All public surfaces, with their service-level objectives.
Civic Anchor is in the M2 telco-pilot phase. The SLOs below describe the operational targets at GA (M5). Pre-GA traffic is best-effort and not under contractual SLA; partners on the pilot receive direct incident notifications.
Public surfaces
| Hostname | Purpose | Scope |
|---|---|---|
| civicanchor.id | Public DID resolver | Public · Pre-GA |
| civicanchor.me | User wallet PWA | Public · Pre-GA |
| civicanchor.co.za | ZA country marketing + Trust + Status | Public · Pre-GA |
| verify.civicanchor.id | Partner verification API | Partner only |
Service-level objectives (GA)
Targets the platform commits to from M5 onwards. Measurement window: rolling 30 days. Failure to meet a published SLO over two consecutive months triggers a customer-visible post-mortem.
- Public DID resolver99.9% monthly · ≤ 200ms p95 SSR
- Verification API (per-region)99.95% monthly · ≤ 250ms p95
- Wallet PWA99.9% monthly
- Country marketing surfaces99.9% monthly · ISR-served
Incident disclosure
Confirmed incidents are posted here within 72 hours, with a full post-mortem (timeline, root cause, mitigation) within 14 days. POPIA s22 notifications run in parallel where the incident reaches the threshold. See the Trust Centre for the full disclosure policy.
Reporting a vulnerability
Coordinated disclosure: write to security@civicanchor.id with a description, reproduction steps, and your preferred acknowledgement. We respond within one business day. Critical findings are eligible for a recognition fee under the M6 bug-bounty programme (open at GA).