# Bilko Terms of Service — Section 16 Sub-Processors (GDPR Art. 28(4))
**⚠️ STATUS** **MC:** #100045 | **Date:** 2026-05-08 **Draft Status:** Pending final legal review and translations (per Lexicon S1-S4) **Corrections Applied:** Org.nr 932 516 136 (corrected from hallucinated 933 534 262), Azure Sweden Central (corrected from Norway East)
# Terms of Service > **Project:** Bilko — Balkan Accounting SaaS > **Company:** ALAI Holding AS (org.nr 932 516 136) > **Version:** 1.0 > **Last Updated:** 2026-03-07 > **Author:** ALAI Documentation Team > **Status:** DRAFT — Pending Legal Review > **Reviewers:** Legal Counsel (RS, BA, HR), CEO > **Classification:** Internal Draft (not for public use until legal sign-off) --- ## Table of Contents - [Acceptance of Terms](#1-acceptance-of-terms) - [Definitions](#2-definitions) - [Description of Service](#3-description-of-service) - [Account Terms](#4-account-terms) - [Subscription and Billing](#5-subscription-and-billing) - [Acceptable Use](#6-acceptable-use) - [Data Handling and Privacy](#7-data-handling-and-privacy) - [Intellectual Property](#8-intellectual-property) - [Warranties and Disclaimers](#9-warranties-and-disclaimers) - [Limitation of Liability](#10-limitation-of-liability) - [Indemnification](#11-indemnification) - [Term and Termination](#12-term-and-termination) - [Service Availability and Changes](#13-service-availability-and-changes) - [Governing Law and Dispute Resolution](#14-governing-law-and-dispute-resolution) - [General Provisions](#15-general-provisions) - [Contact](#16-contact) --- ## 1. Acceptance of Terms By registering for, accessing, or using the Bilko platform (the "Service") available at **app.bilko.io**, you ("Customer" or "you") agree to be bound by these Terms of Service ("Terms"). If you are accepting these Terms on behalf of a legal entity (a company, partnership, or other organization), you represent that you have the authority to bind that entity to these Terms. **If you do not agree to these Terms, you must not use the Service.** These Terms form a binding legal agreement between you and **ALAI Holding AS** (org.nr 932 516 136), a company incorporated in Norway, trading as Bilko ("Bilko", "we", "our", or "us"). By clicking "Create Account", "Start Free Trial", or similar acceptance mechanism, or by using the Service after any update to these Terms, you confirm your acceptance. > ⚠️ LEGAL REVIEW REQUIRED: Confirm whether Norwegian law governs this contract, or whether Serbian, BiH, or Croatian law should govern for users in those jurisdictions (see Section 14). Consider whether click-wrap acceptance is sufficient under each jurisdiction's contract law (Serbian Zakon o obligacionim odnosima, BiH equivalent, Croatian Zakon o obveznim odnosima). --- ## 2. Definitions
TermMeaning
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
**Service**The Bilko cloud accounting platform, including the web application at app.bilko.io, the API, and all features therein
**Account**A registered Bilko account belonging to an Organization
**Organization**A legal entity or individual registered on Bilko for accounting purposes
**Authorized User**A person granted access to an Organization's Bilko account (owner, admin, accountant, or viewer)
**Customer Data**All data submitted by Authorized Users into the Service, including invoices, expenses, contacts, financial records, and tax identification numbers
**Subscription Plan**The paid tier under which the Service is provided, as described on bilko.io/pricing
**Billing Period**The monthly or annual period for which a Subscription Plan is purchased
**Trial Period**A limited-period free access to the Service, as offered by Bilko at its discretion
**Content**All text, data, software, functionality, graphics, and other materials provided by Bilko as part of the Service
## 3. Description of Service Bilko is a cloud-based accounting and invoicing platform designed for small and medium businesses (SMBs) operating in Serbia, Bosnia & Herzegovina, and Croatia. The Service includes: - **Double-entry bookkeeping** with Balkan-standard chart of accounts (Serbian, FBiH, RS entity, and Croatian formats) - **Invoice creation and management** — PDF generation, email delivery, status tracking - **E-invoice submission** — SEF integration for Serbia (B2B mandatory since 2023); HR-FISK integration for Croatia (Phase 2) - **VAT/PDV calculation** — Serbia (20%/10%/0%), BiH (17%/0%), Croatia (25%/13%/5%/0%) - **Expense tracking** — with receipt storage and approval workflow - **Bank reconciliation** — CSV import of bank statements - **Financial reporting** — P&L, Balance Sheet, Cash Flow, VAT reports - **Multi-currency support** — EUR, RSD, BAM, and other currencies with exchange rate locking - **Multi-user collaboration** — Role-based access control (owner, admin, accountant, viewer) - **Data export** — JSON, CSV, and compliance formats for tax authority filing The specific features available depend on the Subscription Plan. Bilko reserves the right to modify, add, or discontinue features with reasonable notice. --- ## 