Bilko Terms of Service — Section 16 Sub-Processors (GDPR Art. 28(4))
MC: #100045 | Date: 2026-05-08
Draft Status: Pending final legal review and translations (per Lexicon S1-S4)
Corrections Applied: Org.nr 932 516 136 (corrected from hallucinated 933 534 262), Azure Sweden Central (corrected from Norway East)
Terms of Service
Project: Bilko — Balkan Accounting SaaS
Company: ALAI Holding AS (org.nr 932 516 136)
Version: 1.0
Last Updated: 2026-03-07
Author: ALAI Documentation Team
Status: DRAFT — Pending Legal Review
Reviewers: Legal Counsel (RS, BA, HR), CEO
Classification: Internal Draft (not for public use until legal sign-off)
Table of Contents
- Acceptance of Terms
- Definitions
- Description of Service
- Account Terms
- Subscription and Billing
- Acceptable Use
- Data Handling and Privacy
- Intellectual Property
- Warranties and Disclaimers
- Limitation of Liability
- Indemnification
- Term and Termination
- Service Availability and Changes
- Governing Law and Dispute Resolution
- General Provisions
- Contact
1. Acceptance of Terms
By registering for, accessing, or using the Bilko platform (the "Service") available at app.bilko.io, you ("Customer" or "you") agree to be bound by these Terms of Service ("Terms"). If you are accepting these Terms on behalf of a legal entity (a company, partnership, or other organization), you represent that you have the authority to bind that entity to these Terms.
If you do not agree to these Terms, you must not use the Service.
These Terms form a binding legal agreement between you and ALAI Holding AS (org.nr 932 516 136), a company incorporated in Norway, trading as Bilko ("Bilko", "we", "our", or "us").
By clicking "Create Account", "Start Free Trial", or similar acceptance mechanism, or by using the Service after any update to these Terms, you confirm your acceptance.
⚠️ LEGAL REVIEW REQUIRED: Confirm whether Norwegian law governs this contract, or whether Serbian, BiH, or Croatian law should govern for users in those jurisdictions (see Section 14). Consider whether click-wrap acceptance is sufficient under each jurisdiction's contract law (Serbian Zakon o obligacionim odnosima, BiH equivalent, Croatian Zakon o obveznim odnosima).
2. Definitions
| Term | Meaning |
| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
| Service | The Bilko cloud accounting platform, including the web application at app.bilko.io, the API, and all features therein |
| Account | A registered Bilko account belonging to an Organization |
| Organization | A legal entity or individual registered on Bilko for accounting purposes |
| Authorized User | A person granted access to an Organization's Bilko account (owner, admin, accountant, or viewer) |
| Customer Data | All data submitted by Authorized Users into the Service, including invoices, expenses, contacts, financial records, and tax identification numbers |
| Subscription Plan | The paid tier under which the Service is provided, as described on bilko.io/pricing |
| Billing Period | The monthly or annual period for which a Subscription Plan is purchased |
| Trial Period | A limited-period free access to the Service, as offered by Bilko at its discretion |
| Content | All text, data, software, functionality, graphics, and other materials provided by Bilko as part of the Service |
3. Description of Service
Bilko is a cloud-based accounting and invoicing platform designed for small and medium businesses (SMBs) operating in Serbia, Bosnia & Herzegovina, and Croatia. The Service includes:
- Double-entry bookkeeping with Balkan-standard chart of accounts (Serbian, FBiH, RS entity, and Croatian formats)
- Invoice creation and management — PDF generation, email delivery, status tracking
- E-invoice submission — SEF integration for Serbia (B2B mandatory since 2023); HR-FISK integration for Croatia (Phase 2)
- VAT/PDV calculation — Serbia (20%/10%/0%), BiH (17%/0%), Croatia (25%/13%/5%/0%)
- Expense tracking — with receipt storage and approval workflow
- Bank reconciliation — CSV import of bank statements
- Financial reporting — P&L, Balance Sheet, Cash Flow, VAT reports
- Multi-currency support — EUR, RSD, BAM, and other currencies with exchange rate locking
- Multi-user collaboration — Role-based access control (owner, admin, accountant, viewer)
- Data export — JSON, CSV, and compliance formats for tax authority filing
4. Account Terms
4.1 Registration
To use the Service, you must:
- Register and create an Organization account
- Provide accurate, complete, and current information
- Maintain and promptly update your account information when it changes
4.2 Account Security
You are responsible for:
- Maintaining the confidentiality of your account credentials
- All activities that occur under your account
- Immediately notifying Bilko of any unauthorized use at security@bilko.io
4.3 Account Roles
The Organization owner controls access. Users may be granted one of four roles:
- Owner — Full control, including billing and account deletion
- Admin — All features except billing and certain account settings
- Accountant — Can create and manage financial records; cannot delete
- Viewer — Read-only access
4.4 One Organization Per Subscription
Each Subscription Plan covers one (1) Organization. Accountants managing multiple clients must purchase a separate subscription per client organization, or use a multi-organization plan if offered.
