The Agreement becomes binding once the Ambassador completes registration through the Partnero platform (“Effective Date”).

Parties

Fiskl — the relevant member of the Fiskl Group. The contracting Fiskl entity is determined under section 1A of the Customer Terms of Service. The current contracting entity is Fiskl Limited, a company incorporated and registered in England and Wales (company number 09330290), registered at 6A Thirlmere Road, London, N10 2DN.

Notices to Fiskl: legal@fiskl.com

Ambassador — the natural person or entity (with name, address, and other information) detailed in the Partnero registration form.

Notices to Ambassador: as set out in the Partnero registration form.

Background

Fiskl operates a global, AI-core accounting, invoicing, banking, and financial-management offering serving small and medium-sized businesses, freelancers, and accounting professionals globally (the “Fiskl Platforms”, as defined in the Customer Terms of Service). The Ambassador wishes to promote, market, and refer Potential Customers to Fiskl. Fiskl is willing to pay the Ambassador a recurring revenue-share commission, on the terms below, for Qualified Referrals that purchase a Subscription to the Fiskl Platforms.

The Program is open to both individuals and entities. Unlike the Global Partner Program (which is limited to business entities and requires written approval), the Ambassador Program operates with self-registration through Partnero.

1. Interpretation

1.1 Definitions

Atlas Firm: an accounting firm using the Fiskl Atlas accountant portal under the Atlas Terms Supplement.

Business Day: a day other than a Saturday, Sunday, or public holiday in England, when banks in London are open for business.

Commission Tiers: the tiered commission structure based on the cumulative number of Qualified Referrals:

• Clout (1–9 Qualified Referrals): 15% recurring revenue share
• Icon (10–24 Qualified Referrals): 20% recurring revenue share
• Boss (25–49 Qualified Referrals): 25% recurring revenue share
• GOAT (50+ Qualified Referrals): 30% recurring revenue share

Commission Period: three (3) years from the date of first paid subscription for each Qualified Referral.

Commission Review Period: sixty (60) days during which Fiskl validates eligibility for each Qualified Referral.

Commission Claim Period: eighteen (18) months during which the Ambassador must claim earned commissions. Unclaimed commissions after this period are forfeited.

Confidential Information: as defined in the Customer Terms of Service.

Customer Terms of Service: the Fiskl Customer Terms of Service published at https://fiskl.com/legal/customer-terms-of-service/, as updated from time to time.

Data Protection Law: as defined in the Privacy Policy.

Fiskl Group: as defined in the Customer Terms of Service.

Intellectual Property Rights: as defined in the Global Partner Program Agreement.

Licensed Marks: Fiskl trademarks, logos, and URLs as provided by Fiskl from time to time.

Marketing Materials: the Licensed Marks together with associated marketing language, copy, or code provided by Fiskl for promotion of the Fiskl Platforms.

Net Income: payments made to Fiskl (or any member of the Fiskl Group) for the Fiskl Platforms under a Subscription Contract, less any value-added tax, sales tax, or equivalent on those payments, payment-processing fees, and discounts or rebates granted by Fiskl.

Partnero: the third-party referral-tracking and commission-management platform (Partnero, Inc.).

Potential Customer: a prospective Fiskl customer the Ambassador wishes to refer to Fiskl under the Program.

Privacy Policy: the Fiskl Privacy Policy at https://fiskl.com/legal/privacy-policy/.

Qualified Referral: a Potential Customer:

• Referred by the Ambassador to Fiskl through Partnero;
• of whom Fiskl has no prior record in connection with the Fiskl Platforms;
• who accepts the Customer Terms of Service and subscribes to the Fiskl Platforms within the Referral Period, at the Potential Customer’s own discretion and without monetary or other inducement from the Ambassador;
• who is not rejected by Fiskl;
• who makes at least one paid subscription payment for the Fiskl Platforms; and
• who remains an active subscriber after the Commission Review Period.

Referral: the referral of a Potential Customer to Fiskl through Partnero.

Referral Date: the date during the term of this Agreement on which the Ambassador first refers a Potential Customer to Fiskl.

Referral Period: ninety (90) days from the Referral Date, tracked via cookie placement through Partnero.

Subscription Contract: a contract between Fiskl and a Potential Customer for a subscription to the Fiskl Platforms, entered into during the Referral Period.

1.2 Other interpretation

The interpretation provisions in section 1 of the Customer Terms of Service apply to this Agreement.

2. Program Participation

2.1 Enrolment

• The Program is open to natural persons and entities. The Ambassador may enrol by completing registration through Partnero.
• No prior approval is required from Fiskl, but Fiskl reserves the right to terminate participation at any time as set out in section 11, including for failure to satisfy any of the obligations of this Agreement.
• The Ambassador must provide accurate registration information and keep it updated.

2.2 Commission structure

The Ambassador earns commissions calculated as a percentage of Net Income from each Qualified Referral, based on the Commission Tier corresponding to the Ambassador’s cumulative Qualified Referrals.

2.3 Commission terms

• Duration: commissions are paid for the Commission Period (3 years from first paid subscription per Qualified Referral), provided the referred customer maintains an active paid subscription.
• Review: all referrals are subject to the Commission Review Period (60 days).
• Claim: commissions must be claimed within the Commission Claim Period (18 months); unclaimed commissions are forfeited.
• Minimum payout: USD 50 net minimum threshold before commission payment is processed.

2.4 Duties of Ambassador

• Good faith. The Ambassador shall act in good faith and not allow its interests to conflict with its duties under this Agreement.
• The Ambassador shall use reasonable efforts to make Referrals.
• Compliance with instructions. The Ambassador shall cooperate with Fiskl and comply with reasonable lawful instructions of Fiskl, including the compliance obligations in this Agreement.

2.5 Limited authority

• No authority to bind. The Ambassador has no authority, and shall not hold itself out as authorised, to bind Fiskl or any member of the Fiskl Group.
• No authority to negotiate. The Ambassador shall not enter into contracts or commitments, incur liability for or on behalf of Fiskl, or negotiate terms of the Fiskl Platforms with Potential Customers.

2.6 Limits on representations

The Ambassador shall not, without Fiskl’s prior written consent, make any representations, warranties, or other promises concerning the Fiskl Platforms that are not contained in the Marketing Materials.

2.7 Prohibited activities

The Ambassador must not:

• associate Fiskl, the Fiskl Platforms, or the Marketing Materials with content that is unlawful, harmful, threatening, defamatory, obscene, harassing, sexually explicit, violent, discriminatory, or otherwise objectionable;
• send unsolicited bulk electronic communications (spam) promoting the Fiskl Platforms;
• make unauthorised claims about Fiskl, the Fiskl Platforms, Fi (Fiskl’s conversational AI and orchestration system), or the Fiskl Group;
• misrepresent the nature of the relationship with Fiskl;
• make false or misleading claims about Fiskl services;
• modify or manipulate referral tracking mechanisms in Partnero;
• create fake or fraudulent Referrals, including by using sock-puppet accounts, self-referring, fabricating Referral conversions, or splitting genuine referrals across multiple Ambassador accounts;
• offer monetary or other inducements to Potential Customers in exchange for subscribing through the Ambassador’s link;
• bid on Fiskl’s branded keywords without prior written consent;
• use Fiskl’s trademarks in domain names or business names;
• use the Fiskl Platforms or Ambassador access to facilitate fraud, financial crime, or any conduct prohibited under section 7 of the Customer Terms of Service or the Acceptable Use Policy.

The activities in (g) and (k) are material breaches that entitle Fiskl to terminate immediately under section 11.

3. Marketing Materials

3.1 Licence

Subject to this Agreement, Fiskl grants the Ambassador a free, non-exclusive, non-transferable, revocable licence to use the Licensed Marks and Marketing Materials solely to promote the Fiskl Platforms in accordance with this Agreement. Fiskl may revoke this licence at any time by written notice (including email).

3.2 Guidelines

The Ambassador’s use of Licensed Marks and Marketing Materials is subject to Fiskl’s brand guidelines published at https://fiskl.com/company/ambassadors/ (or successor URL), as updated from time to time. The Ambassador shall comply with the guidelines.

