outage affecting all or multiple accounts - Examples: Server down, DNS failure, complete email outage - Response Time: 30 minutes (business hours), 2 hours (out of hours) - Resolution Target: 4 hours

High (Priority 2): - Definition: Significant service degradation or single account completely down - Examples: Website not loading, email not sending, SSL certificate issue - Response Time: 2 hours (business hours), 4 hours (out of hours) - Resolution Target: 8 hours

Medium (Priority 3): - Definition: Service functional but with issues, non-critical problems - Examples: Performance issues, configuration assistance, partial functionality loss - Response Time: 4 hours (business hours), next business day (out of hours) - Resolution Target: 24 hours

Low (Priority 4): - Definition: General inquiries, requests, non-urgent issues - Examples: How-to questions, feature requests, billing inquiries - Response Time: 8 hours (business hours), next business day - Resolution Target: 48 hours

Response Time Measurement: - Measured from ticket submission to first substantive response - Auto-replies and acknowledgements do not count as responses - Response times apply during business hours unless otherwise specified

Support Scope

Included Support: - ✅ Account access and login issues - ✅ cPanel configuration assistance - ✅ Email setup and configuration guidance - ✅ DNS configuration and troubleshooting - ✅ SSL certificate installation and renewal - ✅ Backup restoration requests - ✅ Server-level performance issues - ✅ Security incident response - ✅ General hosting guidance

Limited Support: - 🟡 Website code debugging (guidance only, not code fixes) - 🟡 WordPress plugin conflicts (general guidance, not plugin support) - 🟡 Third-party application configuration (general guidance) - 🟡 Email client configuration (guidance provided, client executes)

Not Included (Out of Scope): - ❌ Website development or coding services - ❌ Content updates or website edits - ❌ Third-party application support (WordPress, plugins, themes) - ❌ Custom scripting or programming - ❌ SEO or marketing services - ❌ Training or education (beyond basic guidance) - ❌ Client-side device or software issues

Additional Services Available: - Website migration (may incur fee for complex migrations) - Custom configurations (assessed case-by-case) - Professional services (bespoke development, consulting)

Support Quality Standards

First Contact Resolution Target: 60% of tickets resolved on first response

Client Satisfaction Target: >90% satisfaction rating (post-ticket surveys)

Communication Standards: - Clear, jargon-free explanations - Step-by-step guidance when appropriate - Proactive updates on ongoing issues - Honest assessments of timelines and limitations

Follow-Up: - Automatic follow-up on unresolved tickets after 48 hours - Confirmation of resolution before ticket closure - Post-resolution survey (optional client feedback)

Security Standards

Infrastructure Security

Server Security: - Firewall: ConfigServer Security & Firewall (CSF) enabled - Intrusion Prevention: Fail2Ban + Imunify360 FREE - Malware Scanning: Imunify360 + ClamAV (daily scans) - Kernel Patching: KernelCare (live patching without reboots) - OS Updates: Monthly security patches (first Tuesday maintenance window)

Application Security: - Web Application Firewall: ModSecurity enabled - PHP Security: Open_basedir restrictions, disabled dangerous functions - SQL Injection Protection: ModSecurity rules active - XSS Protection: ModSecurity rules active - DDoS Protection: Basic protection (Hetzner network-level)

Access Control: - SSH Access: Key-based authentication preferred - cPanel Access: Password + optional 2FA - WHM Access: Restricted to administrative staff only - FTP Access: SFTP strongly recommended over FTP

SSL/TLS Standards

SSL Certificate Provision: - Default: Let's Encrypt SSL (automatic, free) - Auto-Renewal: Automated via AutoSSL (60 days before expiry) - Supported Certificates: Let's Encrypt, commercial certificates (client-provided) - TLS Versions: TLS 1.2 and 1.3 (TLS 1.0/1.1 disabled for security)

SSL Coverage: - Primary domain (example.com) - www subdomain (www.example.com) - Mail subdomain (mail.example.com) - Webmail, cPanel, FTP subdomains

SSL Renewal Monitoring: - Automated renewal attempts starting 30 days before expiry - Alert if renewal fails (email to account holder) - Manual intervention if automatic renewal unavailable

Data Protection Standards

Data Location: - All data stored in EU (Hetzner Germany datacenters) - UK GDPR compliant infrastructure - No data transfers outside EU without consent

Data Encryption: - In Transit: TLS 1.2+ for HTTPS, IMAPS, SMTPS - At Rest: Server-level encryption via Hetzner (encrypted disks) - Backups: Encrypted transfer via SSH/SFTP to storage box

