General Terms of Service of Tilit.AI Oy

Updated 7 April 2026

1. Scope and contract structure

This general terms and conditions document applies to the use and delivery of the Tilit.AI service provided by Tilit.AI Oy, the related software, usage rights, maintenance, support services, additional services and other related deliveries, unless the parties have expressly agreed otherwise in writing.

The agreement between Tilit.AI and the Customer consists of the following documents in order of precedence: (i) a customer-specific order, offer, agreement form or other commercial master agreement, (ii) any service descriptions, price lists, service level appendices, information security appendices and data processing appendices, and (iii) these general terms and conditions.

If there is a conflict between the contractual documents, the customer-specific master agreement will prevail first, followed by the other appendices in accordance with their order of precedence. These general terms and conditions apply supplementarily to all matters not otherwise agreed on a customer-specific basis.

The Customer may be either Tilit.AI's end customer or an accounting firm that uses the Service in its own operations or on behalf of its own customers. To the extent that the Customer uses the Service on behalf of its own customers, the Customer is responsible for having the necessary agreements, authorisations and other legal basis for doing so.

2. Definitions

"Service" means the cloud-based financial management software provided by Tilit.AI, the related user interfaces, automations, AI features, interfaces, back-end services, support services, maintenance and other service entities agreed between the parties.

"Customer" means a natural person or legal entity that has entered into an agreement with Tilit.AI for the use of the Service.

"User" means a natural person designated by the Customer who has been granted the right to use the Service on behalf of the Customer.

"Customer Data" means all data, materials, documents, vouchers, reports, settings and other information stored, entered, transferred, processed in the Service by the Customer or on behalf of the Customer, or generated through the Service.

"Service Description" means a description of the content, functionalities, limitations, possible usage limits and other specifications concerning the Service.

"Third-Party Service" means a service provided by an external supplier that may be used as part of the Tilit.AI service or with which the Service may be integrated, such as a banking connection, identification, e-invoicing, monitoring or infrastructure service.

3. Service content, development and changes

The content of the Service is determined by the currently applicable customer-specific agreement, the Service Description and any price list. Tilit.AI has the right to continuously develop, update, modify and improve the Service as part of normal product development.

Tilit.AI has the right to make changes to the Service that do not materially impair the agreed service package from the Customer's perspective, that are necessary due to information security, operational reliability, law, authority requirements or changes in third-party services, or that are otherwise part of the normal development of the Service.

Tilit.AI aims to notify the Customer in advance within a reasonable time of material changes affecting the Service whenever this is practically possible and appropriate. The Customer acknowledges that the Service is by nature a continuously developing SaaS service and not a static software version.

Unless otherwise agreed on a customer-specific basis, Tilit.AI does not undertake to deliver any specific future features, integrations, roadmap items or customer-specific customisations to the Customer.

4. Right of use

Tilit.AI grants the Customer, for the term of the agreement, a limited, non-exclusive, non-transferable and non-sublicensable right to use the Service in the Customer's own internal business operations to the extent agreed in the agreement.

The Customer may grant the right to use the Service only to such Users who act on behalf of the Customer or an accounting firm, bookkeeper, auditor or similar cooperation partner authorised by the Customer and who have been properly authorised by the Customer to do so.

The Customer may not resell, rent, sublicense or otherwise transfer the Service for the use of a third party without Tilit.AI's prior written consent.

The Customer may not decompile, reverse engineer, copy, circumvent the Service's security mechanisms, attempt to gain unauthorised access to the Service's databases or to the data of other customers, or otherwise use the Service in a manner that jeopardises the security of the Service or the rights of Tilit.AI or any third party.

5. User credentials and access management

The Customer is responsible for ensuring that all user IDs, passwords, certificates and other authentication details for the Service are stored carefully and not disclosed to unauthorised parties.

The Customer is responsible for all use of the Service until Tilit.AI has received notice from the Customer of misuse of authentication details or their coming into the possession of a third party and has had a reasonable time to take preventive measures.

For security reasons, Tilit.AI has the right to block or restrict access rights, require a password change, close an individual user account or otherwise intervene in the use of the Service if Tilit.AI has a justified reason to suspect misuse, information security threats or activity contrary to the agreement.