⚠️ LEGAL REVIEW REQUIRED: Determine whether multi-organization accountant accounts require specific terms under Serbian/BiH/Croatian professional accounting regulations.
5. Subscription and Billing
5.1 Subscription Plans
Bilko offers paid Subscription Plans as published at bilko.io/pricing. All plans are billed in EUR. By subscribing to a paid plan, you authorize Bilko to charge your payment method for the applicable fees.
⚠️ LEGAL REVIEW REQUIRED: Confirm pricing strategy and all plan tiers. Confirm whether local currency (RSD for Serbia, BAM for BiH) invoicing is required under local consumer/business protection law.
5.2 Free Trial
Bilko may offer a free trial period at its discretion. At the end of the trial, your account will require a paid subscription to continue. Bilko will notify you before the trial ends.
5.3 Billing Cycle
- Monthly plans: billed on the same calendar day each month
- Annual plans: billed once per year; a proportional refund may be offered for cancellations (see Section 5.6)
- Billing date may shift by up to 1 day due to calendar month-end variations
5.4 Payment Methods
Bilko accepts payment methods as listed at checkout. You must provide a valid payment method and maintain it current. Bilko uses a PCI-compliant payment processor — your card data is never stored on Bilko servers.
⚠️ LEGAL REVIEW REQUIRED: Confirm payment processor (Stripe, Paddle, or other), confirm PCI-DSS scope, and ensure payment terms comply with Serbian Law on Payment Services (Zakon o platnim uslugama), BiH payment law, and Croatian payment law.
5.5 Late Payment
If payment fails, Bilko will:
- Retry payment up to 3 times over 7 days
- Send email notifications at each failure
- Suspend the account after 14 days of non-payment (read-only access preserved)
- Terminate the account after 30 days of non-payment, with data export offered
5.6 Cancellation and Refunds
- Monthly plans: You may cancel at any time. Cancellation takes effect at the end of the current Billing Period. No refunds are issued for partial months.
- Annual plans: Cancellation within 14 days of purchase qualifies for a full refund. After 14 days, a pro-rated refund for remaining full months may be provided at Bilko's discretion.
- Legal minimum: To the extent mandatory consumer protection law in your jurisdiction requires different refund terms, those terms apply.
⚠️ LEGAL REVIEW REQUIRED: Confirm refund obligations under Serbian Zakon o zaštiti potrošača, BiH equivalent, and Croatian Zakon o zaštiti potrošača. Determine whether B2B SaaS customers are covered by consumer protection or only commercial contract law in each jurisdiction.
5.7 Price Changes
Bilko may change Subscription Plan pricing with 30 days' written notice. If you do not cancel before the new pricing takes effect, you accept the new pricing.
5.8 Taxes
All prices are exclusive of applicable value-added tax (VAT/PDV). Bilko will add applicable VAT/PDV to invoices where legally required. You are responsible for any additional taxes applicable in your jurisdiction.
6. Acceptable Use
6.1 Permitted Use
You may use the Service only for lawful business accounting purposes within your registered Organization, in accordance with applicable law in your jurisdiction.