Data Retention: - Active Accounts: Data retained indefinitely while account active - Cancelled Accounts: Data retained 30 days post-cancellation - Backups: 30-day rolling retention - Logs: 90 days retention

Data Deletion: - Account Cancellation: Secure deletion after 30-day retention - Client Request: Immediate deletion available upon request (Right to Erasure) - Method: Secure file deletion (overwrite + remove)

Compliance Standards

UK GDPR Compliance: - ICO Registration: ZB044018 - Data Processing Agreements available - Privacy Policy published and maintained - Data Subject Rights procedures documented - Breach notification procedures (<72 hours to ICO)

PCI DSS Compliance: - No card data stored (tokenization via Stripe/PayPal) - Payment processing offloaded to PCI-compliant processors - Minimal PCI scope (reduces compliance burden)

Security Incident Response: - Incident response procedures documented - Security incident notification within 24 hours - Post-incident analysis and remediation - Transparent communication with affected parties

Acceptable Use Policy (AUP)

Permitted Uses

Allowed Content and Services: - ✅ Business and personal websites - ✅ E-commerce websites (WooCommerce, etc.) - ✅ Blogs and content management systems - ✅ Email hosting for business and personal use - ✅ Web applications (within resource limits) - ✅ Development and staging sites - ✅ Portfolio and showcase websites

Prohibited Uses

Strictly Forbidden: - ❌ Illegal Content: Content violating UK or EU law - ❌ Copyright Infringement: Pirated software, media, or content - ❌ Adult Content: Pornography or sexually explicit material - ❌ Malware Distribution: Viruses, trojans, ransomware, or exploits - ❌ Phishing: Fraudulent websites impersonating legitimate entities - ❌ Spam: Mass unsolicited email or spam relay - ❌ Resource Abuse: Bitcoin mining, CPU-intensive tasks, resource monopolization - ❌ Network Attacks: DDoS, port scanning, hacking attempts - ❌ Proxy Services: Anonymous proxies, VPN exit nodes - ❌ File Hosting: Public file storage or distribution (Warez, torrents)

Restricted Uses (Require Approval): - 🟡 High-traffic websites (>100K visitors/month) - may require upgrade - 🟡 Video streaming or hosting - bandwidth-intensive - 🟡 Image galleries with >10K images - storage/bandwidth considerations - 🟡 Cron jobs more frequent than every 5 minutes - resource considerations

Resource Fair Use

CPU and Memory: - No sustained >20% server CPU usage - No memory-intensive processes (>512MB PHP memory typical) - Automated monitoring alerts excessive usage - Optimization guidance provided before restrictions

Bandwidth: - 20TB monthly allocation (aggregate across all clients) - Fair use expected - no single account monopolizing bandwidth - Legitimate traffic spikes accommodated - Sustained high bandwidth may require upgrade

Storage: - No file hoarding or backup storage (active website files only) - Aged/unused files should be removed - Old email should be archived locally or deleted - Legitimate business data growth accommodated

Email Sending: - Maximum 500 emails/hour per account (fair use) - No mass marketing or unsolicited email (spam) - Newsletter services permitted (legitimate opt-in lists <500 recipients) - Third-party email services recommended for large campaigns (Mailchimp, etc.)

AUP Enforcement

Violation Response:

1. First Violation (Minor): - Email notification to account holder - Warning and guidance to correct issue - Typically 24-48 hours to resolve

2. Second Violation or Moderate Violation: - Email notification with escalated tone - Potential temporary suspension if serious - Required action plan to resolve - Timeline for resolution (typically 24 hours)

3. Severe Violation or Repeated Violations: - Immediate account suspension - Required remediation before reinstatement - Potential account termination if not resolved

4. Egregious Violation: - Immediate permanent account termination - No refund provided - Law enforcement notification if applicable (hacking, illegal content)

Appeals Process: - Clients may appeal AUP decisions via email to admin@mdhosting.co.uk - Appeals reviewed within 2 business days - Decision communicated with rationale - Final decision at MDHosting's discretion

Quality Assurance

Infrastructure Standards

Hardware: - Enterprise-grade servers (Hetzner Germany) - NVMe SSD storage (fast, reliable) - RAID configurations for redundancy - Regular hardware health monitoring

Software: - Current OS versions (AlmaLinux 8/10) - Up-to-date control panel (cPanel/WHM - current ApisCP planned) - Regular security patching (monthly maintenance) - KernelCare live kernel patching (no reboot downtime)

Network: - 1 Gbit/s network connectivity - Redundant network paths (Hetzner network) - DDoS protection (Hetzner infrastructure) - Low latency (<50ms EU, <150ms global)

