Website Maintenance & Support Agreement
Document ID: WBL-CTR-MNT-[ID]-v1.0 Agreement Date: [DATE] Plan Start Date: [DATE] Client: [CLIENT LEGAL NAME] Plan Tier: ☐ Starter ☐ Professional ☐ Business ☐ Enterprise
Parties
Service Provider:
Webility ("Agency") [Legal Business Name, Registered Address] Email: support@webility.local | legal@webility.local
Client:
[CLIENT LEGAL NAME] ("Client") [Registered Address, Representative: Name, Title, Email]
1. Services & Plan Details
1.1 Covered Website(s)
This Agreement covers the following website(s):
| # | Website URL | Platform / CMS | Hosting Location |
|---|---|---|---|
| 1 | [URL] | [WordPress / Shopify / Next.js / other] | [Provider, Region] |
| 2 | [URL — if multi-site plan] |
Additional websites may be added by written amendment at the applicable per-site rate.
1.2 Standard Services — All Plans
The following services are provided every month under all plan tiers:
| Service | Frequency | Details |
|---|---|---|
| Automated backups | Daily | Full site + database; off-site storage |
| Backup retention | Per plan | Starter: 30 days / Professional: 60 / Business: 90 / Enterprise: 365 |
| Backup integrity test | Monthly | Restore test to verify backup usability |
| Security scanning | Continuous | Malware, file integrity, known vulnerability monitoring |
| SSL certificate monitoring | Continuous | Auto-renewal alert + configuration verification |
| Uptime monitoring | 24/7 | Alert within [5] minutes of downtime detection |
| Core / plugin / theme updates | Per plan cadence | Staged on test/staging environment first, then deployed |
| Broken link scan | Monthly | Reported in monthly report |
| Performance audit | Monthly | Lighthouse / PageSpeed score tracking with trend |
| Monthly report | Monthly | Summary of all actions taken, metrics, recommendations |
| Dedicated account contact | Ongoing | Named Webility contact for all plan communication |
1.3 Plan-Specific Services
| Service | Starter | Professional | Business | Enterprise |
|---|---|---|---|---|
| Update frequency | Monthly batch | Bi-weekly | Weekly | Weekly + emergency |
| Content update hours / month | 1 hr | 2 hrs | 4 hrs | 8+ hrs |
| Security level | Standard | Advanced | Advanced + WAF | Advanced + WAF + scheduling |
| Support channel | Email + Chat | Email + Chat + Phone | Dedicated line | |
| Response time (standard issues) | 2 business days | 1 business day | 4 business hours | 2 business hours |
| Emergency response (P1) | Next business day | Same business day | 4 hours | 1 hour |
| Monthly performance call | — | — | 30 min | Quarterly review |
| Uptime SLA | 99.0% | 99.5% | 99.9% | 99.95% |
1.4 Content Update Hours — Scope & Limits
Included hours cover:
- Updating existing text on live pages via CMS
- Swapping existing images for new ones (same format/dimensions)
- Publishing pre-written blog posts formatted and ready to paste
- Fixing broken links or correcting minor display issues
- Updating contact information, business hours, or team member details
- Minor CSS tweaks (e.g., font size, color adjustment on one element)
Content hours do NOT cover:
- Building new page templates or page layouts from scratch
- Adding new features, plugins, or third-party integrations
- Copywriting, photography, or content strategy
- Graphic design or image creation
- Any task that requires development work beyond CSS adjustments
- Content requiring custom code, JavaScript, or database changes
Hour management:
- Hours are tracked and reported monthly
- Hours do not roll over month to month
- Unused hours are forfeited at month end
- Additional hours are billed at [RATE]/hour with Client approval before work begins
- If a task will exceed available hours, the Agency notifies the Client before proceeding
2. Service Level Agreement (SLA)
2.1 Priority Classification
| Priority | Definition | Examples |
|---|---|---|
| P1 — Critical | Website completely inaccessible; checkout or payment system broken; active security breach or data leak | Site returning 500/503 errors globally; malware detected and executing; SSL failure causing browser security blocks |
| P2 — High | Major functionality broken; significant portion of site inaccessible; severe performance degradation | Contact form not sending; 50%+ of pages returning errors; Lighthouse score dropped >40 points; e-commerce product pages broken |
| P3 — Medium | Non-critical feature impaired; minor errors affecting some users; content displaying incorrectly | Single form field not validating; one page loading slowly; image not displaying on one browser |
| P4 — Low | Minor visual issue; enhancement request; general question | Button color slightly off on one device; inquiry about adding a new section; billing question |
2.2 Response Time Commitments
Response time = time from receipt of Client's support request to Agency's first substantive response acknowledging the issue and beginning investigation.
| Priority | Starter | Professional | Business | Enterprise |
|---|---|---|---|---|
| P1 — Critical | Next business day | Same business day | 4 hours | 1 hour |
| P2 — High | 3 business days | 2 business days | 8 business hours | 4 business hours |
| P3 — Medium | 5 business days | 3 business days | 2 business days | 1 business day |
| P4 — Low | Next monthly cycle | 5 business days | 3 business days | 2 business days |
Business hours: Monday–Friday, [9am–6pm, Agency's local time zone: ___]. After-hours emergency escalation (P1) is available on Business and Enterprise plans via [emergency contact method: phone / dedicated Slack].