4. Account Terms ### 4.1 Registration To use the Service, you must: - Register and create an Organization account - Provide accurate, complete, and current information - Maintain and promptly update your account information when it changes You are responsible for ensuring that all information you provide, including organizational details, tax identification numbers, and financial data, is accurate. Bilko is not responsible for regulatory penalties arising from inaccurate data entered by you. ### 4.2 Account Security You are responsible for: - Maintaining the confidentiality of your account credentials - All activities that occur under your account - Immediately notifying Bilko of any unauthorized use at security@bilko.io Bilko enforces security measures including two-factor authentication (optional), JWT-based session management with 15-minute access token expiry, and automatic lockout after 5 failed login attempts per 15 minutes. You must not share your login credentials with unauthorized persons. ### 4.3 Account Roles The Organization owner controls access. Users may be granted one of four roles: - **Owner** — Full control, including billing and account deletion - **Admin** — All features except billing and certain account settings - **Accountant** — Can create and manage financial records; cannot delete - **Viewer** — Read-only access You are responsible for managing the roles of your Authorized Users appropriately. ### 4.4 One Organization Per Subscription Each Subscription Plan covers one (1) Organization. Accountants managing multiple clients must purchase a separate subscription per client organization, or use a multi-organization plan if offered. > ⚠️ LEGAL REVIEW REQUIRED: Determine whether multi-organization accountant accounts require specific terms under Serbian/BiH/Croatian professional accounting regulations. --- ## 5. Subscription and Billing ### 5.1 Subscription Plans Bilko offers paid Subscription Plans as published at bilko.io/pricing. All plans are billed in **EUR**. By subscribing to a paid plan, you authorize Bilko to charge your payment method for the applicable fees. > ⚠️ LEGAL REVIEW REQUIRED: Confirm pricing strategy and all plan tiers. Confirm whether local currency (RSD for Serbia, BAM for BiH) invoicing is required under local consumer/business protection law. ### 5.2 Free Trial Bilko may offer a free trial period at its discretion. At the end of the trial, your account will require a paid subscription to continue. Bilko will notify you before the trial ends. ### 5.3 Billing Cycle - Monthly plans: billed on the same calendar day each month - Annual plans: billed once per year; a proportional refund may be offered for cancellations (see Section 5.6) - Billing date may shift by up to 1 day due to calendar month-end variations ### 5.4 Payment Methods Bilko accepts payment methods as listed at checkout. You must provide a valid payment method and maintain it current. Bilko uses a PCI-compliant payment processor — your card data is never stored on Bilko servers. > ⚠️ LEGAL REVIEW REQUIRED: Confirm payment processor (Stripe, Paddle, or other), confirm PCI-DSS scope, and ensure payment terms comply with Serbian Law on Payment Services (Zakon o platnim uslugama), BiH payment law, and Croatian payment law. ### 5.5 Late Payment If payment fails, Bilko will: - Retry payment up to 3 times over 7 days - Send email notifications at each failure - Suspend the account after 14 days of non-payment (read-only access preserved) - Terminate the account after 30 days of non-payment, with data export offered ### 5.6 Cancellation and Refunds - **Monthly plans:** You may cancel at any time. Cancellation takes effect at the end of the current Billing Period. No refunds are issued for partial months. - **Annual plans:** Cancellation within 14 days of purchase qualifies for a full refund. After 14 days, a pro-rated refund for remaining full months may be provided at Bilko's discretion. - **Legal minimum:** To the extent mandatory consumer protection law in your jurisdiction requires different refund terms, those terms apply. > ⚠️ LEGAL REVIEW REQUIRED: Confirm refund obligations under Serbian Zakon o zaštiti potrošača, BiH equivalent, and Croatian Zakon o zaštiti potrošača. Determine whether B2B SaaS customers are covered by consumer protection or only commercial contract law in each jurisdiction. ### 5.7 Price Changes Bilko may change Subscription Plan pricing with 30 days' written notice. If you do not cancel before the new pricing takes effect, you accept the new pricing. ### 5.8 Taxes All prices are exclusive of applicable value-added tax (VAT/PDV). Bilko will add applicable VAT/PDV to invoices where legally required. You are responsible for any additional taxes applicable in your jurisdiction. --- ## 6. Acceptable Use ### 6.1 Permitted Use You may use the Service only for lawful business accounting purposes within your registered Organization, in accordance with applicable law in your jurisdiction. ### 6.2 Prohibited Activities You must not: - Use the Service to commit fraud, tax