Monitoring and Alerting

Infrastructure Monitoring: - 24/7 uptime monitoring (external monitors) - Service availability checks (HTTP, SMTP, DNS) - Resource usage monitoring (CPU, memory, disk) - Security event monitoring (Imunify360)

Alerting: - Immediate alerts on service outages - Proactive alerts on resource exhaustion - Security alerts on suspicious activity - Backup failure alerts

Response: - Critical alerts: Immediate investigation and response - Non-critical alerts: Next business day review - Proactive issue resolution (fix before client impact)

Change Management

Planned Changes: - Scheduled maintenance windows (first Tuesday, 02:00-04:00 GMT) - Client notification 7 days in advance - Change documentation and rollback plans - Post-change verification

Emergency Changes: - Critical security patches (4-hour notice minimum) - Service restoration (immediate, notification follows) - Transparent communication during and after

Billing and Payment Standards

Payment Terms

Due Date: - Invoices due on invoice date - Grace period: 5 days from invoice date - Suspension notice: 7 days from invoice date - Account suspension: 10 days from invoice date

Payment Methods: - Stripe: Credit/debit cards (preferred) - PayPal: Alternative payment method - Bank Transfer: Available on request for annual payments

Late Payment: - Day 5: Reminder email sent - Day 7: Suspension warning email - Day 10: Account suspended (website/email inaccessible) - Day 40: Account termination and data deletion

Reinstatement: - Payment of outstanding invoice - £10 reinstatement fee for suspended accounts - Service restored within 2 hours of payment

Refund Policy

Money-Back Guarantee: - 30-day money-back guarantee (first month only) - Available for first-time clients only - Full refund of hosting fees (excludes domain registrations) - Cancel within 30 days of signup for full refund

Service Credit: - SLA breaches result in service credits (see SLA section) - Applied to next month's invoice automatically - Not redeemable for cash

No Refunds After 30 Days: - No refunds for partial months - No refunds for mid-contract cancellations - Service continues until end of paid period

Cancellation Policy

How to Cancel: - Submit cancellation request via client portal or email - Cancellation effective at end of current billing period - No early termination (service runs until paid period ends)

Data Retention Post-Cancellation: - Data retained 30 days after cancellation - Backups available for download during this period - Download your data before cancellation recommended

Reactivation: - Accounts can be reactivated within 30 days - After 30 days, new signup required (no data restoration)

Service Limitations

Technical Limitations

Shared Hosting Constraints: - Shared server resources (CPU, memory, bandwidth) - Fair use policies apply to all accounts - Not suitable for extremely high-traffic sites (>500K visitors/month) - Not suitable for resource-intensive applications (video encoding, ML, etc.)

Email Limitations: - 500 emails/hour sending limit (anti-spam measure) - 50MB attachment size limit - Not suitable for bulk mailing (use dedicated email services)

Backup Limitations: - 30-day retention only - Automated backups (not real-time) - Client responsible for own critical backups

DNS Limitations: - Standard DNS features (A, CNAME, MX, TXT) - DNSSEC planned (PowerDNS migration Q2 2026) - Not suitable for complex DNS configurations (use dedicated DNS provider)

Upgrade Options

When to Upgrade: - Consistently high resource usage (>80% sustained) - Traffic exceeding 100K visitors/month - Need for dedicated resources - Custom configurations required

Upgrade Paths: - Higher-tier shared hosting packages - VPS hosting (dedicated resources) - Dedicated servers (full server control)

Contact for Upgrades: - Email: admin@mdhosting.co.uk - Subject: "Account Upgrade Request" - Include account details and requirements

Service Improvement

Continuous Improvement

Regular Reviews: - Quarterly infrastructure performance reviews - Annual security audits - Client feedback collection - Service standard adjustments based on performance data

Future Enhancements (Planned): - ApisCP migration (Q2-Q3 2026) - modern control panel - PowerDNS migration (Q2 2026) - DNSSEC support - Grafana monitoring stack (Q1 2026) - enhanced visibility - Wazuh SIEM deployment (Q3-Q4 2026) - advanced security monitoring

Client Feedback

Feedback Channels: - Post-support ticket surveys - Annual client satisfaction surveys - Direct email to admin@mdhosting.co.uk - Feature requests via client portal

Feedback Action: - All feedback reviewed and logged - Common requests prioritised for implementation - Clients notified of feature implementations

Additional Information

Documentation: - Hosting Services - Service details and features - Backup Services - Backup information and procedures - GDPR Compliance - Data protection details - Incident Response - Security incident procedures

Contact: - Email: admin@mdhosting.co.uk - Website: https://mdhosting.co.uk - Client Portal: https://mdhosting.co.uk/billing

Last updated: January 2026