6. Customer responsibilities

The Customer is responsible for ensuring that the Customer Data entered, transferred or otherwise processed in the Service is accurate, sufficient, lawful and appropriate for the Customer's own intended purpose.

The Customer is responsible for its own devices, software, telecommunications connections, operating environment, internal information security and for ensuring that its Users have the necessary competence and authorisations to use the Service.

The Customer is responsible for ensuring that it has the right to process, store and transfer to the Service such data, documents and personal data that it brings into the Service and that the use of the Service does not infringe the rights of any third party or applicable law.

The Customer is responsible for its own accounting, tax, legal and business judgement. The Service supports the Customer's processes, but it does not transfer the Customer's statutory responsibilities to Tilit.AI.

7. Tilit.AI's general obligations

Tilit.AI shall provide the Service professionally and with due care and shall use reasonable measures to maintain the availability, information security and functionality of the Service.

Tilit.AI has the right to use subcontractors, subprocessors and third-party service providers in providing the Service. Tilit.AI is responsible for the performance of its own subcontractors as for its own, except to the extent otherwise required by law or agreement.

Tilit.AI shall inform the Customer without undue delay of any material circumstances of which it becomes aware that may significantly affect the use of the Service or the information security of Customer Data.

8. AI features

The Service may include features based on artificial intelligence, automation or machine analysis, such as account coding suggestions, reconciliation, reporting, document interpretation, identification of missing materials, interpretation of key figures or other similar assisting functionality.

AI features are assistive in nature and do not replace the professional judgement, approval or responsibility of the Customer, an accounting firm, a bookkeeper, an auditor or another expert.

The Customer is always responsible for how it uses the suggestions, automations, reports and other AI-assisted outputs produced by the Service, and the Customer must review essential information before using it for business decisions, authority filings, accounting or other similar purposes.

9. Third-party services and integrations

The Service may utilise Third-Party Services such as banking connections, identification services, e-invoicing services, monitoring and analytics services, cloud infrastructure and other similar services.

The Customer acknowledges that such Third-Party Services may have their own terms of use, technical restrictions, service interruptions, changes, performance differences or other factors beyond Tilit.AI's control. Tilit.AI is not responsible for the operation, availability or compatibility of a Third-Party Service except to the extent that Tilit.AI has expressly undertaken to deliver its own part with due care.

If the Service includes banking connections or other functions based on PSD2 or similar regulatory models, the Customer is responsible for the necessary authorisations, bank or service provider agreements and for ensuring that the account details, rights and authorisations provided by the Customer are up to date.

10. Prices, invoicing and payment terms

The prices of the Service are determined in accordance with the customer-specific agreement, the price list agreed from time to time or the offer document. Unless otherwise agreed, prices are stated exclusive of value added tax, which will be added to the invoice in accordance with the legislation in force from time to time.

Unless otherwise agreed on a customer-specific basis, implementations, project work and other one-time services are invoiced in advance or according to the progress of the work, and recurring service fees are invoiced monthly in advance.

The payment term is seven (7) days net from the invoice date. For delayed payments, Tilit.AI has the right to charge default interest in accordance with the Interest Act and reasonable collection costs.

If the Customer neglects to pay a due and undisputed invoice, Tilit.AI has the right, after a reminder, to suspend the use of the Service or postpone new deliveries until all due and undisputed payments have been made.

Unless otherwise agreed on a customer-specific basis, Tilit.AI has the right to revise prices for agreements in force until further notice by giving at least thirty (30) days' prior notice. Prices for a fixed-term agreement remain in force for the agreed contract period unless otherwise required by law, an authority decision or a material change in third-party costs.

11. Additional work and expert services

The customer-specific agreed price list applies to the use, implementation, migration, data corrections, training, expert work, information security reviews, audit support and other separately requested additional services relating to the Service, or, unless otherwise agreed, Tilit.AI's current hourly rate for expert work applies.

Additional work is performed at the Customer's request or with the Customer's prior approval. Tilit.AI has no obligation to commence additional work without the Customer's order or other sufficiently clear approval.

12. Intellectual property rights

All rights to the Service, software, source code, user interfaces, data models, algorithms, automations, documentation, trademarks, commercial identifiers and other materials of Tilit.AI or its licensors belong to Tilit.AI or its licensors.