2.3 Uptime SLA & Remedies
Uptime is measured monthly as the percentage of time the website is accessible and functioning normally.
| Plan | Uptime Guarantee | Measurement | SLA Breach Remedy |
|---|---|---|---|
| Starter | 99.0% | Monthly | Service credit: 10% of monthly fee per 1% below SLA |
| Professional | 99.5% | Monthly | Service credit: 15% of monthly fee per 0.5% below SLA |
| Business | 99.9% | Monthly | Service credit: 20% of monthly fee per 0.1% below SLA |
| Enterprise | 99.95% | Monthly | Custom remedy per Schedule A |
SLA Exclusions — Downtime is not counted toward SLA breach if caused by:
- Scheduled maintenance windows (notified 48 hours in advance)
- Emergency security maintenance (notified as soon as practicable)
- Hosting provider infrastructure failures outside the Agency's control
- Force Majeure events (see Section 11)
- Actions taken by the Client or third parties authorized by the Client
- Third-party platform outages (Shopify, Stripe, payment gateways, social media APIs, etc.)
- DDoS attacks exceeding the mitigation capacity of the hosting plan
- Failure of domain DNS propagation caused by Client-controlled domain registrar
- Website inaccessibility caused by the Client's own code changes or CMS actions
- Client's failure to renew domain registration or third-party subscriptions
SLA credit cap: Total credits in any month shall not exceed the monthly plan fee. Credits are applied to future invoices and are not refundable in cash.
2.4 Scheduled Maintenance
- Standard window: [Tuesday and/or Thursday], [11pm–2am, Agency timezone] — maximum [30] minutes
- Extended maintenance: 48-hour advance written notice; Client may request a different window
- Emergency security patches: Applied immediately without advance notice when a critical vulnerability requires urgent action; Client notified as soon as practicable
3. Client Responsibilities
3.1 Required at Onboarding
The Client must provide the following within [5] business days of signing this Agreement:
- Admin access to CMS (WordPress, Shopify, etc.)
- Hosting account access (cPanel / server panel / SSH / deployment platform)
- Domain registrar access (or DNS management platform)
- List of all plugins, themes, and third-party integrations with versions
- Emergency escalation contact (name, phone, hours of availability)
- Payment method for auto-billing
3.2 Ongoing Client Obligations
(a) Notify before making changes: The Client must notify the Agency at least 48 hours in advance before making significant changes to the website, including: installing or removing plugins, upgrading platform versions, modifying server configuration, changing hosting provider, or adding third-party integrations.
(b) Unauthorized modifications: If the Client or any third party (another developer, staff member, etc.) makes changes to the website without notifying the Agency, and those changes cause issues that require remediation:
- The remediation work is billed at [RATE]/hour and is not covered by the plan
- The Agency's SLA obligations are suspended for the duration of any disruption caused by unauthorized changes
- The Agency is not liable for any data loss or downtime resulting from unauthorized modifications
(c) Maintain access: The Client must ensure the Agency maintains continuous access to all systems required to provide the plan services. If access is revoked or credentials expire without timely replacement, SLA obligations are suspended accordingly.
(d) Respond to urgent communications: For P1 and P2 issues, the Client's designated emergency contact must be reachable and able to make decisions. If the Client is unreachable during a critical incident, the Agency will take reasonable protective action at its discretion.
(e) Third-party subscriptions: The Client is responsible for maintaining all third-party subscriptions required for the website to function (hosting plan, plugin licenses, e-commerce platform, payment gateway, email service, etc.). The Agency does not manage these subscriptions unless explicitly included in the plan.
(f) Domain renewal: The Client is solely responsible for renewing domain registration. A lapsed domain will cause immediate website downtime that is not covered by this Agreement.
4. What This Agreement Does Not Cover
The following are explicitly excluded from all maintenance plans:
(a) New features: Building new functionality, pages, or integrations beyond the existing site scope. These require a separate development contract.
(b) Redesign or rebranding: Visual redesign of any section or page. Covered by a separate design contract.
(c) Third-party platform changes: When a third-party platform (Shopify, WooCommerce, payment gateway, API provider) updates its API, deprecates a feature, or changes its behavior, adapting the website to those changes is out-of-scope unless explicitly included.
(d) Security incidents caused by Client-side vulnerabilities: If the website is compromised due to:
- Code introduced by the Client or a third-party developer
- The Client's use of an unauthorized or nulled/pirated plugin or theme
- Client credential compromise (stolen admin password, phishing, etc.)
- The Client ignoring security warnings or postponing critical updates ...remediation is billed at [RATE]/hour. The Agency will assist but this falls outside plan coverage.
(e) Data recovery beyond backup retention: If data is lost and backups beyond the plan's retention period are required, recovery is not guaranteed.
(f) E-commerce order data, financial records, or ERP data: The Agency does not handle, migrate, or take responsibility for transactional business data. CMS and website content are in scope; business databases and ERP systems are not.