3.3 Use of Licensed Marks

The Ambassador shall ensure that its use of Licensed Marks and Marketing Materials is in the form approved by Fiskl, shall not modify any Licensed Marks or substantially modify any Marketing Materials contrary to Fiskl’s reasonable instructions, and shall comply with Fiskl’s reasonable instructions about form, content, and display.

3.4 Reservation of rights

Fiskl owns all Intellectual Property Rights in the Licensed Marks, the Marketing Materials, the Fiskl Platforms, Fi, and any related content and technology (“Fiskl IP”). Fiskl IP remains vested in Fiskl. The Ambassador’s use is as a licensee under Fiskl’s control. All goodwill arising from the Ambassador’s use of the Licensed Marks and Marketing Materials inures to Fiskl.

3.5 Notice of infringement

The Ambassador shall promptly notify Fiskl of any infringement, suspected infringement, or threatened infringement of the Licensed Marks or Marketing Materials.

4. Referral Process and Tracking

4.1 Process

The Ambassador refers Potential Customers through Partnero, using unique referral links and tracking codes.

4.2 Tracking

A Referral is attributed to the Ambassador when:

• the Potential Customer clicks the Ambassador’s unique referral link;
• the Potential Customer completes a subscription purchase within the Referral Period;
• the subscription is validated through the Commission Review Period.

4.3 Last-click attribution

Where multiple Ambassador referral links are clicked, the last click before purchase determines attribution.

4.4 No attribution for self-referral or related-party referral

Referrals of the Ambassador itself, the Ambassador’s Affiliates, the Ambassador’s family members or related parties, the Ambassador’s employees or contractors (where the Ambassador pays for the subscription), or any other related party are not Qualified Referrals.

5. Commission Structure and Payments

5.1 Calculation

Commissions are calculated per Qualified Referral at the rate applicable to the Ambassador’s current tier.

5.2 Payment processing

• Commissions are processed through Partnero.
• Payments are made within thirty (30) days of the end of each calendar month, provided the minimum payout has been reached.
• The Ambassador must maintain valid payment information in Partnero.
• Payments are made in USD unless otherwise specified.

5.3 Adjustments

• Refunds: commissions paid on refunded subscriptions are deducted from future commission payments.
• Chargebacks: Fiskl may reclaim commissions for chargebacks.
• Fraudulent activity: Fiskl may withhold or reclaim commissions for suspected fraudulent activity (referrals, payments, or otherwise).

5.4 Reporting

Partnero provides the Ambassador with real-time access to:

• Referral tracking and attribution data;
• commission calculations and payment history;
• tier status and progression.

5.5 Taxes

All sums payable under this Agreement:

• are exclusive of VAT, sales tax, GST, or other applicable taxes, which the Ambassador shall add where applicable;
• shall be paid in full without deduction except where required by law (in which case the Ambassador is responsible for the deducted amounts).

The Ambassador is solely responsible for the tax treatment of commissions earned, including reporting income to relevant tax authorities, social-security contributions, and any other applicable obligations. Fiskl makes no representation about the tax characterisation of commissions and recommends Ambassadors take their own tax advice.

6. Obligations of Fiskl

6.1 Good faith

Fiskl shall act in good faith toward the Ambassador.

6.2 Information

Fiskl shall provide the Ambassador with the information reasonably required to carry out the Ambassador’s duties, including current Marketing Materials and details of the Fiskl Platforms.

6.3 Notices of suspension or cessation

Fiskl shall notify the Ambassador if Fiskl suspends or ceases the Fiskl Platforms in a manner that materially affects the Ambassador’s pipeline.

6.4 Expenses

Fiskl is not responsible for the Ambassador’s expenses unless agreed in writing in advance.

6.5 Freedom to pursue or not pursue Referrals

Fiskl is under no obligation to follow up any Referral or to enter into any Subscription Contract.

7. Ambassador Obligations

7.1 Professional conduct

The Ambassador shall conduct Program activities professionally and ethically; comply with all applicable law (including data-protection, sanctions, anti-bribery, anti-money-laundering, consumer-protection, and tax law); follow Fiskl’s marketing guidelines and brand requirements; maintain accurate records of Program activities; respond promptly to communications from Fiskl; protect Fiskl’s Confidential Information.

7.2 Marketing requirements

The Ambassador shall only use approved Marketing Materials, clearly disclose the Ambassador relationship with Fiskl (including disclosure required under FTC Endorsement Guides, ASA CAP Code, EU consumer-protection law, ACCC Australian Consumer Law, and equivalents), comply with applicable marketing law (including PECR, ePrivacy, CAN-SPAM, TCPA, and equivalents), respect Fiskl’s brand, and obtain approval for any modifications to Marketing Materials.

7.3 Atlas Firm overlap

If the Ambassador is also an Atlas Firm, the Atlas Terms Supplement applies in addition. Charge Us Clients are not eligible for Ambassador Program revenue-share commissions because the Atlas Firm pays the subscription. Client Pays Clients introduced by the Ambassador are eligible, subject to all other Qualified Referral criteria. Ambassadors who are also Atlas Firms cannot stack Ambassador commissions on top of Atlas Firm Charge Us billing.

7.4 Partner Program overlap

An Ambassador may not simultaneously hold an active Global Partner Program participation in respect of the same business. If the Ambassador is also approved as a Partner under the Global Partner Program Agreement, the Partner Program terms govern from the Effective Date of that approval, and Ambassador participation in respect of the same business is suspended (with accrued commissions on Qualified Referrals continuing under the Ambassador rates for the relevant Commission Period).

8. Confidentiality

8.1 Obligations

The Ambassador shall not disclose Fiskl’s Confidential Information to any person except as permitted by section 8.2 or as required by law.

8.2 Exceptions

The Ambassador may disclose Fiskl’s Confidential Information:

• to its employees, officers, representatives, or advisers who need to know for the purposes of performing this Agreement, where they are bound by equivalent confidentiality obligations;
• as required by law, court order, or any governmental or regulatory authority.

8.3 Limited use

The Ambassador shall not use Fiskl’s Confidential Information for any purpose other than performing this Agreement.

8.4 Return of documents

On termination, the Ambassador shall promptly return to Fiskl all documents and records containing Confidential Information, in any form, and shall not retain copies.

9. Compliance and Data Protection

9.1 Compliance

Each party shall comply with all law applicable to its activities under this Agreement.

9.2 Mandatory policies

The Ambassador shall comply with Fiskl’s mandatory policies as posted on Partnero or notified by email.

9.3 Anti-bribery and sanctions

The Ambassador shall comply with applicable anti-bribery and anti-corruption law (including the UK Bribery Act 2010 and the US Foreign Corrupt Practices Act); shall not engage with, refer, or transact for the benefit of any person or entity subject to UK, EU, US, or UN sanctions, or any party in a sanctioned jurisdiction; and shall comply with applicable AML and counter-terrorist-financing law.

9.4 Data Protection Law

Each party shall comply with Data Protection Law in respect of personal data processed under this Agreement (including Ambassador’s referral data and Potential Customer data the Ambassador submits to Fiskl through Partnero).

The Ambassador is responsible for:

• ensuring it has a lawful basis for the personal data it submits to Fiskl through Partnero;
• providing required notices to Potential Customers (including reference to the Fiskl Privacy Policy);
• not transferring sensitive data to Fiskl through the referral process beyond what is necessary;
• cooperating with Fiskl in responding to data-subject requests relating to referral data.

A material breach of Data Protection Law that is not remedied within 30 days of written notice gives the other party grounds to terminate immediately.

9.5 Fiskl Group sharing

The Ambassador acknowledges that referral data and related Partnero data may be shared within the Fiskl Group, with Partnero (the Subprocessor administering the Program), and with the Fiskl Group’s other Sub-processors, in accordance with the Subprocessors page and the Privacy Policy.

10. Indemnities

10.1 By Ambassador

The Ambassador shall indemnify and defend Fiskl, the Fiskl Group, and their respective officers, employees, agents, and Sub-processors (the “Fiskl Indemnified Parties”) against any claim, action, demand, fine, or proceeding by any third party arising from:

• breach of this Agreement by the Ambassador;
• the negligence, gross negligence, or wilful misconduct of the Ambassador or its employees, agents, or contractors;
• failure of the Ambassador or its employees, agents, contractors, or invitees to comply with applicable law;
• misrepresentation of the Ambassador’s relationship with Fiskl or the Fiskl Group;
• submission to Fiskl through the Program of personal data without a lawful basis;
• fraudulent or fake Referrals.

