Hosting and Website Care
Managed hosting and website care, for any site, anywhere in the world.
Engineering-run hosting on a tier-1 global edge network, with a written 99.99 percent SLA, a documented 7-day migration runbook, and a senior team that carries the on-call pager directly. We host and maintain websites of every kind — WordPress, headless commerce, custom Node and Astro builds, static sites, Webflow exports — for hospitality, professional services, and SaaS operators who need their website to behave like infrastructure.
FYI Digital is an APAC-based digital operator. We work primarily with hospitality and professional service firms across Bali, Singapore, and Australia. Reference calls available to qualified buyers after a signed mutual NDA.
99.99%
Monthly uptime SLA
Up to 52 min/year. Synthetic checks, 4 geographies.
4h / 24h
RTO / RPO
Recovery time objective and recovery point objective.
<15 min
On-call acknowledgement
Production alert to engineer keystroke, 24/7.
Monthly
Verified restore drills
Scripted test-restore, log shared on request.
Where we fit
We are a small senior team running serious infrastructure for clients who would rather not run it themselves.
Hosting is not a side product for us. It is the part of the engagement where we earn or lose trust on the days nothing else is going wrong. We deploy on a tier-1 global edge platform that carries the certifications, the operational tooling, and the documented sub-processor disclosure that enterprise procurement needs to clear a vendor without weeks of back-and-forth. Underlying providers are named on request; the offering itself is stack-agnostic.
We are not the right fit if you need a SOC 2 Type II report from the operator itself, if you require a 24/7 staffed network operations centre in the same legal entity, or if your procurement process disallows any vendor under fifty employees. We will say so on the first call rather than waste a month of yours.
We are the right fit if you want a small senior team that returns emails the same day, writes a real post-mortem when something breaks, and treats your DNS and your data as transferable property you can take back at any time.
What we run for you
The capability layer behind every site we host.
Every site we manage runs on the same operational backbone: a tier-1 global edge network, audited backup providers, authenticated email delivery, and 24/7 multi-region monitoring. The components below are capability-level, not stack-specific — we deploy the same standards whether your site is WordPress, headless commerce, a custom Node app, or static.
Request the full sub-processor listEdge delivery
Global anycast network
330+ edge locations, sub-50ms TTFB worldwide
Origin compute
Auto-scaling regional runtime
Per-account region pinning (APAC, EU, AU, US)
Persistent storage
Managed relational + object
Per-region read replicas where useful
Cache + sessions
Distributed key-value layer
Eventual consistency, millisecond reads
Transactional email
Authenticated mail delivery
SPF, DKIM, DMARC enforced per-domain
Off-site backup
Second-provider object store
Separate provider, separate region, daily
Error monitoring
Source-mapped alerting
Routed to the on-call engineer, not a queue
Synthetic monitoring
Multi-region uptime probes
60-second interval, 4 geographies
Security Posture
The defaults that should be defaults everywhere.
Most managed hosts ship with one or two of the items below. We ship every project with all of them, configured to your stack, and re-audited quarterly. The list reads as ordinary because the work is ordinary, and that is the point.
The infrastructure providers we deploy on top of hold SOC 2 Type II and ISO 27001. FYI Digital itself is not independently certified. We will state this clearly on any vendor questionnaire rather than imply otherwise.
- TLS 1.3 with automatic certificate renewal. HSTS preload. Modern cipher suites only.
- Web Application Firewall on the OWASP Core Ruleset, plus custom rules tuned to your stack.
- Always-on L3 and L4 DDoS mitigation. L7 challenge with adaptive thresholds.
- Bot management with managed challenges. Per-route rate limiting.
- Google Workspace SSO. Hardware-key 2FA required for all production access.
- Daily off-site snapshots. Restore tested monthly on a scheduled job. Log shared on request.
- Twelve-month immutable audit log of every production access event.
- Quarterly internal review against an OWASP-derived checklist. Third-party pen test scoped on request as part of enterprise engagements.
Service Level Agreement
The credit schedule. Written down.
Vague guarantees are a sales line. Here is what we owe you if we miss the number, written into the MSA, with credits applied automatically to the next invoice. No claim form.
How we measure
Synthetic HTTP checks every 60 seconds from Singapore, Frankfurt, Sydney, and Virginia. A request counts as failed when two consecutive checks from two different geographies both fail (this prevents a single regional ISP routing fault from triggering a false breach). Scheduled maintenance windows, capped at 4 hours per quarter and announced 14 days in advance, are excluded.