6.2 Prohibited Activities
You must not:
- Use the Service to commit fraud, tax evasion, or money laundering
- Enter false, fabricated, or fraudulent financial records or invoice data
- Attempt to gain unauthorized access to other organizations' data
- Reverse-engineer, decompile, or disassemble any part of the Service
- Use the Service to process data belonging to a different legal entity without authorization
- Attempt to circumvent the multi-tenancy isolation measures
- Use automated scrapers, bots, or scripts against the Service without prior written consent from Bilko
- Resell or sublicense the Service without a separate reseller agreement
6.3 Compliance with Local Law
You are responsible for ensuring that your use of Bilko complies with all applicable local laws, including:
- Tax filing obligations (Serbian Poreska uprava, BiH UIO, Croatian Porezna uprava)
- E-invoicing mandates (SEF for Serbia, HR-FISK/FINA for Croatia)
- Accounting record requirements
- Data protection obligations for data you enter about your clients
7. Data Handling and Privacy
7.1 Your Data
All Customer Data you enter into Bilko remains your property. Bilko processes Customer Data solely to provide and improve the Service.
7.2 Data Processing Agreement
By accepting these Terms, you also enter into a Data Processing Agreement (DPA) with Bilko, incorporated by reference, governing the processing of personal data within Customer Data. The DPA is available at bilko.io/dpa.
⚠️ LEGAL REVIEW REQUIRED: Draft and publish the Data Processing Agreement separately. The DPA must meet requirements of GDPR Art. 28 (for Croatian users), ZZPL Art. 45 (for Serbian users), and ZZLP BiH equivalents.
7.3 Privacy Policy
Bilko's Privacy Policy (available at bilko.io/privacy) is incorporated into these Terms by reference. It describes what personal data Bilko collects about you and your Authorized Users, and how it is processed.
7.4 Data Retention
Bilko retains financial data in accordance with mandatory accounting and tax retention periods:
- Serbia: 10 years (Zakon o računovodstvu)
- Bosnia & Herzegovina: 10–11 years (depending on entity)
- Croatia: 11 years (Zakon o računovodstvu)
7.5 Data Export
You may export all your Customer Data in JSON and CSV formats at any time through the Bilko interface. We will also provide your data upon account termination via a one-time export link, valid for 30 days.
8. Intellectual Property
8.1 Bilko's IP
The Service, including its software, design, features, documentation, branding ("Bilko", logo, color system), and all associated intellectual property, is owned by ALAI Holding AS (org.nr 932 516 136) or its licensors and is protected under applicable intellectual property laws. These Terms do not grant you any ownership rights in the Service.
You receive a limited, non-exclusive, non-transferable, revocable license to use the Service during your Subscription.
8.2 Your Data
You retain all ownership rights to Customer Data. You grant Bilko a limited license to store, process, and transmit Customer Data solely to provide the Service.
8.3 Feedback
If you provide feedback, suggestions, or ideas about the Service, you grant Bilko a perpetual, royalty-free license to use that feedback without compensation or attribution.
9. Warranties and Disclaimers
9.1 Bilko's Warranty
Bilko warrants that:
- The Service will materially conform to the documentation at bilko.io/docs during the Subscription
- Bilko will implement commercially reasonable security measures as described in its Security documentation
9.2 Disclaimers
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" TO THE MAXIMUM EXTENT PERMITTED BY LAW. Bilko specifically disclaims:
- No accounting or tax advice: Bilko is software, not an accountant or tax advisor. Bilko provides tools to help you create compliant records, but you are responsible for the accuracy of your data and for complying with all tax obligations. Consult a qualified accountant or tax advisor.
- No guarantee of regulatory compliance: While Bilko is designed for compliance with Serbian, BiH, and Croatian accounting law, regulations change frequently. Bilko will make reasonable efforts to update the Service but cannot guarantee compliance at all times.
- No uptime guarantee for e-government portals: Bilko's SEF and HR-FISK integrations depend on Serbian and Croatian government portal availability. Bilko is not responsible for failures caused by those external systems.
⚠️ LEGAL REVIEW REQUIRED: Confirm that disclaimer clauses are enforceable under Serbian Zakon o obligacionim odnosima, BiH equivalent, and Croatian Zakon o obveznim odnosima. Some consumer-protective jurisdictions limit disclaimer enforceability.