10.2 Sole responsibility

The Ambassador is solely responsible for its own operations under this Agreement, including the legality of those operations and the materials used.

11. Term and Termination

11.1 Term

This Agreement starts on the Effective Date and continues until terminated.

11.2 Termination

• By either party: either party may terminate this Agreement on 30 days’ written notice.
• By Fiskl, immediately and without cure period, if:
• the Ambassador breaches this Agreement materially;
• the Ambassador engages in fraudulent activity (including in respect of Referrals, payment, or use of the Fiskl Platforms);
• the Ambassador damages Fiskl’s reputation or the reputation of the Fiskl Group;
• the Ambassador violates applicable law (including sanctions, AML, or anti-bribery law);
• the Ambassador’s content, public statements, or association brings the Fiskl brand into disrepute;
• the Ambassador continues to promote the Fiskl Platforms after the licence in section 3.1 has been revoked.

11.3 Effect of termination

• Immediate cessation of Program activities by the Ambassador;
• removal of all Marketing Materials from Ambassador properties (websites, social media, email signatures);
• payment of earned commissions, subject to the Review Period, minimum payout, and Claim Period;
• return or destruction of Confidential Information;
• survival of the provisions intended to survive (confidentiality, indemnities, limitation of liability, governing law, and any other provisions that should reasonably survive).

12. Limitation of Liability

12.1 Unlimited liability

Nothing in this Agreement limits or excludes liability for:

• death or personal injury caused by negligence;
• fraud or fraudulent misrepresentation;
• liability under the indemnities in section 10;
• any matter that cannot be limited or excluded by law.

12.2 Limitations

Subject to section 12.1, Fiskl is not liable to the Ambassador for indirect, incidental, special, consequential, or punitive damages, or for loss of profits, revenue, anticipated savings, goodwill, or reputation, arising under or in connection with this Agreement.

12.3 Total cap

Subject to sections 12.1 and 12.2, Fiskl’s total liability to the Ambassador under or in connection with this Agreement, in any 12-month period, shall not exceed the total commissions paid (or payable) to the Ambassador in the 12 months preceding the event giving rise to liability.

12.4 No liability for AI outputs

Section 15.6 of the Customer Terms of Service (no liability for AI-processed or AI-interpreted data) applies to this Agreement to the same extent as to a Customer.

13. Tier Advancement and Platform Usage

13.1 Tier calculation

Tier status is calculated based on the cumulative number of Qualified Referrals.

13.2 Tier benefits

Each tier provides increasing commission rates as set out in section 1.1, and may include additional benefits as Fiskl communicates from time to time.

13.3 Tier review

Tier status is reviewed monthly and upgraded automatically upon reaching qualification thresholds.

13.4 Partnero

The Program is administered through Partnero. The Ambassador must comply with Partnero’s terms and technical requirements. The Ambassador shall not attempt to manipulate or interfere with tracking mechanisms.

14. Changes to Program Terms

14.1 Modifications

Fiskl may modify the Program, including commission rates, tier structures, payout thresholds, review and claim periods, and marketing requirements.

14.2 Notice

Material changes are communicated with at least 30 days’ notice. Changes are posted in Partnero. Continued participation after the notice period constitutes acceptance.

15. Miscellaneous

15.1 Independent contractors

The parties are independent contractors. This Agreement does not create any partnership, joint venture, agency, franchise, sales-representative, or employment relationship.

15.2 Assignment

The Ambassador may not assign this Agreement without Fiskl’s prior written consent. Fiskl may assign this Agreement within the Fiskl Group or in connection with a corporate transaction, without consent.

15.3 Entire agreement

This Agreement, together with the Customer Terms of Service, the AUP, the Privacy Policy, and the Subprocessors page, constitutes the entire agreement between the parties regarding the Program and supersedes all prior agreements (including any prior Ambassador or Referral Partner Agreement).

15.4 Order of precedence

In the event of conflict: (1) this Agreement, (2) the Customer Terms of Service and broader Fiskl legal stack.

15.5 Governing law and jurisdiction

This Agreement is governed by the laws of England and Wales. The courts of England and Wales have exclusive jurisdiction.

15.6 Severability

If any provision is held unenforceable, the remaining provisions continue in effect.

15.7 Force majeure

Neither party is liable for failure or delay in performance (other than payment obligations) due to events beyond reasonable control.

15.8 Notices

Notices to Fiskl: legal@fiskl.com (with copy to Fiskl Limited, 6A Thirlmere Road, London, N10 2DN, United Kingdom). Notices to the Ambassador: as set out in the Partnero registration form.

15.9 Survival

Provisions relating to confidentiality, intellectual property, indemnification, limitation of liability, accrued commissions, and any provision that should reasonably survive, continue after termination.

16. Contact

Fiskl Limited (and the wider Fiskl Group) 6A Thirlmere Road London, N10 2DN United Kingdom Company number: 09330290

Effective: 15 March 2026

The post Global Ambassador Program Agreement first appeared on Fiskl.

The Agreement becomes binding once the Partner completes registration through the Partnero platform and receives written approval from Fiskl (“Effective Date”).

Parties

Fiskl — the relevant member of the Fiskl Group. The contracting Fiskl entity is determined under section 1A of the Customer Terms of Service. The current contracting entity is Fiskl Limited, a company incorporated and registered in England and Wales (company number 09330290), registered at 6A Thirlmere Road, London, N10 2DN.

Notices to Fiskl: legal@fiskl.com

Partner — the business entity (with company name, company number, registered address, and other information) detailed in the Partnero registration form approved by Fiskl.

Notices to Partner: as set out in the Partnero registration form.

Background

Fiskl operates a global, AI-core accounting, invoicing, banking, and financial-management offering serving small and medium-sized businesses, freelancers, and accounting professionals globally (the “Fiskl Platforms”, as defined in the Customer Terms of Service). The Partner wishes to promote, market, and refer Potential Customers to Fiskl. Fiskl is willing to pay the Partner a recurring revenue-share commission, on the terms below, for Qualified Referrals that purchase a Subscription to the Fiskl Platforms.

1. Interpretation

1.1 Definitions

API: the application programming interface(s) that Fiskl makes available to Partners to integrate with the Fiskl Platforms.

Atlas Firm: an accounting firm using the Fiskl Atlas accountant portal under the Atlas Terms Supplement.

Business Day: a day other than a Saturday, Sunday, or public holiday in England, when banks in London are open for business.

Commission Tiers: the tiered commission structure based on the cumulative number of Qualified Referrals:

• Vibe (1–50 Qualified Referrals): 20% recurring revenue share
• Epic (51–250 Qualified Referrals): 30% recurring revenue share
• Titan (251–500 Qualified Referrals): 40% recurring revenue share
• Legend (500+ Qualified Referrals): 50% recurring revenue share

Commission Period: five (5) years from the date of first paid subscription for each Qualified Referral.

Commission Review Period: sixty (60) days during which Fiskl validates eligibility for each Qualified Referral.

Commission Claim Period: eighteen (18) months during which the Partner must claim earned commissions. Unclaimed commissions after this period are forfeited.

Confidential Information: as defined in the Customer Terms of Service.

Customer Terms of Service: the Fiskl Customer Terms of Service published at https://fiskl.com/legal/customer-terms-of-service/, as updated from time to time.

Data Protection Law: as defined in the Privacy Policy.

Fiskl Group: as defined in the Customer Terms of Service.

Fiskl IP: as set out in section 3.4.

Intellectual Property Rights: patents, trademarks, design rights, copyrights, moral rights, performers’ rights, trade and business names, database rights, domain names, rights in computer software and AI models, website addresses, know-how, secret processes, trade secrets, rights to inventions, and any similar rights worldwide whether currently existing or arising in future, together with the right to sue for and recover damages or other relief in respect of infringements.

Licensed Marks: Fiskl trademarks, logos, and URLs as provided by Fiskl from time to time.

Marketing Materials: the Licensed Marks together with associated marketing language, copy, or code provided by Fiskl for promotion of the Fiskl Platforms.

Net Income: payments made to Fiskl (or any member of the Fiskl Group) for the Fiskl Platforms under a Subscription Contract, less any value-added tax, sales tax, or equivalent on those payments, payment-processing fees, and discounts or rebates granted by Fiskl.