(g) SEO performance: This plan does not include SEO strategy, content creation, link building, or Google Search Console management. The Agency monitors technical performance, not organic search rankings.
(h) Email deliverability or email hosting: Email accounts, inbox management, and deliverability issues are outside the scope of a website maintenance plan.
(i) Legal compliance updates: Changes required to bring the website into compliance with new laws (privacy law changes, accessibility mandates, GDPR updates) are out-of-scope and require a separate engagement.
5. Fees & Billing
5.1 Monthly Fee
Plan: [PLAN NAME] Monthly Fee: [CURRENCY] [AMOUNT]/month (exclusive of applicable taxes)
5.2 Billing
- Invoiced on the 1st business day of each month for the current month's service
- Due within 15 calendar days of invoice date
- Auto-billing via [payment method on file] is available and recommended
- Late payment provisions (1.5%/month interest, service suspension) apply per the Agency's Payment Terms Policy
5.3 Annual Pre-Payment
Pre-payment of an annual plan earns a 10% discount on the plan fee. Annual plans are non-cancellable mid-term. If the Client wishes to upgrade during the annual term, the credit balance is applied to the new plan.
5.4 Price Adjustments
The Agency reserves the right to adjust plan pricing with 60 days' written notice. Price increases do not apply mid-term on annual plans.
5.5 Additional Hours & Work
Work outside the plan (additional content hours, emergency work, new features) is invoiced at [RATE]/hour, approved by the Client before work begins, and billed at month-end.
6. Data & Privacy
6.1 Access to Client Systems
The Agency accesses the Client's website and hosting infrastructure solely for the purpose of providing plan services. The Agency will not access, read, copy, or use any personal data stored in the website's database beyond what is necessary to resolve a reported issue.
6.2 Backup Data
Backups created under this plan may contain personal data of the Client's website visitors or customers. The Agency stores this backup data as a data processor on behalf of the Client (the data controller). The Client is responsible for ensuring that backup data storage is compliant with applicable privacy law.
6.3 Notification of Security Incidents
If the Agency discovers or has reasonable grounds to suspect a security incident affecting the Client's website, the Agency will notify the Client within 24 hours of becoming aware. The Client is responsible for making any legally required notifications to regulators, affected individuals, or other parties.
7. Term, Renewal & Cancellation
7.1 Initial Term
This Agreement begins on the Plan Start Date and continues for an initial term of [3] months ("Minimum Term").
7.2 Auto-Renewal
After the Minimum Term, this Agreement automatically renews on a month-to-month basis unless cancelled per Section 7.3.
7.3 Cancellation by Client
The Client may cancel this Agreement after the Minimum Term with 30 calendar days' written notice to support@webility.local. Cancellation is effective at the end of the billing cycle following the notice period. No partial-month refunds.
7.4 Cancellation by Agency
The Agency may terminate this Agreement: (a) With 30 days' notice for any reason; (b) Immediately for non-payment of any invoice outstanding more than 15 days past due; (c) Immediately if the Client's website is found to be hosting illegal content or violating the Agency's Acceptable Use Policy.
7.5 Effect of Termination
Upon termination: (a) The Agency provides a 30-day data transition period during which backups are available for download by the Client; (b) After the transition period, backups and all cached copies are deleted; (c) The Agency removes its monitoring, security, and access configurations from the Client's systems; (d) The Client is responsible for migrating to alternative hosting/maintenance arrangements; (e) The Agency is not liable for any issues arising from the Client's failure to establish alternative maintenance before transition period expires.
8. Limitation of Liability
THE AGENCY'S MAXIMUM LIABILITY UNDER THIS AGREEMENT IN ANY CALENDAR MONTH SHALL NOT EXCEED THE MONTHLY PLAN FEE FOR THAT MONTH. THE AGENCY IS NOT LIABLE FOR INDIRECT, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM SERVICE DISRUPTIONS, SECURITY INCIDENTS, DATA LOSS, OR THIRD-PARTY PLATFORM FAILURES.
Nothing limits liability for gross negligence or willful misconduct.
9. Confidentiality
The Agency treats all Client system credentials, business data, and website content as confidential, using at least reasonable care. This obligation survives termination for 5 years.
10. Dispute Resolution & Governing Law
Disputes are addressed first through good-faith negotiation (15 business days), then mediation if needed. Governing law: [Province/State, Country]. Exclusive jurisdiction: [City, Province/State, Country].
11. Force Majeure
Neither Party is in breach for failures caused by events outside their reasonable control. If a Force Majeure Event persists beyond 30 days, either Party may terminate with no penalty beyond payment for services rendered.
Signatures
Webility LLC
Signature: ___________________________ Date: _______________ Name / Title: ___________________________
[CLIENT LEGAL NAME]
Signature: ___________________________ Date: _______________ Name / Title: ___________________________
Onboarding Checklist (Attach at Signing)
- Access credentials collected securely
- Site audit scheduled
- Emergency contact confirmed
- Auto-billing set up
- Monitoring configured within [10] business days of signing
Webility — WBL-CTR-MNT-[ID]-v1.0