10. Limitation of Liability
10.1 Exclusion of Consequential Damages
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, BILKO SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING:
- Lost profits or revenue
- Tax penalties or regulatory fines arising from inaccurate data you entered
- Lost business opportunities
- Data loss (beyond Bilko's obligations under these Terms)
- Costs of alternative accounting software
10.2 Cap on Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, BILKO'S TOTAL LIABILITY TO YOU FOR ANY CLAIMS ARISING UNDER THESE TERMS SHALL NOT EXCEED THE GREATER OF:
- The total fees paid by you to Bilko in the 12 months prior to the event giving rise to the claim; OR
- €100
10.3 Exceptions
The limitations in this Section do not apply to:
- Bilko's liability for gross negligence or willful misconduct
- Bilko's liability for death or personal injury caused by Bilko's negligence
- Any liability that cannot be excluded under mandatory applicable law
⚠️ LEGAL REVIEW REQUIRED: Liability caps must be reviewed for enforceability under each jurisdiction's mandatory law. Croatian and Serbian consumer/commercial law may impose minimum liability floors.
11. Indemnification
You agree to indemnify, defend, and hold harmless Bilko and its officers, directors, employees, and agents from and against any claims, liabilities, damages, fines, penalties, and expenses (including reasonable legal fees) arising from:
- Your violation of these Terms
- Your violation of applicable law (including tax law, accounting law, or data protection law)
- Inaccurate Customer Data entered by you or your Authorized Users
- Your infringement of third-party rights
- Any regulatory penalty resulting from errors in data you provided
12. Term and Termination
12.1 Term
These Terms take effect when you accept them and continue for as long as you maintain a Bilko account.
12.2 Termination by You
You may terminate your account at any time by:
- Cancelling your subscription through account settings
- Exporting your data before the termination date
- Contacting support@bilko.io
12.3 Termination by Bilko
Bilko may suspend or terminate your account with:
- Immediate effect for: fraud, unauthorized access attempts, illegal use, or material breach
- 30 days' notice for: non-payment (after cure period), violation of Acceptable Use policy
- 90 days' notice for: discontinuation of the Service
12.4 Effect of Termination
Upon termination:
- Your access to the Service ends immediately (or at the notice period expiry)
- A data export link is provided, valid for 30 days
- Bilko retains financial data for mandatory retention periods per Section 7.4
- All rights and licenses granted to you terminate
13. Service Availability and Changes
13.1 Availability Target
Bilko targets 99.9% monthly uptime for the production environment (app.bilko.io). Planned maintenance windows will be announced with at least 48 hours' notice via email and status page.
13.2 Changes to the Service
Bilko may modify, add, or remove features at any time. For material changes that negatively affect your use of the Service, Bilko will provide at least 30 days' advance notice.
13.3 Changes to These Terms
Bilko may update these Terms. Material changes will be notified by email with at least 30 days' notice. Your continued use of the Service after the effective date constitutes acceptance. If you do not accept the new Terms, you may terminate your account before the effective date.
14. Governing Law and Dispute Resolution
14.1 Governing Law
⚠️ LEGAL REVIEW REQUIRED: This is a critical section requiring legal input. The following options must be evaluated:
Option A (Norwegian Law — for ALAI operating entity): These Terms are governed by the laws of Norway. Disputes are resolved in Norwegian courts. This may be unenforceable for consumers under EU law (Croatia) or Serbian/BiH mandatory jurisdiction rules.
Option B (Jurisdiction-specific): For Serbian users — Serbian law applies; for Croatian users — Croatian law applies (EU mandatory); for BiH users — BiH law applies.
Recommended approach (pending legal review): For business (B2B) customers, Norwegian law may be specified. For any consumer accounts, local mandatory law applies in each jurisdiction.
14.2 Dispute Resolution
Before initiating formal proceedings, the parties agree to attempt good-faith resolution through:
- Written notice to the other party describing the dispute
- 30-day negotiation period
- Formal proceedings if unresolved
14.3 Language
These Terms are provided in English. Translations into Serbian, Bosnian, and Croatian will be provided for informational purposes. In the event of conflict between language versions, the English version governs.