Order Form: a written ordering document executed between the Partner and Fiskl that references this Agreement.

Partner Tier Benefits: the benefits available at each tier, set out in section 2.4.

Partnero: the third-party referral-tracking and commission-management platform Fiskl uses to administer the Program (Partnero, Inc., currently listed in the Subprocessors page).

Potential Customer: a prospective Fiskl customer the Partner wishes to refer to Fiskl under the Program.

Privacy Policy: the Fiskl Privacy Policy at https://fiskl.com/legal/privacy-policy/.

Qualified Referral: a Potential Customer:

• Referred by the Partner to Fiskl through Partnero;
• of whom Fiskl has no prior record in connection with the Fiskl Platforms;
• who accepts the Customer Terms of Service and subscribes to the Fiskl Platforms within the Referral Period, at the Potential Customer’s own discretion and without monetary or other inducement from the Partner;
• who is not rejected by Fiskl;
• who makes at least one paid subscription payment for the Fiskl Platforms; and
• who remains an active subscriber after the Commission Review Period.

Referral: the referral of a Potential Customer to Fiskl through Partnero.

Referral Date: the date during the term of this Agreement on which the Partner first refers a Potential Customer to Fiskl.

Referral Period: ninety (90) days from the Referral Date, tracked via cookie placement through Partnero.

Subscription Contract: a contract between Fiskl and a Potential Customer for a subscription to the Fiskl Platforms, entered into during the Referral Period.

1.2 Other interpretation

The interpretation provisions in section 1 of the Customer Terms of Service apply to this Agreement.

2. Program Participation

2.1 Eligibility and enrolment

• The Program is open only to business entities. Individual persons and sole proprietors are not eligible.
• The Partner must complete registration and approval through Partnero.
• Applications are subject to Fiskl review and written approval.
• Fiskl may reject any application at its sole discretion.
• The Partner must maintain a valid business registration throughout the term.

2.2 Commission structure

The Partner earns commissions calculated as a percentage of Net Income from each Qualified Referral, based on the Commission Tier corresponding to the Partner’s cumulative Qualified Referrals.

2.3 Commission terms

• Duration: commissions are paid for the Commission Period (5 years from first paid subscription per Qualified Referral), provided the referred customer maintains an active paid subscription.
• Review: all referrals are subject to the Commission Review Period (60 days).
• Claim: commissions must be claimed within the Commission Claim Period (18 months); unclaimed commissions are forfeited.
• Minimum payout: USD 100 net minimum threshold before commission payment is processed.

2.4 Partner Tier Benefits

Vibe (1–50 clients): – Global partner network access – Basic partner directory listing – Basic onboarding and co-branded marketing resources

Epic (51–250 clients): – All Vibe Tier benefits, plus: – Priority API access (subject to section 14) – Cross-pollination referrals – Expanded directory profile – Enhanced co-marketing support

Titan (251–500 clients): – All Epic Tier benefits, plus: – Dedicated account manager – Enhanced API capabilities – Beta-feature access

Legend (500+ clients): – All Titan Tier benefits, plus: – Strategic partnership status – Custom integrations (where mutually agreed) – Product roadmap consultation – Exclusive perks and partnership privileges

2.5 Duties of Partner

• Good faith. The Partner shall act in good faith and not allow its interests to conflict with its duties under this Agreement.
• The Partner shall use reasonable efforts to make Referrals.
• Compliance with instructions. The Partner shall cooperate with Fiskl and comply with reasonable lawful instructions of Fiskl.
• Professional standards. The Partner shall maintain professional business standards.
• The Partner shall provide regular updates on marketing activity and pipeline as Fiskl reasonably requests.

2.6 Limited authority

• No authority to bind. The Partner has no authority, and shall not hold itself out as authorised, to bind Fiskl or any member of the Fiskl Group.
• No authority to negotiate. The Partner shall not enter into contracts or commitments, incur liability for or on behalf of Fiskl, or negotiate terms of the Fiskl Platforms with Potential Customers.

2.7 Limits on representations

The Partner shall not, without Fiskl’s prior written consent, make any representations, warranties, or other promises concerning the Fiskl Platforms that are not contained in the Marketing Materials.

2.8 Prohibited activities

The Partner must not:

• associate Fiskl, the Fiskl Platforms, or the Marketing Materials with content that is unlawful, harmful, threatening, defamatory, obscene, harassing, sexually explicit, violent, discriminatory, or otherwise objectionable;
• send unsolicited bulk electronic communications (spam) promoting the Fiskl Platforms;
• make unauthorised claims about Fiskl, the Fiskl Platforms, Fi (Fiskl’s conversational AI and orchestration system), or the Fiskl Group;
• misrepresent the nature of the partnership relationship;
• engage in deceptive or misleading marketing;
• bid on Fiskl’s branded keywords without prior written consent;
• use the Fiskl Platforms or Partner access to facilitate fraud, financial crime, or any conduct prohibited under section 7 of the Customer Terms of Service or the Acceptable Use Policy;
• generate fake or fraudulent Referrals, including by creating sock-puppet accounts, self-referring, or fabricating Referral conversions in Partnero.

The activities in (g) and (h) are material breaches that entitle Fiskl to terminate immediately under section 12.

3. Marketing Materials

3.1 Licence

Subject to this Agreement, Fiskl grants the Partner a free, non-exclusive, non-transferable, revocable licence to use the Licensed Marks and Marketing Materials solely to promote the Fiskl Platforms in accordance with this Agreement. Fiskl may revoke this licence at any time by written notice (including email).

3.2 Guidelines

The Partner’s use of Licensed Marks and Marketing Materials is subject to Fiskl’s brand guidelines published at https://fiskl.com/company/partners/ (or successor URL) (the “Guidelines”), as updated from time to time. The Partner shall comply with the Guidelines.

3.3 Co-marketing

Co-marketing support is provided based on Partner Tier as set out in section 2.4.

3.4 Reservation of rights

Fiskl owns all Intellectual Property Rights in the Licensed Marks, the Marketing Materials, the Fiskl Platforms, Fi, the Fiskl-Exclusive Models (as defined in the Customer Terms of Service), and any related content and technology (“Fiskl IP”). Fiskl IP remains vested in Fiskl. The Partner’s use is as a licensee under Fiskl’s control. All goodwill arising from the Partner’s use of the Licensed Marks and Marketing Materials inures to Fiskl.

3.5 Notice of infringement

The Partner shall promptly notify Fiskl of any infringement, suspected infringement, or threatened infringement of the Licensed Marks or Marketing Materials.

4. Referral Process and Tracking

4.1 Process

The Partner refers Potential Customers through Partnero, using unique referral links and tracking codes.

4.2 Tracking

A Referral is attributed to the Partner when:

• the Potential Customer clicks the Partner’s unique referral link;
• the Potential Customer completes a subscription purchase within the Referral Period;
• the subscription is validated through the Commission Review Period.

4.3 Last-click attribution

Where multiple Partner referral links are clicked, the last click before purchase determines attribution.

4.4 No attribution for self-referral or related-party referral

Referrals of the Partner itself, the Partner’s Affiliates, the Partner’s employees or contractors (where the Partner pays for the subscription), or any other related party are not Qualified Referrals.

5. Commission Structure and Payments

5.1 Calculation

Commissions are calculated per Qualified Referral at the rate applicable to the Partner’s current tier.

5.2 Payment processing

• Commissions are processed through Partnero.
• Payments are made within thirty (30) days of the end of each calendar month, provided the minimum payout has been reached.
• The Partner must maintain valid payment information in Partnero.
• Payments are made in USD unless otherwise specified.

5.3 Adjustments

• Refunds: commissions paid on refunded subscriptions are deducted from future commission payments.
• Chargebacks: Fiskl may reclaim commissions for chargebacks.
• Fraudulent activity: Fiskl may withhold or reclaim commissions for suspected fraudulent activity (referrals, payments, or otherwise).

5.4 Reporting

Partnero provides the Partner with real-time access to:

• Referral tracking and attribution data;
• commission calculations and payment history;
• tier status and progression;
• client activity and performance metrics.