evasion, or money laundering - Enter false, fabricated, or fraudulent financial records or invoice data - Attempt to gain unauthorized access to other organizations' data - Reverse-engineer, decompile, or disassemble any part of the Service - Use the Service to process data belonging to a different legal entity without authorization - Attempt to circumvent the multi-tenancy isolation measures - Use automated scrapers, bots, or scripts against the Service without prior written consent from Bilko - Resell or sublicense the Service without a separate reseller agreement ### 6.3 Compliance with Local Law You are responsible for ensuring that your use of Bilko complies with all applicable local laws, including: - Tax filing obligations (Serbian Poreska uprava, BiH UIO, Croatian Porezna uprava) - E-invoicing mandates (SEF for Serbia, HR-FISK/FINA for Croatia) - Accounting record requirements - Data protection obligations for data you enter about your clients Bilko provides the technical tools to help you meet these obligations, but **Bilko is not your tax advisor or accountant**. The accuracy of the data entered is your responsibility. --- ## 7. Data Handling and Privacy ### 7.1 Your Data All Customer Data you enter into Bilko remains your property. Bilko processes Customer Data solely to provide and improve the Service. ### 7.2 Data Processing Agreement By accepting these Terms, you also enter into a Data Processing Agreement (DPA) with Bilko, incorporated by reference, governing the processing of personal data within Customer Data. The DPA is available at bilko.io/dpa. > ⚠️ LEGAL REVIEW REQUIRED: Draft and publish the Data Processing Agreement separately. The DPA must meet requirements of GDPR Art. 28 (for Croatian users), ZZPL Art. 45 (for Serbian users), and ZZLP BiH equivalents. ### 7.3 Privacy Policy Bilko's Privacy Policy (available at bilko.io/privacy) is incorporated into these Terms by reference. It describes what personal data Bilko collects about you and your Authorized Users, and how it is processed. ### 7.4 Data Retention Bilko retains financial data in accordance with mandatory accounting and tax retention periods: - **Serbia:** 10 years (Zakon o računovodstvu) - **Bosnia & Herzegovina:** 10–11 years (depending on entity) - **Croatia:** 11 years (Zakon o računovodstvu) This means that even after account cancellation, Bilko retains your financial records for the legally required period. User account data (name, email) will be anonymized upon account deletion; financial transaction records are retained in anonymized form. ### 7.5 Data Export You may export all your Customer Data in JSON and CSV formats at any time through the Bilko interface. We will also provide your data upon account termination via a one-time export link, valid for 30 days. --- ## 8. Intellectual Property ### 8.1 Bilko's IP The Service, including its software, design, features, documentation, branding ("Bilko", logo, color system), and all associated intellectual property, is owned by ALAI Holding AS (org.nr 932 516 136) or its licensors and is protected under applicable intellectual property laws. These Terms do not grant you any ownership rights in the Service. You receive a limited, non-exclusive, non-transferable, revocable license to use the Service during your Subscription. ### 8.2 Your Data You retain all ownership rights to Customer Data. You grant Bilko a limited license to store, process, and transmit Customer Data solely to provide the Service. ### 8.3 Feedback If you provide feedback, suggestions, or ideas about the Service, you grant Bilko a perpetual, royalty-free license to use that feedback without compensation or attribution. --- ## 9. Warranties and Disclaimers ### 9.1 Bilko's Warranty Bilko warrants that: - The Service will materially conform to the documentation at bilko.io/docs during the Subscription - Bilko will implement commercially reasonable security measures as described in its Security documentation ### 9.2 Disclaimers **THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" TO THE MAXIMUM EXTENT PERMITTED BY LAW.** Bilko specifically disclaims: - **No accounting or tax advice:** Bilko is software, not an accountant or tax advisor. Bilko provides tools to help you create compliant records, but you are responsible for the accuracy of your data and for complying with all tax obligations. Consult a qualified accountant or tax advisor. - **No guarantee of regulatory compliance:** While Bilko is designed for compliance with Serbian, BiH, and Croatian accounting law, regulations change frequently. Bilko will make reasonable efforts to update the Service but cannot guarantee compliance at all times. - **No uptime guarantee for e-government portals:** Bilko's SEF and HR-FISK integrations depend on Serbian and Croatian government portal availability. Bilko is not responsible for failures caused by those external systems. > ⚠️ LEGAL REVIEW REQUIRED: Confirm that disclaimer clauses are enforceable under Serbian Zakon o obligacionim odnosima, BiH equivalent, and Croatian Zakon o obveznim odnosima. Some