General scope: This document sets out product-specific service terms that supplement the general Terms of Service, AUP, and other applicable documents. By ordering and using the service, the customer accepts the following supplementary terms in relation to this product.
Scope of Service
This document applies to dedicated server, VDS/VPS, and cloud server services.
1. Service Model
Unless otherwise stated in writing, server services are provided on an unmanaged basis. The customer is responsible for the operating system, applications, firewall, access controls, and software maintenance.
All operations performed under root/administrator access are under the customer's control and responsibility.
2. Network Usage and Security
- DDoS, amplification, botnet, brute-force, port scanning, or unauthorised access attempts are not permitted.
- In the event of such incidents, traffic throttling, temporary isolation, null-routing, or access suspension may be applied.
- Repeated violations may result in service termination.
3. IP Addresses and Reputation
The customer is responsible for the use of assigned IP addresses.
- Activities leading to spam, blacklisting, abuse, or reputational damage may be restricted.
- Where necessary, IP changes, revocation, or service restrictions may be applied.
4. Resource and Hardware Usage
- Usage that exceeds the package scope or adversely affects the infrastructure may be restricted.
- In the event of a physical hardware failure, faulty components may be replaced.
- Successful data recovery is not guaranteed.
5. Backups and Data Responsibility
The integrity of data on the server, application-level security, and independent backups are the customer's responsibility.
1.2 Managed VDS Services
For Managed VDS services, RYSTAT assumes the following operational and management responsibilities within the scope of the service:
- Operating system lifecycle: controlled security patching and monthly scheduled OS updates (with critical CVE emergency patches applied within 72 hours).
- Firewall management: baseline firewall policies (iptables/nftables/firewalld) deployed and maintained by RYSTAT, brute-force protection (fail2ban), vulnerability monitoring.
- Off-site backups: automated daily backups stored in a second region outside the primary RYSTAT infrastructure, with 7/14/30-day rotation. Backup integrity is verified at least once per month.
- Monitoring and alerting: 24/7 infrastructure monitoring, capacity/uptime alerts, and human-operated incident response.
- 24/7 technical support: uninterrupted first- and second-level support for managed-panel services and server-level incidents.
- Maintenance windows: pre-announced scheduled maintenance, conducted predominantly during regional low-traffic hours.
The Customer remains responsible for the application layer (web application, database schema, third-party software), in-application security (input validation, content security), and the accuracy of application data. RYSTAT's management rights are limited to interventions necessary to sustain the service, and customer data is accessed only to the minimum extent necessary on the basis of a support request or a substantiated security justification.
1.3 Self-Service VDS Services
For Self-Service VDS services, RYSTAT provides only the underlying infrastructure (hardware, network access, hypervisor, IP address, power and the data centre layer). The Customer is fully responsible for the operating system, applications, firewall, user access controls, security patching, monitoring, backups, log management, and disaster recovery.
- RYSTAT does not perform routine root/administrator-level operations on the Customer's server.
- RYSTAT's intervention is limited to physical hardware failure, network connectivity issues, hypervisor-layer maintenance, or legal/security necessity.
- The Customer is responsible for operating-system end-of-life (EOL) tracking, client-side patching, log retention, and KVKK/GDPR technical measures.
- The Customer must deploy and regularly verify a backup solution of its choice; unless an external backup add-on is purchased, RYSTAT does not retain backups for Self-Service VDS.
All VDS/VPS services not explicitly marked as "Managed" on the order form or in the customer panel are deemed Self-Service unless otherwise agreed in writing.
4 (New). Service Level Commitments (SLA)
Depending on the product model, RYSTAT offers the service level commitments set out below. Detailed definitions, calculation methodology and exclusions are set out in the general SLA document; this table is summary only.
| Metric | Managed VDS | Self-Service VDS |
|---|---|---|
| Monthly infrastructure uptime | 99.9% (including RYSTAT management) | 99.5% (network + hypervisor layer only) |
| Recovery Time Objective (RTO) | Maximum 4 hours (after hardware failure) | Customer responsibility — not committed |
| Recovery Point Objective (RPO) | Maximum 24 hours (off-site backup) | Customer responsibility — not committed |
| First response time (critical incident) | 15 minutes (24/7) | 4 hours (within business hours) |
| Scheduled maintenance notice | Minimum 72 hours in advance | Minimum 24 hours in advance |
The following are excluded from SLA calculations: customer-induced configuration errors, downtime caused by customer-installed software, force majeure, and downtime resulting from the customer refusing RYSTAT maintenance windows.
9 (New). Liability and Compensation Limits
Managed VDS: Outside of pre-announced maintenance windows and within RYSTAT's management scope, the maximum compensation payable to the Customer for data loss or service downtime resulting from a demonstrated RYSTAT operational fault shall be limited to a refund of one (1) month's fee for the affected Managed VDS subscription. This limit does not restrict statutory rights arising under KVKK/GDPR.
Self-Service VDS: For Self-Service VDS services, RYSTAT assumes no compensation liability for data loss, downtime, or reputational damage arising from the Customer's choices regarding operating system, applications, backups or security configuration. The Customer expressly acknowledges this risk when ordering a Self-Service VDS.
In both models, RYSTAT is not liable for indirect, consequential, loss-of-profit or business-interruption damages. Cases of fraud, intent or gross negligence are reserved.