5.5 Taxes

All sums payable under this Agreement:

• are exclusive of VAT, sales tax, GST, or other applicable taxes, which the Partner shall add where applicable;
• shall be paid in full without deduction except where required by law (in which case the Partner is responsible for the deducted amounts).

The Partner is responsible for its own tax compliance in respect of commissions earned.

6. Obligations of Fiskl

6.1 Good faith

Fiskl shall act in good faith toward the Partner.

6.2 Information

Fiskl shall provide the Partner with the information reasonably required to carry out the Partner’s duties, including current Marketing Materials and details of the Fiskl Platforms.

6.3 Tier-appropriate support

Fiskl shall provide support consistent with the Partner Tier Benefits in section 2.4.

6.4 Notices of suspension or cessation

Fiskl shall notify the Partner if Fiskl suspends or ceases the Fiskl Platforms in a manner that materially affects the Partner’s pipeline.

6.5 Expenses

Fiskl is not responsible for the Partner’s expenses unless agreed in writing in advance.

6.6 Freedom to pursue or not pursue Referrals

Fiskl is under no obligation to follow up any Referral or to enter into any Subscription Contract.

7. Partner Obligations

7.1 Business standards

The Partner shall:

• maintain valid business registration and licences;
• conduct Program activities professionally and ethically;
• comply with all applicable law (including data-protection, sanctions, anti-bribery, anti-money-laundering, consumer-protection, and tax law);
• follow Fiskl’s partner guidelines and brand requirements;
• maintain accurate records of Program activities;
• protect Fiskl’s Confidential Information;
• participate in required Partner training and certification programmes.

7.2 Marketing and promotion

The Partner shall only use approved Marketing Materials, clearly disclose its Partner relationship with Fiskl, comply with applicable marketing law (including PECR, ePrivacy, CAN-SPAM, TCPA, and equivalents), respect Fiskl’s brand, and obtain approval for any modifications to Marketing Materials.

7.3 Client management

The Partner shall maintain professional relationships with Referred clients, provide accurate information about the Fiskl Platforms, not make unauthorised promises or guarantees, forward client support inquiries to appropriate Fiskl channels, and maintain client confidentiality.

7.4 Atlas Firm overlap

If the Partner is also an Atlas Firm, the Atlas Terms Supplement applies in addition. Where the Partner refers a Potential Customer who becomes an Atlas-managed Customer:

• Charge Us Clients are not eligible for Partner Program revenue-share commissions because the Atlas Firm pays the subscription;
• Client Pays Clients introduced by the Partner are eligible, subject to all other Qualified Referral criteria.

The Partner cannot stack Partner Program commissions on top of Atlas Firm Charge Us billing.

8. Confidentiality and Data Protection

8.1 Confidentiality

The Partner shall keep Fiskl’s Confidential Information confidential, use it only to perform this Agreement, and not disclose it except as permitted by section 10 of the Customer Terms of Service or as required by law.

8.2 Data Protection

Each party shall comply with Data Protection Law in respect of personal data processed under this Agreement (including Partner’s referral data and Potential Customer data the Partner submits to Fiskl through Partnero).

The Partner is responsible for:

• ensuring it has a lawful basis for the personal data it submits to Fiskl through Partnero;
• providing required notices to Potential Customers (including reference to the Fiskl Privacy Policy);
• not transferring sensitive data to Fiskl through the referral process beyond what is necessary;
• cooperating with Fiskl in responding to data-subject requests relating to referral data.

Fiskl processes Partnero referral data in accordance with the Privacy Policy. Where Fiskl acts as Processor in respect of any personal data the Partner submits, the DPA applies.

8.3 Fiskl Group sharing

The Partner acknowledges that referral data and related Partnero data may be shared within the Fiskl Group, with Partnero (the Subprocessor administering the Program), and with the Fiskl Group’s Sub-processors, in accordance with the Subprocessors page and the Privacy Policy.

8.4 Security

The Partner shall maintain appropriate security measures for Confidential Information; notify Fiskl immediately of any actual or suspected security breach; and comply with Fiskl’s security policies as communicated.

8.5 Return or destruction

On termination, the Partner shall return or destroy Fiskl’s Confidential Information in accordance with section 10 of the Customer Terms of Service.

9. Compliance

9.1 General compliance

Each party shall comply with all law applicable to its activities under this Agreement.

9.2 Anti-bribery and anti-corruption

The Partner shall comply with all applicable anti-bribery and anti-corruption law (including the UK Bribery Act 2010 and the US Foreign Corrupt Practices Act).

9.3 Sanctions

The Partner shall not engage with, refer, or transact for the benefit of any person or entity subject to UK, EU, US, or UN sanctions, or any party in a sanctioned jurisdiction.

9.4 AML

The Partner shall comply with all applicable anti-money-laundering and counter-terrorist-financing law.

10. Indemnities

10.1 By Partner

The Partner shall indemnify and defend Fiskl, the Fiskl Group, and their respective officers, employees, agents, and Sub-processors (the “Fiskl Indemnified Parties”) against any claim, action, demand, fine, or proceeding by any third party arising from:

• breach of this Agreement by the Partner;
• the negligence, gross negligence, or wilful misconduct of the Partner or its employees, agents, or contractors;
• failure of the Partner or its employees, agents, contractors, or invitees to comply with applicable law;
• misrepresentation of the Partner’s relationship with Fiskl or the Fiskl Group;
• unauthorised modification of the Marketing Materials;
• submission to Fiskl through the Program of personal data without a lawful basis;
• fraudulent or fake Referrals.

10.2 Sole responsibility

The Partner is solely responsible for its own operations, including the legality of its operations and the materials it uses in connection with this Agreement.

11. Limitation of Liability

11.1 Unlimited liability

Nothing in this Agreement limits or excludes liability for:

• death or personal injury caused by negligence;
• fraud or fraudulent misrepresentation;
• liability under the indemnities in section 10;
• any matter that cannot be limited or excluded by law.

11.2 Limitations

Subject to section 11.1, Fiskl is not liable to the Partner for indirect, incidental, special, consequential, or punitive damages, or for loss of profits, revenue, anticipated savings, goodwill, or reputation, arising under or in connection with this Agreement.

11.3 Total cap

Subject to sections 11.1 and 11.2, Fiskl’s total liability to the Partner under or in connection with this Agreement, in any 12-month period, shall not exceed the total commissions paid (or payable) to the Partner in the 12 months preceding the event giving rise to liability.

11.4 No liability for AI outputs

Section 15.6 of the Customer Terms of Service (no liability for AI-processed or AI-interpreted data) applies to this Agreement to the same extent as to a Customer.

12. Term and Termination

12.1 Term

This Agreement starts on the Effective Date and continues until terminated.

12.2 Termination

• By either party: either party may terminate this Agreement on 30 days’ written notice.
• By Fiskl, immediately and without cure period, if:
• the Partner breaches this Agreement materially;
• the Partner engages in fraudulent activity (including in respect of Referrals, payment, or use of the Fiskl Platforms);
• the Partner damages Fiskl’s reputation or the reputation of the Fiskl Group;
• the Partner violates applicable law (including sanctions, AML, or anti-bribery law);
• the Partner ceases to be a valid business entity;
• the Partner fails to maintain minimum performance standards Fiskl has communicated;
• the Partner misrepresents its relationship with Fiskl or the Fiskl Group;
• bankruptcy, insolvency, administration, receivership, or similar event affects the Partner.

12.3 Effect of termination

• Immediate cessation of Program activities by the Partner;
• removal of all Marketing Materials and Partner badges from Partner properties;
• discontinuation of API access and integrations;
• payment of earned commissions, subject to the Review Period, minimum payout, and Claim Period;
• return or destruction of Confidential Information;
• survival of the provisions intended to survive (confidentiality, indemnities, limitation of liability, governing law, and any other provisions that should reasonably survive).

13. Tier Advancement and Benefits

13.1 Tier calculation

Tier status is calculated based on the cumulative number of active Qualified Referrals.

13.2 Review

Tier status is reviewed monthly. Partners must maintain the minimum thresholds to retain a tier; downgrades may occur if numbers fall below the threshold.

13.3 Benefits

Benefits are provided according to current tier status. Fiskl may modify benefits with 30 days’ notice. Custom benefits for Legend Tier Partners may be documented separately. Access to benefits may be suspended for non-compliance with this Agreement.

