# Enterprise Support *How to engage Naridon, Inc. for SLAs, professional services, and training. Tier categories and what each one includes.* ## Overview The Aura engine is open source under Apache 2.0, and a meaningful number of teams run it entirely on that basis. Enterprise customers engage **Naridon, Inc.** — the company in Zürich, Switzerland that builds and maintains Aura — when they need operational certainty that cannot be earned from GitHub issues alone: guaranteed response windows, direct access to the engineers who wrote the merge engine, private security advisories, compliance evidence packages, and migration help for the kinds of repositories where getting it wrong is expensive. This page documents how to contact Naridon, what the support tiers cover in categorical terms, and which additional professional services are available alongside a subscription. We deliberately describe tiers without specific pricing or specific SLA numbers, because both vary by region, deployment scale, and legal jurisdiction. The sales conversation produces the signed contract that fixes them. ## Contacting Naridon Primary channels: - **Email:** `hello@naridon.com` for commercial inquiries, `security@naridon.com` for security reports. - **Customer portal:** existing customers receive a dedicated portal URL at onboarding. - **Postal address:** Naridon, Inc., Zürich, Switzerland. The full address is on every invoice and contract. For security issues, `security@naridon.com` accepts PGP-encrypted mail. The public key is published at `naridon.com/security-pgp.asc` and fingerprinted in the release-signing key hierarchy. Response expectations for pre-sale contact are measured in business days. Response expectations for in-contract support are governed by the tier (see below). ## Support tier categories Naridon offers three named support tiers plus a separate dedicated-engineering engagement. Tiers differ along four axes: response time, covered hours, channels, and included services. Customers choose a tier based on their operational risk, not their team size. ### Bronze Intended for: teams running Aura in a production path with ordinary availability requirements, typically 50–200 engineers. Included: - Response during business hours for the customer's primary region. - Private security advisory pre-disclosure. - Access to the customer portal and the private knowledge base. - Minor-version upgrade guidance. - Named primary contact at Naridon for non-urgent coordination. Not included at this tier: 24/7 response, on-call escalation, auditor letters, or named-engineer liaison. ### Silver Intended for: teams running Aura at the center of their engineering workflow, typically 200–500 engineers, or smaller teams in regulated industries. Included: - Everything in Bronze. - 24/7 response for severity-1 incidents (service-impacting, production-blocking). - Business-hours response for severity-2 and severity-3 across the customer's primary region. - Auditor-ready evidence package reviewed by Naridon compliance engineering once per audit cycle. - Security hotfix backports to the customer's pinned minor version for the length of that minor version's support window. - Up to a specified number of hours per year of included professional-services time. ### Gold Intended for: teams where Aura is load-bearing and a service interruption is a board-level event. Large regulated institutions, governments, defense, critical infrastructure. Included: - Everything in Silver. - 24/7 response for severity-1 through severity-3. - Follow-the-sun engineering coverage across EU, Americas, and APAC business hours. - Named senior engineer liaison. Regular cadence calls with Naridon engineering leadership. - Private CVE coordination and hotfix backports to any supported minor version. - Annual on-site architecture review by Naridon engineering. - Priority influence on the public roadmap. - Dedicated slot in Naridon's quarterly customer council. ### Dedicated Engineering An optional engagement layered onto any tier. The customer reserves a named Naridon engineer (or engineering pod) for a fixed allocation per quarter. The engineer works alongside the customer's platform team on configuration, performance tuning, custom integrations, or upstream contributions. Work product is either kept private to the customer or upstreamed to the open-source engine, at the customer's election. This is the correct shape for customers running Aura at the scale where performance tuning, migration engineering, and roadmap coordination all need a human who knows the customer's deployment deeply. ## Severity definitions | Severity | Definition | Example | | --- | --- | --- | | S1 | Production is down, a security incident is in progress, or data loss is occurring. | Mothership cluster unreachable for all peers; chain-integrity verification failing. | | S2 | Production is degraded or a workaround is required. | Sync latency above SLA; a subset of peers failing to push. | | S3 | A bug or question affecting normal operation. | Intent log export producing an unexpected warning. | | S4 | Feature request, documentation gap, non-urgent question. | "How do we wire agent identities against our SAML IdP?" | Customers declare severity when opening a ticket. Naridon may propose re-classification with justification; the customer has the final say on severity for their own environment. ## Professional services Naridon offers a set of standardized professional-services engagements. Each is scoped, fixed-duration, and produces concrete deliverables. These are available to any tier. ### Migration engineering A hands-on engagement to import a long-lived repository into Aura. Covers preflight, scoping, shadow-branch strategy, identity-backfill review, and rollout plan. Typical duration: four to eight weeks. Deliverable: a production-ready import plus a runbook for your platform team. See [Migration from Git](/migration-from-git). ### Deployment engineering Reference architecture adapted to the customer's infrastructure: Kubernetes, cloud provider, network topology, identity provider, KMS. Covers security hardening, observability integration, backup