Service level

API & data service-level commitments

This page sets expectations for the public endpoints SupplierSpy exposes. Published commitment — not a signed contract — so that operators depending on SupplierSpy data know what to count on.

Last updated: 2026-04-17

Endpoints covered

Uptime target

99.9%
monthly availability
< 45 min
maximum monthly downtime at target

Baseline inherited from our hosting provider's published SLA. Measured at our edge; brief regional provider incidents are counted against this target. If you observe sustained downtime, email hello@supplierspy.com and we will investigate.

Data freshness target

< 6h
snapshot delta for 95% of queries
< 24h
snapshot delta for 99.9% of queries

The refresh pipeline runs every 6 hours. Supplier review signals (Trustpilot, Shopify App Store, Capterra) and stock quotes are re-scraped on that cadence. Hand-curated fact rows are reviewed when flagged via /dispute/:slug or /corrections.

Rate limits

No application-level rate limits today. Our hosting provider's edge may return 429 Too Many Requests on egregious traffic (e.g. sustained multi-thousand requests per second from one IP). Metered request tiers for API licensees are on the 2026 Q3 roadmap and are disclosed as a roadmap item on /sponsorship-policy. If you need to pre-clear a high-volume IP range for scheduled dataset pulls, email hello@supplierspy.com with your source IP range and expected request rate — we'll almost certainly just say yes.

For lower-volume bulk use, prefer /dataset.jsonl (single file, fetched once) over looping /api/supplier/:slug 16 times.

Support

Best-effort via hello@supplierspy.com. No paid support tier is active yet. Response windows (all times are calendar days, not business days — the clock does not pause for weekends or holidays):

  • Factual corrections: acknowledged within 48h, published to /corrections within 14 calendar days if upheld.
  • Dispute outcomes: decision published within 14 calendar days — see /dispute/:slug.
  • API questions: acknowledged within 48h, answered as quickly as bandwidth allows.
  • Press: press@supplierspy.com — reply target 24h on business days.
  • Security reports: see /security — acknowledged within 48h, triaged within 7 calendar days, high-severity fixes within 30 calendar days.
  • GDPR / data-rights requests: replied to within 30 calendar days (GDPR Art. 12 window).

Failure modes

If the live site is down and the endpoints are unreachable, the signed-snapshot archive is the canonical source of truth. Every snapshot is published at /snapshots/<date>.json with a companion signature file.

Each snapshot is also content-addressed; the IPFS CIDs are recorded in /snapshots and can be fetched via any public IPFS gateway if supplierspy.com itself is unreachable. Signatures verify against the published public key at /.well-known/jwks.json.

What this page isn't

This is not a legally binding SLA. It is a published commitment — a pragmatic description of what we aim to deliver, documented so procurement teams have a number to reference. A formal SLA, with service credits and remedies, is available on API-tier contracts (roadmap). Until that exists, treat the numbers on this page as operational targets we work to hold ourselves to.