14. API and Platform Usage

14.1 Partnero

The Program is administered through Partnero. The Partner must comply with Partnero’s terms and technical requirements.

14.2 Fiskl API usage

• API access is granted according to tier (see Partner Tier Benefits).
• All API usage must comply with Fiskl’s API terms of service and the AUP.
• API rate limits and capabilities vary by tier and are published in Fiskl’s developer documentation.
• API access may be revoked for misuse, security concerns, or breach of section 7 of the Customer Terms of Service.

14.3 Integration requirements

Partners must implement secure authentication, use secure connections for all API calls, protect API credentials and tokens, and obtain Fiskl’s review and approval for material integration implementations before deployment.

14.4 No use of API access for AI training

The Partner must not use Fiskl API access or data accessed through the API to train any AI model (the Partner’s own or any third party’s) without Fiskl’s express prior written consent.

15. Changes to Program Terms

15.1 Modifications

Fiskl may modify the Program, including commission rates, tier structures, payout thresholds, review and claim periods, benefits and requirements, technical specifications and API access, and marketing requirements.

15.2 Notice

Material changes are communicated with at least 30 days’ notice. Changes are posted in Partnero. Continued participation after the notice period constitutes acceptance. Partners may terminate this Agreement under section 12.2(a) if they do not accept changes.

16. Miscellaneous

16.1 Independent contractors

The parties are independent contractors. This Agreement does not create any partnership, joint venture, agency, franchise, sales-representative, or employment relationship.

16.2 Assignment

The Partner may not assign this Agreement without Fiskl’s prior written consent. Fiskl may assign this Agreement within the Fiskl Group or in connection with a corporate transaction, without consent.

16.3 Entire agreement

This Agreement, together with the Customer Terms of Service, the AUP, the Privacy Policy, the DPA, the Subprocessors page, and any Order Form, constitutes the entire agreement between the parties regarding the Program and supersedes all prior agreements (including the prior Global Partner Program Agreement and any prior Referral Partner Agreement).

16.4 Order of precedence

In the event of conflict: (1) Order Form, (2) this Agreement, (3) Customer Terms of Service and the broader Fiskl legal stack.

16.5 Governing law and jurisdiction

This Agreement is governed by the laws of England and Wales. The courts of England and Wales have exclusive jurisdiction.

16.6 Severability

If any provision is held unenforceable, the remaining provisions continue in effect.

16.7 Force majeure

Neither party is liable for failure or delay in performance (other than payment obligations) due to events beyond reasonable control.

16.8 Notices

Notices to Fiskl: legal@fiskl.com (with copy to Fiskl Limited, 6A Thirlmere Road, London, N10 2DN, United Kingdom). Notices to the Partner: as set out in the Partnero registration form.

16.9 Survival

Provisions relating to confidentiality, intellectual property, indemnification, limitation of liability, accrued commissions, and any provision that should reasonably survive, continue after termination.

17. Contact

Fiskl Limited (and the wider Fiskl Group) 6A Thirlmere Road London, N10 2DN United Kingdom Company number: 09330290

This Global Partner Program Agreement is a v2026 full refresh. It supersedes any prior version on the Effective Date. Existing Partners are deemed to be on this version on the Effective Date, unless they object in writing to legal@fiskl.com within 30 days of publication.

Effective: 15 March 2026

The post Fiskl Global Partner Program Agreement first appeared on Fiskl.

It applies to: – Atlas Firms — accounting firms, bookkeeping practices, and equivalent professional services firms that hold an Atlas account; and – Atlas-managed Customers — Customers whose Fiskl Account is created, owned, paid for, or connected to an Atlas Firm under the billing models described below.

If you are an Atlas Firm, the Customer Terms of Service apply to you as the Customer of Atlas, and this Atlas Supplement adds the Atlas-specific terms. If you are a Customer of an Atlas Firm, the Customer Terms of Service apply to you in respect of your own Account, and this Atlas Supplement governs the relationship between you, your Atlas Firm, and Fiskl in respect of that connection.

Defined terms in the Customer Terms of Service apply here unless otherwise stated. In the event of conflict between this Atlas Supplement and the Customer Terms of Service in respect of Atlas-specific functionality, this Atlas Supplement prevails.

This Atlas Supplement supersedes the Accountant Program Terms (previously published at https://fiskl.com/legal/accountant-program-terms/) on the Effective Date.

1. Definitions specific to Atlas

“Atlas” has the meaning given in the Customer Terms of Service.

“Atlas Firm” means an accounting firm, bookkeeping practice, or other professional services firm that has registered for an Atlas account with Fiskl.

“Atlas Firm User” means an individual authorised by an Atlas Firm to access the Atlas account, including Super Admins, Billing Admins, Viewers, Owners, Admins, and Members as defined in section 4.

“Branch” means a unit of an Atlas Firm’s organisation operating in a single billing currency, as configured by the Atlas Firm.

“Charge Us Client” means an Atlas-managed Customer whose Fiskl Subscription is paid for by the Atlas Firm under the Charge Us billing model.

“Charge Us Model” means the billing model in which the Atlas Firm creates and owns the Customer’s Account and pays for the Customer’s Subscription.

“Client Pays Client” means an Atlas-managed Customer whose Fiskl Subscription is paid for by the Customer directly.

“Client Pays Model” means the billing model in which the Customer creates and owns the Account, pays for its Subscription directly, and the Atlas Firm has accountant access on terms granted by the Customer.

“Parent Organisation” means the top-tier entity of the Atlas Firm in Atlas, under which Branches are organised.

“Super Admin” means the Atlas Firm User with full administrative access at the Parent Organisation level.

2. Eligibility

2.1 Who can be an Atlas Firm

Atlas is available to entities that provide accounting, bookkeeping, advisory, tax, audit, or related professional services to multiple clients on a fee-paying or equivalent basis. Atlas Firms must be:

• a registered legal entity (limited company, partnership, sole tradership in good standing, or equivalent in your jurisdiction);
• authorised to provide accounting or bookkeeping services in compliance with applicable regulatory and professional rules in your jurisdiction (including, where required, registration with a recognised professional body such as ICAEW, ACCA, AICPA, CPA Australia, CA ANZ, CPA Canada, SAICA, or equivalent);
• compliant with all applicable rules of professional conduct, anti-money-laundering, sanctions, and tax-adviser regulation that apply to your practice.

By registering for Atlas, you represent and warrant that you meet these requirements and will inform Fiskl promptly if your status changes.

2.2 Fiskl’s right to verify and reject

Fiskl may, at its sole discretion, verify the eligibility of an Atlas Firm at any time, request supporting documentation, suspend an Atlas Firm pending verification, or refuse or terminate Atlas access where eligibility is not satisfied.

2.3 Pricing

Atlas is offered to eligible Atlas Firms free of charge for use of the accountant portal itself. Charge Us Client subscriptions are billed to the Atlas Firm at the rates set out at https://pricing.fiskl.com/ or in an Order Form. Fiskl may introduce paid Atlas tiers in future on terms set out in section 5 of the Customer Terms of Service.

3. Atlas structure: Parent Organisation and Branches

3.1 Parent Organisation

When an Atlas Firm registers, the registering individual becomes the Super Admin of the Parent Organisation. The Parent Organisation provides central oversight of all Branches, Atlas Firm Users, billing, and Customer relationships. The Parent Organisation does not manage Customers directly; that happens at the Branch level.

3.2 Branches

Each Branch represents a location, office, or business unit within the Atlas Firm. Branches operate in a single billing currency, set when the Branch is created. An Atlas Firm operating in multiple currencies should create one Branch per currency.

3.3 Multi-currency

Customer Accounts within a Branch may operate in any currency, regardless of the Branch billing currency. The Branch billing currency only controls how Fiskl bills the Atlas Firm for Charge Us Client Subscriptions and any Atlas Firm fees.

3.4 Configuration changes

The Atlas Firm may add Branches, modify Branch settings, and reconfigure its organisation structure in line with the Fiskl Platforms. Changes that affect Customer Accounts (transfers between Branches, changes to billing currency assignments) must be coordinated by the Atlas Firm and may require Customer notification.