verification. Deliverable: a working deployment with runbooks and a knowledge-transfer session. ### Compliance package A one-off engagement producing the evidence artifacts for a specific audit engagement (SOC 2 Type II, ISO 27001, HIPAA). Naridon compliance engineering reviews the customer's Aura configuration against the framework, identifies gaps, produces mapping documents, and sits alongside the customer during auditor fieldwork if requested. ### Performance tuning A structured engagement targeting a specific performance objective, typically latency or throughput at scale. Covers profiling, tuning, load testing, and horizontal scaling design. See [Performance Tuning](/performance-tuning). ### Incident response retainer An on-call agreement that guarantees Naridon engineers can be summoned to a live incident on a specified response window. Retainer hours are used against actual incidents; unused hours roll forward within the contract year. ## Training Standardized training offerings: - **Platform engineer onboarding (2 days).** Operating Aura at scale: deployment, configuration, tuning, backup, incident response. Hands-on with a real Mothership. - **Developer workshop (half day).** The CLI, MCP tools, intent logging, zones, sync. Designed for delivery to an engineering org in batches. - **CISO briefing (half day).** Security model, compliance posture, threat model, Naridon's own security program. Designed for security leadership. - **Agent integration bootcamp (2 days).** For teams running Claude, GPT, Cursor, or other agents against Aura at scale. Covers Sentinel, zone-based agent isolation, rate limiting, and incident patterns. All training is available remote or on-site. On-site delivery requires travel reimbursement. ## Security response Naridon runs a coordinated vulnerability disclosure program. The short version: - Report privately to `security@naridon.com` (PGP key at `naridon.com/security-pgp.asc`). - Acknowledgement within one business day. - Patch window agreed with the reporter. - Public advisory published on a coordinated schedule, with credit to the reporter if they want it. Enterprise customers receive advisories under embargo, typically seven days before public disclosure, with patched binaries and a recommended upgrade window. This is part of every tier, not an upsell. ## Release policy Aura follows semantic versioning: - **Patch releases** (0.14.x) ship as needed for bug fixes. Wire-compatible with their minor. - **Minor releases** (0.14 → 0.15) ship approximately quarterly. Wire-compatible with one minor back. - **Major releases** (0.x → 1.x) are rare and accompanied by migration engineering guidance. Minor releases are supported with security patches for twelve months after release. Customers on a commercial agreement who need longer support can negotiate extended-support windows for specific minors. ## Customer references and community Naridon maintains a customer advisory council that meets quarterly. Members provide roadmap input in exchange for early access to new features and the ability to shape the product toward their own operational needs. Membership rotates; Gold-tier customers have guaranteed seats. A public community exists around the open-source repository at `github.com/Naridon-Inc/aura`, with discussions, issues, and contribution guides. Commercial customers are welcome to participate publicly and often do; community engagement is explicitly not a tier discriminator. ## Data handling during support When a Naridon engineer assists with a support case, they handle customer data under the processor terms signed at contract execution. In practice: - Support engagements default to **no customer source code shared with Naridon**. We debug against reproducers, logs with code redacted, and metrics. - If a customer chooses to share specific snippets, they are handled under a narrow processor agreement, retained only for the duration of the case, and destroyed on case closure. - Access to any customer artifact is logged internally at Naridon and subject to annual audit. These practices apply to every tier. ## Frequently asked questions **Can we buy just the security advisory subscription?** Yes, as an add-on to any tier. It is not available standalone because it has historically been bundled with a support commitment; if you have a compelling reason for standalone, talk to us. **Do you support air-gapped deployments?** Yes, at every tier. Air-gapped support uses secure offline-bundle exchange plus encrypted-email-only channels. See [Air-Gapped Install](/air-gapped-install). **Can we get a written data-residency commitment?** Yes. Gold-tier contracts include written commitments on Naridon's own personnel geography and data-handling practices during support engagements. See [Data Sovereignty in the EU](/data-sovereignty-eu). **Do you do custom feature work?** Yes, through Dedicated Engineering. Custom work can be either kept private to the customer or upstreamed to the open-source repository, at the customer's election. **What happens if we cancel?** The engine keeps running. It is open source. You lose access to the private portal, private advisories, and support channels at the end of the current term. Your deployment continues uninterrupted. ## Getting started The typical onboarding sequence: 1. **Introductory call** — scope, team size, deployment shape, regulatory requirements. 2. **Technical deep-dive** — your platform engineering team meets Naridon engineering. Requirements become architectural decisions. 3. **Commercial proposal** — tier, any professional services, contract term. 4. **Contract execution** — Swiss law, Zürich jurisdiction unless otherwise negotiated. 5. **Kickoff** — named contact, portal access, first cadence call scheduled. The calendar between first email and signed contract, for straightforward engagements, is typically two to four weeks. For contact: **hello@naridon.com**. ## See Also - [Enterprise Overview](/enterprise-overview) - [Self-Hosted Deployment](/self-hosted-deployment) - [Compliance & Audit](/compliance-and-audit) - [Migration from Git](/migration-from-git) - [Data Sovereignty in the EU](/data-sovereignty-eu)