Under this agreement, the Customer receives no rights other than the express right to use the Service. The agreement does not transfer to the Customer any ownership right, copyright or other intellectual property right in the Service or any part of it.

Ownership and intellectual property rights in Customer Data belong to the Customer or the Customer's right holder. Tilit.AI nevertheless has the right to use Customer Data to perform the agreement, provide, support and maintain the Service, ensure information security, carry out billing and develop the Service to the extent permitted by law and the agreement.

Tilit.AI has the right to use, without separate compensation, any feedback, development suggestions and observations provided by the Customer for the development of the Service.

13. Data protection

The parties intend that Tilit.AI acts as a processor of personal data when it processes on behalf of the Customer such personal data for which the Customer acts as controller. If the Customer itself acts as a processor in relation to its own customer, Tilit.AI then acts as a subprocessor to the extent that it processes data on behalf of the Customer.

The Customer is responsible for ensuring that there is a lawful basis for the processing of personal data and that the Customer has the right to transfer the relevant data to Tilit.AI for the implementation of the Service.

Tilit.AI processes personal data only for the performance of the agreement, in accordance with the Customer's documented instructions and as required by applicable data protection legislation. The more detailed content of the processing, the categories of personal data, the purposes of processing, subprocessors and other special terms are described in a separate data processing appendix or Tilit.AI's processing description.

Tilit.AI shall inform the Customer without undue delay of any personal data breach of which it becomes aware that concerns the Customer's personal data and in respect of which the Customer may have notification obligations or other statutory duties.

14. Information security and hosting

Tilit.AI maintains appropriate technical and organisational security measures in the Service to protect the confidentiality, integrity and availability of Customer Data, taking into account the nature of the Service, the type of data processed and the costs of implementation.

Tilit.AI processes Customer Data primarily in Finland and elsewhere within the European Union or the European Economic Area. The key service providers, technical solutions and processing locations used in providing the Service may be described in more detail in a separate information security or data processing appendix.

Tilit.AI has the right to update the service providers, technical solutions and processing locations it uses, provided that the change does not materially weaken the agreed level of information security or data protection. If personal data is transferred outside the EU or EEA, Tilit.AI will ensure appropriate transfer mechanisms in accordance with applicable legislation.

Unless otherwise agreed on a customer-specific basis, Tilit.AI implements backup and recovery in accordance with the normal practices of its service package. Tilit.AI is not, however, responsible for any loss or corruption of data resulting from the Customer's own actions, incorrect material provided by the Customer or issues in the Customer's own environment.

15. Confidentiality

Each party undertakes to keep the other party's confidential information secret and may not use it for any purpose other than that set out in the agreement.

Confidential information includes, in particular, contractual terms, pricing, technical descriptions, information security information, source code, Customer Data, business information, non-public product plans, reports and any other information that is confidential by its nature or designation.

The confidentiality obligation does not apply to information that is publicly available without breach by the receiving party, that was in the receiving party's possession without confidentiality obligations before it was received from the other party, or that has been lawfully obtained from a third party without confidentiality obligations.

The confidentiality obligation continues for five (5) years after the termination of the agreement unless the law or the agreement requires longer protection for Customer Data.

16. Reference right

Tilit.AI has the right to mention the Customer in its reference list and in its ordinary sales and marketing communications unless otherwise agreed in writing on a customer-specific basis.

Any use of the Customer's logo, customer story, case description, public release, quotation or other broader reference material requires the Customer's prior written approval.

17. Suspension of the Service

Tilit.AI has the right to suspend the use of the Service in whole or in part if the suspension is necessary due to maintenance, servicing, updates, information security, law, authority requirements or another similar justified reason.

Tilit.AI also has the right to suspend the Customer's use of the Service if the Customer uses the Service contrary to law or the agreement, materially neglects its payment obligations, jeopardises the information security of the Service or disturbs the use of the Service by other customers.

Tilit.AI aims to notify the Customer in advance of planned service interruptions whenever reasonably possible.

18. Contract term, notice of termination and rescission

The agreement is valid for the contract term agreed on a customer-specific basis. Unless otherwise agreed on a customer-specific basis, the agreement remains in force until further notice with a notice period of one (1) month on the Customer's side and three (3) months on Tilit.AI's side.