4. Roles and permissions

4.1 Organisation-level roles

Atlas provides three organisation-level roles applicable across all Branches:

• Super Admin — full access to all Branches, Atlas Firm Users, billing, and configuration. The first registered Atlas Firm User holds this role.
• Billing Admin — visibility into invoices, charges, and upcoming fees across all Branches; no client-management or team-management rights.
• Viewer — read-only access to all Branches and Customer data.

4.2 Branch-level roles

For each Branch, the Atlas Firm may assign Atlas Firm Users one of three roles:

• Owner — full control over the Branch including billing and team management.
• Admin — manages clients and team members within the Branch, with limited billing access.
• Member — works with assigned clients but cannot manage team or billing.

The same Atlas Firm User may hold different roles in different Branches.

4.3 Granular customisation

The Atlas Firm may further customise role permissions for specific Atlas Firm Users where the Fiskl Platforms support such customisation, including removing specific permissions (such as billing access) from any role.

4.4 Atlas Firm responsibility

The Atlas Firm is responsible for assigning, modifying, and revoking Atlas Firm User roles in line with its internal access policies and applicable professional standards. Fiskl relies on the Atlas Firm’s role assignments and is not responsible for the consequences of inappropriate or untimely role changes.

5. Adding Customers — billing models

5.1 Three connection methods

An Atlas Firm may add a Customer to a Branch using one of three methods:

• Charge Us — Atlas Firm creates the Account. The Atlas Firm creates the Customer’s Account and pays the Subscription. The Atlas Firm owns the Account.
• Client Pays — Atlas Firm invites the Customer. The Atlas Firm sends an invitation; the Customer signs up, creates their own Account, and pays their own Subscription. The Customer owns the Account.
• Client Pays — Customer invites the Atlas Firm. The Customer signs up to Fiskl independently and invites the Atlas Firm to access their Account. The Customer owns the Account.

5.2 Billing-model attributes

The attributes of the two billing models are:

5.3 Locked billing model

The billing model for a Customer cannot be changed after the Account is connected. To change billing models, the Atlas Firm and Customer must follow the documented switching procedure, which involves disconnecting and reconnecting under the new model.

5.4 Mixed models within a Branch

An Atlas Firm may operate Charge Us Clients and Client Pays Clients within the same Branch. The Atlas Firm may apply different billing models to different Customer relationships based on the nature of each engagement.

6. Charge Us model — specific terms

6.1 Atlas Firm as Customer for the Subscription

For Charge Us Clients, the Atlas Firm is the Customer of Fiskl in respect of the Subscription. The Atlas Firm is responsible to Fiskl for paying Subscription fees, complying with the Customer Terms of Service in respect of the Subscription, and managing Subscription-level matters.

6.2 Customer relationship preserved

The Charge Us Client (the underlying business whose accounting is managed in the Account) is the natural-person or entity user of the Fiskl Platforms. The Charge Us Client receives the User Terms of Service and accepts them on first access to the Account.

6.3 Account ownership and disconnection

The Atlas Firm owns the Charge Us Client’s Account. The Charge Us Client cannot unilaterally disconnect the accountant relationship. The Atlas Firm may at any time:

• terminate the Charge Us Client’s Account;
• transfer ownership of the Charge Us Client’s Account to the Charge Us Client (converting it to a Client Pays Account); or
• export Customer Data on instructions from the Charge Us Client.

6.4 Atlas Firm fiduciary obligations to Charge Us Clients

The Atlas Firm acknowledges that it holds Customer Data of its Charge Us Clients in a position of professional trust. The Atlas Firm is solely responsible for:

• compliance with the professional confidentiality, conflict-of-interest, and fiduciary obligations applicable to it under the rules of its regulatory body and the laws of its jurisdiction;
• communicating with Charge Us Clients about the use of the Fiskl Platforms, the Atlas Firm’s processing of Customer Data, and any termination of the Atlas Firm’s services to the Charge Us Client;
• providing access to and copies of Customer Data on lawful instruction from the Charge Us Client, including in connection with regulatory inspections, professional disciplinary processes, and litigation.

6.5 End of the Atlas Firm — Charge Us Client relationship

When the Atlas Firm — Charge Us Client relationship ends (whether by termination by either party, disengagement, or cessation of the Atlas Firm), the Atlas Firm must offer to the Charge Us Client one of the following options:

• transfer of Account ownership to the Charge Us Client (converting to a Client Pays model);
• export of Customer Data and termination of the Account;
• such other transition as the Atlas Firm and Charge Us Client agree.

The Atlas Firm must give the Charge Us Client reasonable notice and provide reasonable cooperation. Fiskl will support the chosen transition by providing the necessary tooling.

6.6 Fiskl support of ownership transfer

Where the Atlas Firm initiates an Account ownership transfer to a Charge Us Client, Fiskl will execute the transfer through the Fiskl Platforms tooling provided for that purpose, or where such tooling is not yet available, by manual process coordinated through accountant_support@fiskl.com, subject in each case to verification of the Charge Us Client’s consent and identity. After transfer, the former Charge Us Client becomes a Client Pays Client and assumes responsibility for the Subscription, its payment method, and the Account.

6.7 Atlas Firm payment failure and step-in rights

Charge Us billing operates monthly in arrears. If an Atlas Firm fails to pay an invoice, becomes insolvent, ceases to be eligible under section 2, or otherwise becomes unable to fulfil its obligations to Charge Us Clients, the Charge Us Clients themselves are at risk of losing access to their accounts through no fault of their own. Fiskl reserves the following step-in rights to protect Charge Us Clients:

• Notification to Charge Us Clients. After two (2) Business Days following an Atlas Firm payment failure, or sooner where an Atlas Firm becomes insolvent or ineligible, Fiskl may notify each affected Charge Us Client directly of the situation, the risk to continued access, and the available transition options.
• Atlas Firm access suspension. Fiskl may suspend the Atlas Firm’s access to the affected Accounts, the Branch, or the Atlas Firm’s entire Atlas presence.
• Charge Us Client transition options. Fiskl may offer each affected Charge Us Client the option to:
• take ownership of its Account by converting to a Client Pays Account, providing its own payment method, and continuing the Subscription directly with Fiskl on the equivalent tier;
• export Customer Data and terminate the Account;
• migrate to another Atlas Firm willing to take over the relationship under the Charge Us model (subject to that firm’s acceptance and Fiskl’s eligibility checks).
• Data preservation. Fiskl will preserve Customer Data of affected Charge Us Clients for at least ninety (90) days from the suspension date, and longer where required by law or by ongoing transition activity, to facilitate orderly transition.
• Direct billing in transition. Where a Charge Us Client elects to take ownership under section 6.7(c)(i), Fiskl may charge that Charge Us Client directly for the period from suspension forward, and the Atlas Firm remains liable to Fiskl for the unpaid pre-suspension billing.
• No liability to Atlas Firm for step-in. The Atlas Firm acknowledges and agrees that Fiskl’s step-in rights under this section 6.7 are essential to protect Charge Us Clients and Fiskl, and that Fiskl is not liable to the Atlas Firm for exercising those rights in good faith.

This section is a backstop and does not substitute for the Atlas Firm’s primary obligations under sections 6.4 and 6.5.

7. Client Pays model — specific terms

7.1 Customer is the Customer

For Client Pays Clients, the Customer is the Customer of Fiskl in respect of the Subscription, applies the Customer Terms of Service, and pays Fiskl directly.

7.2 Atlas Firm access

The Atlas Firm has access to the Client Pays Client’s Account based on the access level granted by the Client Pays Client. Access is governed by the Customer Terms of Service.

7.3 Disconnection by either party

Either the Client Pays Client or the Atlas Firm may disconnect the relationship at any time. Disconnection ends the Atlas Firm’s access to the Account but does not affect the Client Pays Client’s continued use of the Fiskl Platforms or its Subscription.

7.4 No Atlas Firm fiduciary backing

For Client Pays Clients, Fiskl’s contractual relationship is with the Client Pays Client. The Atlas Firm’s professional duties to its Client Pays Client are between those parties.

8. Atlas Firm responsibilities for AI training and Data Products

8.1 Default position for Atlas-managed Customer Data

For Customer Data of Atlas-managed Customers (both Charge Us Clients and Client Pays Clients), Fiskl applies the rights granted in section 4.2, section 4.5, and section 8 of the Customer Terms of Service in respect of AI training, Aggregated Data, and Data Products, subject to the following Atlas-specific protections.