consumer-protective jurisdictions limit disclaimer enforceability. --- ## 10. Limitation of Liability ### 10.1 Exclusion of Consequential Damages TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, BILKO SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING: - Lost profits or revenue - Tax penalties or regulatory fines arising from inaccurate data you entered - Lost business opportunities - Data loss (beyond Bilko's obligations under these Terms) - Costs of alternative accounting software ### 10.2 Cap on Liability TO THE MAXIMUM EXTENT PERMITTED BY LAW, BILKO'S TOTAL LIABILITY TO YOU FOR ANY CLAIMS ARISING UNDER THESE TERMS SHALL NOT EXCEED THE GREATER OF: - The total fees paid by you to Bilko in the **12 months prior** to the event giving rise to the claim; OR - €100 ### 10.3 Exceptions The limitations in this Section do not apply to: - Bilko's liability for gross negligence or willful misconduct - Bilko's liability for death or personal injury caused by Bilko's negligence - Any liability that cannot be excluded under mandatory applicable law > ⚠️ LEGAL REVIEW REQUIRED: Liability caps must be reviewed for enforceability under each jurisdiction's mandatory law. Croatian and Serbian consumer/commercial law may impose minimum liability floors. --- ## 11. Indemnification You agree to indemnify, defend, and hold harmless Bilko and its officers, directors, employees, and agents from and against any claims, liabilities, damages, fines, penalties, and expenses (including reasonable legal fees) arising from: - Your violation of these Terms - Your violation of applicable law (including tax law, accounting law, or data protection law) - Inaccurate Customer Data entered by you or your Authorized Users - Your infringement of third-party rights - Any regulatory penalty resulting from errors in data you provided --- ## 12. Term and Termination ### 12.1 Term These Terms take effect when you accept them and continue for as long as you maintain a Bilko account. ### 12.2 Termination by You You may terminate your account at any time by: - Cancelling your subscription through account settings - Exporting your data before the termination date - Contacting support@bilko.io ### 12.3 Termination by Bilko Bilko may suspend or terminate your account with: - **Immediate effect** for: fraud, unauthorized access attempts, illegal use, or material breach - **30 days' notice** for: non-payment (after cure period), violation of Acceptable Use policy - **90 days' notice** for: discontinuation of the Service ### 12.4 Effect of Termination Upon termination: - Your access to the Service ends immediately (or at the notice period expiry) - A data export link is provided, valid for 30 days - Bilko retains financial data for mandatory retention periods per Section 7.4 - All rights and licenses granted to you terminate --- ## 13. Service Availability and Changes ### 13.1 Availability Target Bilko targets **99.9% monthly uptime** for the production environment (app.bilko.io). Planned maintenance windows will be announced with at least 48 hours' notice via email and status page. ### 13.2 Changes to the Service Bilko may modify, add, or remove features at any time. For material changes that negatively affect your use of the Service, Bilko will provide at least 30 days' advance notice. ### 13.3 Changes to These Terms Bilko may update these Terms. Material changes will be notified by email with at least 30 days' notice. Your continued use of the Service after the effective date constitutes acceptance. If you do not accept the new Terms, you may terminate your account before the effective date. --- ## 14. Governing Law and Dispute Resolution ### 14.1 Governing Law > ⚠️ LEGAL REVIEW REQUIRED: This is a critical section requiring legal input. The following options must be evaluated: **Option A (Norwegian Law — for ALAI operating entity):** These Terms are governed by the laws of Norway. Disputes are resolved in Norwegian courts. This may be unenforceable for consumers under EU law (Croatia) or Serbian/BiH mandatory jurisdiction rules. **Option B (Jurisdiction-specific):** For Serbian users — Serbian law applies; for Croatian users — Croatian law applies (EU mandatory); for BiH users — BiH law applies. **Recommended approach (pending legal review):** For business (B2B) customers, Norwegian law may be specified. For any consumer accounts, local mandatory law applies in each jurisdiction. ### 14.2 Dispute Resolution Before initiating formal proceedings, the parties agree to attempt good-faith resolution through: - Written notice to the other party describing the dispute - 30-day negotiation period - Formal proceedings if unresolved ### 14.3 Language These Terms are provided in English. Translations into Serbian, Bosnian, and Croatian will be provided for informational purposes. In the event of conflict between language versions, the English version governs. > ⚠️ LEGAL REVIEW REQUIRED: Confirm whether Croatian consumer protection law requires Croatian-language Terms to be legally binding in Croatia. Serbian and BiH law may have