⚠️ LEGAL REVIEW REQUIRED: Confirm whether Croatian consumer protection law requires Croatian-language Terms to be legally binding in Croatia. Serbian and BiH law may have similar requirements for consumer-facing contracts.
15. General Provisions
15.1 Entire Agreement
These Terms, together with the Privacy Policy and Data Processing Agreement, constitute the entire agreement between you and Bilko regarding the Service and supersede all prior agreements.
15.2 Severability
If any provision of these Terms is found unenforceable, the remaining provisions remain in full force.
15.3 Waiver
Bilko's failure to enforce any provision of these Terms does not constitute a waiver of that provision.
15.4 Assignment
You may not assign your rights or obligations under these Terms without Bilko's prior written consent. Bilko may assign these Terms in connection with a merger, acquisition, or sale of assets, with 30 days' notice to you.
15.5 Force Majeure
Neither party shall be liable for delays or failures in performance caused by events beyond their reasonable control, including government actions, natural disasters, or internet infrastructure failures.
15.6 Electronic Communications
By using the Service, you consent to receive communications from Bilko electronically. You agree that electronic communications satisfy any legal requirement that communications be in writing.
16. Sub-Processors (GDPR Art. 28(4))
Bilko uses the following sub-processors to provide the Service:
16.1 Document Archive Pipeline
When you enable the document archival feature, Bilko processes certain document types through the following sub-processors:
Sub-ProcessorLegal EntityPurposeData CategoriesGeographic LocationSafeguards --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Cloudflare R2Cloudflare, Inc., USATemporary document staging for archive pipelineContract PDFs, invoices, care plans, incident reports, onboarding documentsEU region (eu-west storage bucket)Standard Contractual Clauses (SCCs) per Cloudflare's published DPA ALAI Azure VM (Paperless-ngx)ALAI Holding AS (org.nr 932 516 136), NorwayLong-term document archive at archive.alai.noSame document categories as aboveEU/EEA (Microsoft Azure Sweden Central region)ALAI Data Processing Agreement + Azure Standard Contractual Clauses16.2 Document Flow and Retention
Document types processed:
- Contracts and agreements
- Invoices (issued and received)
- Care plans (for care organizations)
- Incident reports
- Onboarding documents
- Documents are written to Cloudflare R2 staging bucket (temporary storage, typically < 5 minutes)
- Cloud Run worker uploads documents to Paperless-ngx archive every 5 minutes
- Documents are retained in archive per retention schedule (see Section 7.4)
- Financial documents (invoices, contracts): 7 years (Serbian, BiH, Croatian accounting law)
- Care-related documents (care plans, incident reports): 25 years (UK NHS standard, pending Balkan legal review)
16.3 Sub-Processor Change Notification
Bilko will provide 30 days' advance written notice via email before adding or replacing any sub-processor. You have the right to object to a new sub-processor within the notice period. If you object and Bilko cannot offer an alternative, you may terminate your subscription without penalty.
Bilko maintains an up-to-date list of sub-processors at bilko.io/sub-processors (to be published).
16.4 GDPR Compliance Reference
This sub-processor disclosure complies with GDPR Article 28(4), which requires the data controller (you) to authorize the data processor (Bilko) to engage sub-processors. By accepting these Terms, you provide such authorization for the sub-processors listed above.
17. Contact
Bilko / ALAI Holding AS (org.nr 932 516 136)
ChannelContact -------------------------------------------------------------------------------------------------------------------------- General supportsupport@bilko.io Legal / compliancelegal@bilko.io Privacy / data protectionprivacy@bilko.io Data Processing Agreementdpa@alai.no Security vulnerabilitiessecurity@bilko.io Postal addressPending — registered address to be confirmed upon company formation (see legal review note above)⚠️ LEGAL REVIEW REQUIRED: Confirm company address for legal notices. Determine whether Serbian, BiH, or Croatian regulations require a local postal address or registered agent for consumer-facing contracts.