A fixed-term agreement remains in force for the agreed fixed term and may not be terminated to end before the expiry of that term unless the agreement expressly provides otherwise or unless there are grounds for rescission.

Either party has the right to rescind the agreement with immediate effect if the other party materially breaches the agreement and does not remedy the breach within thirty (30) days after receiving a written notice, or if the other party is declared bankrupt, placed in liquidation or otherwise becomes permanently insolvent.

Tilit.AI also has the right to rescind the agreement or limit the performance of its obligations if there is a justified reason to do so arising from sanctions, legislation or authority requirements.

19. End of the agreement and data handover

Upon termination of the agreement, the Customer has the right to obtain a copy of the Customer Data stored in the Service in a standard format offered by Tilit.AI, unless otherwise required by law.

If the Customer requests a separate exit project, migration support, data modification, mapping work, additional reporting or other assistance exceeding the standard handover, such work will be invoiced separately in accordance with Tilit.AI's price list or a separate offer.

Tilit.AI has the right to delete Customer Data after a reasonable period following termination of the agreement unless applicable legislation or a separate written agreement requires the data to be retained for longer.

20. Limitation of liability

Tilit.AI is not liable for indirect or consequential damages, such as lost revenue, profit, savings, goodwill, reputational harm or business interruption.

Tilit.AI's aggregate total liability for damages arising from the agreement is limited to an amount corresponding to the service fees paid by the Customer to Tilit.AI during the twelve (12) months immediately preceding the damage. If the damage occurs before twelve months have elapsed from the entry into force of the agreement, liability is limited to the amount actually paid by the Customer up to that point.

The above limitations of liability do not apply to damage caused intentionally or through gross negligence, nor do they affect liability to the extent that it cannot be limited under mandatory law.

Tilit.AI is not liable for damage caused by incorrect material provided by the Customer, the Customer's or a third party's systems, Third-Party Services, erroneous actions taken by the Customer, the Customer's omissions or the Customer's reliance on automatic suggestions produced by the Service without appropriate review.

21. Sanctions

The Customer represents that the Customer, its direct and indirect owners, beneficial owners, management or other material parties related to the use of the Service or the contractual relationship are not subject to applicable sanctions to such an extent that performance of the agreement would be prohibited or would expose Tilit.AI to legal or commercial risk.

The Customer undertakes to notify Tilit.AI without delay if a change occurs in the above circumstances during the contract period. Tilit.AI has the right to rescind the agreement or suspend the Service with immediate effect if it has a justified reason to suspect that performance of the agreement would be prohibited due to sanctions or would involve a material risk.

22. Force majeure

Neither party is liable for delay or damage resulting from an obstacle beyond that party's control that the party could not reasonably have foreseen or avoided. Such obstacles include, among other things, war, action by an authority, labour dispute, natural disaster, extensive telecommunications disruption, power outage, cyberattack, a serious outage at a cloud service provider or another similar exceptional event.

A party invoking force majeure must notify the other party of the obstacle without undue delay.

23. Assignment of the agreement

The Customer may not assign the agreement or any rights or obligations arising from it without Tilit.AI's prior written consent.

Tilit.AI has the right to assign the agreement in whole or in part to a group company, in connection with a business transaction, merger, demerger or other corporate restructuring, or in connection with a financing arrangement concerning receivables.

24. Governing law and dispute resolution

The agreement is governed by the laws of Finland, excluding its conflict of laws provisions.

The parties will primarily seek to resolve disputes concerning the agreement through negotiations. If no resolution is reached within a reasonable time, the dispute will be finally resolved by arbitration in accordance with the rules of the Arbitration Institute of the Finland Chamber of Commerce, with one arbitrator. The seat of arbitration is Helsinki and the language of the proceedings is Finnish.

Tilit.AI nevertheless has the right to collect a clear and due monetary receivable in the competent general court at the Customer's domicile.

25. Other terms

A party's failure to exercise any right under the agreement does not constitute a waiver of that right.

If any provision of the agreement is found to be invalid or unenforceable, this does not affect the validity of the other provisions. The parties shall then seek to replace the provision in question with a new provision that corresponds as closely as possible to the original purpose.

All notices relating to the agreement must be made in writing. Email is considered an acceptable means of notice unless there is a justified reason to require another procedure.