similar requirements for consumer-facing contracts. --- ## 15. General Provisions ### 15.1 Entire Agreement These Terms, together with the Privacy Policy and Data Processing Agreement, constitute the entire agreement between you and Bilko regarding the Service and supersede all prior agreements. ### 15.2 Severability If any provision of these Terms is found unenforceable, the remaining provisions remain in full force. ### 15.3 Waiver Bilko's failure to enforce any provision of these Terms does not constitute a waiver of that provision. ### 15.4 Assignment You may not assign your rights or obligations under these Terms without Bilko's prior written consent. Bilko may assign these Terms in connection with a merger, acquisition, or sale of assets, with 30 days' notice to you. ### 15.5 Force Majeure Neither party shall be liable for delays or failures in performance caused by events beyond their reasonable control, including government actions, natural disasters, or internet infrastructure failures. ### 15.6 Electronic Communications By using the Service, you consent to receive communications from Bilko electronically. You agree that electronic communications satisfy any legal requirement that communications be in writing. --- ## 16. Sub-Processors (GDPR Art. 28(4)) Bilko uses the following sub-processors to provide the Service: ### 16.1 Document Archive Pipeline When you enable the document archival feature, Bilko processes certain document types through the following sub-processors: Sub-ProcessorLegal EntityPurposeData CategoriesGeographic LocationSafeguards --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- **Cloudflare R2**Cloudflare, Inc., USATemporary document staging for archive pipelineContract PDFs, invoices, care plans, incident reports, onboarding documentsEU region (eu-west storage bucket)Standard Contractual Clauses (SCCs) per Cloudflare's published DPA **ALAI Azure VM (Paperless-ngx)**ALAI Holding AS (org.nr 932 516 136), NorwayLong-term document archive at archive.alai.noSame document categories as aboveEU/EEA (Microsoft Azure Sweden Central region)ALAI Data Processing Agreement + Azure Standard Contractual Clauses ### 16.2 Document Flow and Retention **Document types processed:** - Contracts and agreements - Invoices (issued and received) - Care plans (for care organizations) - Incident reports - Onboarding documents **Processing flow:**- Documents are written to Cloudflare R2 staging bucket (temporary storage, typically < 5 minutes) - Cloud Run worker uploads documents to Paperless-ngx archive every 5 minutes - Documents are retained in archive per retention schedule (see Section 7.4) **Retention by document class (interim defaults, subject to legal review):**- Financial documents (invoices, contracts): 7 years (Serbian, BiH, Croatian accounting law) - Care-related documents (care plans, incident reports): 25 years (UK NHS standard, pending Balkan legal review) ### 16.3 Sub-Processor Change Notification Bilko will provide **30 days' advance written notice** via email before adding or replacing any sub-processor. You have the right to object to a new sub-processor within the notice period. If you object and Bilko cannot offer an alternative, you may terminate your subscription without penalty. Bilko maintains an up-to-date list of sub-processors at **bilko.io/sub-processors** (to be published). ### 16.4 GDPR Compliance Reference This sub-processor disclosure complies with GDPR Article 28(4), which requires the data controller (you) to authorize the data processor (Bilko) to engage sub-processors. By accepting these Terms, you provide such authorization for the sub-processors listed above. --- ## 17. Contact **Bilko / ALAI Holding AS** (org.nr 932 516 136) ChannelContact -------------------------------------------------------------------------------------------------------------------------- General supportsupport@bilko.io Legal / compliancelegal@bilko.io Privacy / data protectionprivacy@bilko.io Data Processing Agreementdpa@alai.no Security vulnerabilitiessecurity@bilko.io Postal addressPending — registered address to be confirmed upon company formation (see legal review note above) > ⚠️ LEGAL REVIEW REQUIRED: Confirm company address for legal notices. Determine whether Serbian, BiH, or Croatian regulations require a local postal address or registered agent for consumer-facing contracts. --- ## Approval RoleNameSignatureDate ---------------------------------------------------------- AuthorALAI Documentation Team2026-02-25 RS Legal Counsel BA Legal Counsel HR Legal Counsel CEO ApprovalAlem Bašić--- ## Related Documents - [Bilko Privacy Notice — Section 8.1 Sub-Processors](https://docs.alai.no/books/bilko-legal-pack/page/bilko-privacy-notice-section-81-document-archive-sub-processors) - [DPA Template — Annex B Sub-Processors](https://docs.alai.no/books/bilko-legal-pack/page/dpa-template-annex-b-sub-processors-for-bilko-archive-feature) - [Sub-Processor Notification Email Template](https://docs.alai.no/books/bilko-legal-pack/page/sub-processor-notification-email-template-bilko)