top of page
CycleCadence logo - bike subscription service powered by Cadence Performance

Service Level Agreement

1. Introduction

This Service Level Agreement ("SLA") forms part of the agreement between Cadence Performance Limited trading as CycleCadence ("CycleCadence", "Provider", "we", "us") and the Customer ("you", "your") for use of the CycleCadence hosted software platform and associated support services.

The CycleCadence platform is provided as a hosted software tool that enables employer customers and their employees to access and administer a bike subscription journey. The Customer does not pay a separate software access fee for use of the platform. This SLA therefore does not provide service credits, refunds or financial compensation for platform outage. Instead, it sets out CycleCadence's operational service targets, support process, maintenance approach and data protection commitments.

2. Service Scope

The CycleCadence hosted software supports the administration of Cycle-to-Work subscription services for employers and employees. The service scope includes, where enabled for the Customer:

  • Employer account registration and scheme administration through the web app.

  • Employee invitation, onboarding and subscription journey.

  • Bike and subscription selection workflow, including employer approval steps.

  • Employer dashboards and subscription analysis.

  • Automated monthly billing information and reporting outputs.

  • CO2 savings and ESG reporting information presented through the platform.

  • Reasonable technical support for access, availability, data security and service operation issues.

Unless expressly agreed in writing, this SLA applies to the hosted software platform only. It does not apply to physical bike delivery, in-store servicing, insurance handling, third-party finance decisions, payroll processing by the Customer, or services performed by any third party outside CycleCadence's direct control.

3. Platform Availability Commitment

CycleCadence will use commercially reasonable endeavours to keep the hosted software available, stable and secure during normal use. The target platform availability is 99.5% monthly uptime, excluding planned maintenance, emergency maintenance and the exclusions listed in this SLA.

This availability commitment is an operational target only. Because access to the hosted software is provided as part of the bike subscription service and is not charged as a separate customer software subscription, no service credits, liquidated damages, refunds or fee reductions apply if the target is not achieved.

4. Support Hours, Response Targets and Resolution Targets

Support requests should be submitted through the agreed support email address, helpdesk, telephone number or other support channel notified to the Customer. CycleCadence may update support channels from time to time.

5. Data Protection and Information Security Commitments

CycleCadence recognises that Customer and employee data must be handled securely and responsibly. CycleCadence will maintain reasonable technical and organisational measures designed to protect the confidentiality, integrity and availability of Customer data processed through the hosted software. These measures include, where applicable:

  • Encryption in transit for user access to the hosted software.

  • Controlled administrative access to production systems.

  • Role-based access controls for authorised platform users.

  • Secure hosting environments operated through reputable cloud and infrastructure providers.

  • Routine patching and maintenance of the application and supporting infrastructure.

  • Backup and restoration processes proportionate to the nature of the hosted software service.

  • Logging and audit trails appropriate to the service and the data being processed.

  • Internal procedures for reviewing and responding to security events affecting the hosted software.

  • Use of least-privilege principles for administrative access where reasonably practicable.

  • Reasonable checks on suppliers that support hosting, infrastructure, security, availability or data processing.

CycleCadence will not knowingly sell Customer or employee personal data. Personal data will be processed only for legitimate service administration, support, security, reporting, billing, legal, regulatory or agreed business purposes connected with the CycleCadence service.

6. Customer Data, Privacy and GDPR

The parties will comply with applicable UK data protection laws. Where CycleCadence processes personal data on behalf of the Customer, CycleCadence will act in accordance with the applicable contractual data protection terms, privacy notices and lawful instructions agreed between the parties.

Customer data may include employer contact details, employee account details, subscription choices, approval status, billing information, usage information and reporting data needed to operate the bike subscription service. The exact data fields may vary depending on the service configuration and the Customer's scheme requirements.

CycleCadence will apply appropriate safeguards to Customer data and will limit access to personnel, contractors and suppliers who need access for support, administration, security, operational or legal purposes. Customer data will be retained only for as long as reasonably required for service delivery, legal, accounting, audit, regulatory or dispute resolution purposes, unless otherwise agreed in writing.

7. Security Incident Notification

For material security incidents affecting Customer data, CycleCadence will notify the Customer without undue delay after becoming aware of the incident and will cooperate with reasonable investigation and reporting requirements. Notification will normally include, where known:

  • A summary of the incident and the known or suspected impact.

  • The categories of data or users affected, where this can be reasonably identified.

  • Immediate containment or mitigation steps taken by CycleCadence.

  • Recommended Customer actions, where applicable.

  • The next expected update time or contact route for further information.

CycleCadence will provide further updates as reasonably appropriate until the incident is contained or the Customer has received sufficient information to meet its own obligations.

8. Backups and Data Recovery

CycleCadence will maintain backup processes for hosted software data designed to support recovery following platform failure, data corruption or infrastructure incident. Unless otherwise agreed in writing:

  • Backups will be taken at least daily for production data.