Credit schedule
- 99.9% to 99.99%10% credit
- 99.0% to 99.9%25% credit
- Below 99.0%50% credit
Credits applied automatically to the next invoice. The schedule is contractual, not discretionary.
The complete MSA, DPA, and information security policy are available to qualified buyers on request. We return them, redlined or signed, within two business days.
Migration Runbook
Seven working days. No surprises.
The runbook below is the document we send you on day zero. Ownership is marked at every step. Rollback paths are documented. We have moved sites from SiteGround, WP Engine, Kinsta, Cloudways, AWS Lightsail, and DigitalOcean. We have not yet refused a migration; if we did, we would tell you on the discovery call rather than after a deposit.
Day 1
Discovery
Site inventory. Dependency audit. Registrar access verification. Performance baseline against your real-user monitoring at the 75th percentile.
Days 2 to 3
Stage and surface
Clone production to staging. Smoke test. Surface any silent breaks left by the previous host (broken cron, missing redirects, expired API keys, malformed sitemaps).
Days 4 to 5
Harden and tune
WAF policy. Header policy (Content-Security-Policy, HSTS, Permissions-Policy). Image pipeline. Automated regression coverage on the top 20 URLs.
Day 6
Soft launch
Feature-flag DNS to 10 percent of traffic for 24 hours. Both teams on a video bridge for the first hour. Roll back at the first sign of trouble.
Day 7
Full cutover
DNS flip during your lowest-traffic window. Old origin held warm for 30 days. Live monitoring for the first 48 hours.
Day 30
Stabilisation review
Joint review: SLO attainment, performance deltas, security findings, open work. Written report to your team.
Rollback path
Full DNS revert under 15 minutes at any point in the seven days. We keep your previous origin warm for 30 days post-cutover at no additional cost. You can return to your old host at any point in that window without losing data or downtime.
How to evaluate us
Pick a low-traffic site. Give us 30 days.
Trust is hard to read from a page. Here is the closest thing to a verification we can offer: send us a staging environment or a low-traffic site to migrate as a 30-day trial. We will move it, run it, monitor it, and write a closing report at day 30 that covers uptime, performance deltas, security findings, and the open questions either team surfaced.
If you continue, the trial counts as the first month of paid service. If you do not, you keep every artefact (the migrated codebase, the WAF policy, the monitoring dashboards, the security audit) and we hand the site back to your previous host or to a new provider at no charge.
This is the cleanest way for a serious buyer to evaluate hosting without taking our word for anything.
What we do not do
A short list, kept honest.
The fastest way to know whether a vendor is the right fit is to know what they refuse to do.
- · We do not resell shared WordPress hosting from cPanel resellers.
- · We do not subcontract our on-call rotation.
- · We do not store credentials, code, or backups outside the providers in our published sub-processor list.
- · We do not host adult content, gambling, casino affiliate, or grey-market crypto.
- · We do not impose minimum-term contracts. Monthly billing. Thirty days notice. Full data portability.
- · We do not publish vanity certifications we have not earned. If you need formal SOC 2 of the operator (not the infrastructure), we will say so and refer you elsewhere.
Who runs your hosting
Senior engineers. Direct lines.
Production work is done by senior engineers with ten-plus years operating live web infrastructure across hospitality, agencies, and SaaS. We do not operate a junior tier, an offshore call queue, or a rotating point of contact. When you raise a ticket, an engineer reads it and replies. When the pager goes off at 3am, the same engineer acknowledges it.
We cap our hosting book at a number that keeps the on-call rotation sustainable. If accepting a new client would compromise response times for existing clients, we will say so on the first call and recommend an alternative provider.
Business hours
Bali, GMT+8. Engineering coverage 09:00 to 19:00 local. Direct human reply via email within one business day, usually within hours.
Out of hours
Multi-region uptime probes page on-call within 60 seconds of a production fault. Initial human acknowledgement under 15 minutes.
For your procurement and security teams
Questions we get on vendor questionnaires.
The questions below come from real procurement and security questionnaires. Answers are written to be quotable directly into a buyer's internal evaluation document.
Next step
Send us your current setup. We send back a written scoping document within two business days.
No discovery deck. No qualifying questions. Reply to the address below with your domain and current host. We return: a security audit summary, a performance baseline, a migration cost estimate, and the standard MSA, in the same email.
FYI Digital · Jl. Padang Kartika I No. 3, Denpasar, Bali 80117, Indonesia · operating since 2024 · Direct line to engineering: info@fyidigital.co or WhatsApp +62 813 3885 0318.
