Managed IT and AI,
documented properly.
CloudMonkey's public legal framework aligns managed cloud, IT, voice, security, Microsoft 365 administration, and AI services with South African e-commerce, privacy, consumer, tax, and electronic contracting requirements.
Commercial Boundaries
Service orders define users, devices, support channels, response windows, exclusions, setup work, and recurring fees so managed services do not become unlimited support obligations.
ECTA Contracting
Online orders must give customers a review and correction step, clear supplier disclosures, cooling-off notices, and explicit consent where immediate provisioning starts before the statutory period ends.
POPIA Operations
Where CloudMonkey processes personal information for a customer, the customer remains the Responsible Party and CloudMonkey acts as Operator under a written data protection addendum.
AI Governance
AI agents are documented as probabilistic tools that require human review for material decisions, sensitive data handling, and any workflow that may affect legal rights.
The core compliance pillars
These controls are designed to keep the commercial promise measurable, the platform compliant, and the customer relationship enforceable.
Commercial Boundaries
Service orders define users, devices, support channels, response windows, exclusions, setup work, and recurring fees so managed services do not become unlimited support obligations.
ECTA Contracting
Online orders must give customers a review and correction step, clear supplier disclosures, cooling-off notices, and explicit consent where immediate provisioning starts before the statutory period ends.
POPIA Operations
Where CloudMonkey processes personal information for a customer, the customer remains the Responsible Party and CloudMonkey acts as Operator under a written data protection addendum.
AI Governance
AI agents are documented as probabilistic tools that require human review for material decisions, sensitive data handling, and any workflow that may affect legal rights.
Built-In Signatures
CloudMonkey will operate its own in-platform signature workflow and audit trail instead of routing customer agreements through a third-party signing provider.
SLA Enforcement
The SLA separates response targets from resolution targets, classifies incidents by severity, and limits availability remedies to proportionate service credits.
Documentation architecture
The legal document set CloudMonkey should use for public onboarding, admin-generated quotes, service orders, and signed customer agreements.
Website Terms & E-Commerce Policy
OpenECTA sections 43 and 44, CPA direct marketing rules, VAT Act section 65.
Defines online contracting, supplier disclosures, review and correction, cooling-off treatment, immediate provisioning consent, price and tax display, electronic notices, and acceptable website use.
Master Services Agreement
Common law contract principles, CPA fixed-term constraints where applicable.
Governs the long-term customer relationship, payment terms, fixed terms, renewal notices, service orders, intellectual property, liability caps, suspension, termination, and dispute handling.
Service Order / Scope Schedule
Plain-language and scope certainty controls.
Turns each quote into measurable scope: seat counts, devices, supported systems, ticket allowance, included onboarding, excluded projects, minimum term, setup fees, and dependencies.
Service Level Agreement Matrix
Commercial SLA terms and Conventional Penalties Act proportionality.
Sets S1 to S4 severity definitions, response targets, escalation paths, maintenance exclusions, customer-caused outage exclusions, service credits, and chronic failure termination rights.
Data Protection Addendum
OpenPOPIA sections 19, 20, 21, and 22.
Documents CloudMonkey's Operator obligations, confidentiality, security safeguards, breach notice process, subprocessors, retention, deletion, and assistance with data subject requests.
Cross-Border Transfer Addendum
POPIA section 72.
Discloses cloud, security, email, voice, and AI regions where personal information may be processed and requires POPIA-equivalent controls for foreign recipients and onward transfers.
AI Services Addendum & Acceptable Use Policy
ECTA electronic agent rules, POPIA automated decision-making controls.
Defines human-in-the-loop requirements, AI output review, prohibited sensitive uses, data hygiene, customer ownership of inputs, and CloudMonkey ownership of integration workflow IP.
First-Party Signature Certificate
OpenElectronic contracting and evidentiary audit trail controls.
Records signer identity, account, timestamp, IP address, user agent, document version, acceptance text, document hash, and provisioning consent without using a third-party signature service.
Severity, response, and remedies
Availability and support commitments must be measurable. Customer-caused incidents, upstream provider failures, planned maintenance, and force majeure events are excluded from downtime calculations.
CloudMonkey signatures stay inside CloudMonkey.
CloudMonkey will use a built-in signature and acceptance workflow for quotes, service orders, MSAs, DPAs, AI addendums, and provisioning consent. No third-party e-signature platform is required for this workflow.
Each signed record should preserve signer account, email address, timestamp, IP address, user agent, document version, acceptance wording, SHA-256 document hash, and the final immutable PDF or HTML snapshot used for acceptance.
View signature policy