  • Backups will be retained for a commercially reasonable period aligned to operational recovery needs.

  • Restoration requests caused by Customer error, accidental deletion or incorrect Customer input may require engineering assessment and may not always be possible at individual-record level.

  • Backup restoration is intended for service recovery and business continuity, not as a substitute for Customer record keeping, payroll records or statutory obligations.

9. Hosting, Monitoring and Engineering Support

The hosted software will be operated using reputable cloud hosting, infrastructure and application services selected by CycleCadence or its technology partners. CycleCadence will maintain monitoring designed to identify availability, performance, security and service stability issues, including:

  • Service monitoring for platform availability and core application health.

  • Operational alerts for hosting or application issues that may affect service availability.

  • Engineering support to triage, investigate and restore service where issues are within CycleCadence's reasonable control.

  • Access control processes for administrative access to production systems.

  • Logging and audit trails appropriate to the nature of the hosted software service.

10. Maintenance

Scheduled maintenance may occasionally cause temporary degradation or interruption of the hosted software service. CycleCadence will aim to perform scheduled maintenance outside normal UK business hours where reasonably practicable.

  • Standard Maintenance Window: 22:00 to 06:00 UK time.

  • Planned Maintenance Notice: at least 5 working days where the maintenance is expected to materially affect availability.

  • Emergency Maintenance: may be performed without prior notice where required to maintain security, stability or availability.

Maintenance will be planned to minimise Customer disruption wherever reasonably practicable.

11. Customer Responsibilities

To enable CycleCadence to protect the service and meet this SLA, the Customer must:

  • Provide accurate account, user, payroll and scheme administration information where required for the hosted software to operate correctly.

  • Maintain current nominated support, data protection and incident contacts.

  • Ensure users follow acceptable use, security and access control requirements.

  • Promptly remove or disable users who no longer require access.

  • Promptly respond to reasonable requests for information needed to investigate or resolve support cases or security events.

  • Maintain its own internal payroll, HR, finance and statutory records outside the hosted software where required by law or internal policy.

  • Protect login credentials and notify CycleCadence promptly of suspected account compromise, misuse or unauthorised access.

  • Not misuse, overload, probe, reverse engineer or attempt unauthorised access to the hosted software.

12. Exclusions from Availability and Support Commitments

The following events are excluded from the availability and support commitments set out in this SLA:

  • Scheduled maintenance and emergency maintenance performed in accordance with this SLA.

  • Issues caused by factors outside CycleCadence's reasonable control, including Force Majeure events.

  • Failures or degradation caused by third-party systems not under CycleCadence's direct control, including Customer networks, internet service providers, banks, payroll providers, payment providers, email providers or identity providers.

  • DNS, domain, browser, device or connectivity issues outside CycleCadence's direct control.

  • Incidents caused by inaccurate, incomplete or delayed information supplied by the Customer.

  • Customer failure to respond to reasonable CycleCadence enquiries needed to resolve the issue.

  • Customer-side hardware, software, network, device, browser or configuration failures.

  • Suspension of access due to breach, security risk, legal requirement or misuse.

  • Beta, trial, sandbox, demonstration or non-production environments unless expressly included in writing.

13. Limitations

This SLA does not cover:

  • Physical bike delivery, collection, repair, servicing or inspection timelines.

  • Insurance policy administration or claims handling by third-party insurers.

  • Payroll processing or salary sacrifice calculations performed by the Customer or its payroll provider.

  • Customer tax, HR, employment law, FCA or regulatory compliance obligations.

  • Bespoke development, change requests, feature enhancements or integrations unless agreed in a separate statement of work.

  • Security breaches, data loss or service disruption caused by Customer users, agents, contractors, vendors or compromised credentials.

  • Unsupported browsers, devices, configurations or failure to follow usage guidance.

Nothing in this SLA limits or excludes liability that cannot lawfully be limited or excluded. Any liability provisions in the main customer agreement take priority over this SLA if there is any conflict.

14. Force Majeure

Neither party will be liable for delay or failure to perform its obligations where caused by events beyond its reasonable control, including natural disasters, war, terrorism, civil unrest, government action, strikes, labour disputes, power failure, telecommunications failure, internet backbone failure, supplier failure, epidemic, pandemic, or any other event beyond reasonable control.

15. Changes to this SLA

CycleCadence may update this SLA from time to time to reflect service, operational, legal or security changes. Material changes will be notified to Customers or posted at www.cyclecadence.com. The current SLA should be reviewed periodically.

This SLA was last updated on 3rd June 2026.

16. Company Details

Cadence Performance Limited is a company registered in England and Wales under company registration number 07966116. Registered office: 2a Anerley Hill, Crystal Palace, London, SE19 2AA.

bottom of page