8.2 Atlas Firm as fiduciary in respect of Charge Us Clients

The Atlas Firm holds professional confidentiality duties to its Charge Us Clients. By onboarding a Charge Us Client onto Atlas, the Atlas Firm represents that:

• it has informed the Charge Us Client (or otherwise has the right) of Fiskl’s processing of Customer Data, including for AI training and Data Products on the terms of the Customer Terms of Service;
• it has obtained the consents, or has the lawful basis, required under its professional regulations and the laws of its jurisdiction to permit such processing;
• it will inform the Charge Us Client of Fiskl’s controls (including the opt-out mechanism) and assist the Charge Us Client in exercising those controls if requested.

8.3 Atlas Firm-level controls

The Atlas Firm may apply controls at the Parent Organisation or Branch level over the use of its Charge Us Clients’ Customer Data in AI training and Data Products. Where the Fiskl Platforms provide such controls, Fiskl will offer at minimum:

• a Branch-level setting to opt all Charge Us Clients on a Branch out of Customer-Data-based AI training and Data Products processing (with effect prospectively only, in line with section 8.7 of the Customer Terms of Service);
• per-Charge-Us-Client opt-out at Atlas Firm request.

Where the Fiskl Platforms do not yet provide these controls in-app, the Atlas Firm may request equivalent treatment by emailing dpo@fiskl.com, and Fiskl will give effect to the request on a forward-looking basis.

8.4 Client Pays Clients control their own data

For Client Pays Clients, the opt-out under section 8.6 of the Customer Terms of Service is exercised directly by the Client Pays Client. The Atlas Firm may inform and assist the Client Pays Client in considering and exercising the opt-out.

8.5 Aggregated Data

Aggregated Data derived from Atlas-managed Customers is subject to the same treatment as Aggregated Data generally. The Atlas Firm acknowledges and accepts that Aggregated Data is owned by Fiskl and may be used in Data Products, on the basis that it is irreversibly de-identified.

9. Atlas Firm conduct

The Atlas Firm:

• will conduct its activities through Atlas in accordance with applicable laws, regulations, and the rules of its professional regulator;
• will use the Atlas Firm’s name and brand in association with Fiskl only as expressly permitted under the Customer Terms of Service;
• will not represent itself as Fiskl or as authorised to bind Fiskl in any matter beyond the role of an Atlas Firm using Atlas;
• will not disparage Fiskl, the Fiskl Platforms, or other Atlas Firms;
• will not use Atlas to facilitate any breach of professional conduct rules, anti-money-laundering rules, sanctions, or other applicable law.

10. Charge Us billing — operational terms

10.1 Monthly invoicing

Fiskl invoices the Atlas Firm monthly per Branch for all Charge Us Client Subscriptions on that Branch. The invoice is denominated in the Branch billing currency.

10.2 Pro-rata billing

Adding or upgrading a Charge Us Client mid-cycle is prorated based on the date of addition or upgrade. Downgrades and removals take effect at the next billing cycle.

10.3 Payment method

The Atlas Firm must maintain a verified payment method through Stripe for each Branch operating under the Charge Us Model, in the Branch billing currency.

10.4 Late payment

Sections 5.7 and 12 of the Customer Terms of Service apply. Suspension of an Atlas Firm’s Subscription affects access to all Charge Us Client Accounts on the affected Branch. Fiskl will use reasonable efforts to give prior notice and to coordinate transition options for affected Charge Us Clients before suspension takes hold.

10.5 Disputes

Billing disputes must be raised within 30 days of invoice. Fiskl will investigate in good faith and credit any amount agreed to be incorrectly billed.

11. Atlas Firm support

11.1 Support channels

Fiskl provides Atlas Firms with in-app chat support and access to the Fiskl help documentation. Email support is available at the addresses listed at https://help.fiskl.com/atlas/. Fiskl may offer paid support tiers in future.

11.2 No professional advice

Fiskl support staff and Fi (Fiskl’s conversational AI and orchestration system) provide product information, technical guidance, and accounting tooling. They do not provide legal, tax, audit, or professional accounting advice, and Fi outputs are not regulated advice in any jurisdiction. Atlas Firms remain solely responsible for the professional advice they provide to their clients.

12. Referral program — Atlas Firms

12.1 Eligibility for the partner program

Atlas Firms may be eligible to participate in Fiskl’s Global Partner Program (or a successor referral program). The terms of the Global Partner Program govern that participation. Where Atlas Firms also participate in the Global Partner Program, the partner program terms apply in addition to this Atlas Supplement.

12.2 Referral attribution

Referral attribution is tracked through Fiskl’s partner-program platform (currently Partnero). Charge Us Clients are not eligible for partner-program referral commissions because the Atlas Firm is the payer; Client Pays Clients introduced by an Atlas Firm may be eligible subject to the partner program terms.

13. Confidentiality and Customer Data

13.1 Customer Data of Atlas-managed Customers

The Atlas Firm acknowledges that Customer Data of Atlas-managed Customers is the Confidential Information of those Customers. The Atlas Firm must use Customer Data only for the purpose of providing professional services to that Customer, in accordance with applicable professional rules and the Atlas Firm’s engagement letter or equivalent with the Customer.

13.2 No use of Charge Us Client Customer Data for own benefit

The Atlas Firm must not use Charge Us Client Customer Data for the Atlas Firm’s own benefit (other than to provide the contracted professional services) or for the benefit of any third party, except as permitted under applicable law and the engagement with the Charge Us Client.

13.3 Compliance with the DPA and Atlas Firm DPA

Where the Atlas Firm acts as Processor for a Charge Us Client (Controller), the Atlas Firm is responsible for entering into appropriate processor terms with the Charge Us Client, separate from this Atlas Supplement. Fiskl acts as Sub-processor in that arrangement.

In addition to the master Data Processing Addendum (DPA) at https://fiskl.com/legal/data-processing-addendum/, Fiskl makes available a separate Atlas Firm DPA addressing the firm-as-Processor / Fiskl-as-Sub-processor relationship in Atlas. The Atlas Firm DPA is incorporated by reference where executed and governs the data-processing aspects of the Atlas Firm’s use of Atlas in respect of Charge Us Clients managed under the firm’s professional engagement. To request the Atlas Firm DPA, contact dpo@fiskl.com.

14. Term and termination

14.1 Term

This Atlas Supplement starts on the day the Atlas Firm registers (or the date specified in any Order Form) and continues until terminated.

14.2 Termination by Atlas Firm

The Atlas Firm may terminate this Atlas Supplement at any time by terminating its Atlas account. Atlas Firm-initiated termination triggers the Atlas Firm’s obligations to its Charge Us Clients under section 6.5.

14.3 Termination by Fiskl

Fiskl may terminate this Atlas Supplement on the grounds and in the manner set out in section 12 of the Customer Terms of Service, including for failure to maintain eligibility under section 2, breach of section 9, or non-payment of Charge Us billing.

14.4 Effect of termination

On termination of this Atlas Supplement:

• the Atlas Firm’s access to Atlas ends;
• Charge Us Client Accounts are handled in accordance with section 6.7 to protect those Charge Us Clients;
• Client Pays Clients retain access to their Accounts; the Atlas Firm’s accountant access is removed;
• provisions that survive termination of the Customer Terms of Service also survive termination of this Atlas Supplement, in respect of Atlas matters.

15. Liability allocation

15.1 Between Atlas Firm and Fiskl

The liability provisions of the Customer Terms of Service (section 15) apply between the Atlas Firm and Fiskl. The Atlas Firm’s liability cap is the greater of the fees paid by the Atlas Firm to Fiskl in the 12 months preceding the event giving rise to liability (including Charge Us Client Subscription fees paid by the Atlas Firm to Fiskl) and GBP 100.

15.2 Atlas Firm indemnity to Fiskl

In addition to section 14.3 of the Customer Terms of Service, the Atlas Firm will indemnify Fiskl against third-party claims arising from:

• the Atlas Firm’s professional services to its Charge Us Clients or Client Pays Clients;
• the Atlas Firm’s failure to fulfil its obligations under section 6.4 or 6.5;
• the Atlas Firm’s misrepresentation of its eligibility under section 2;
• the Atlas Firm’s misuse of Customer Data of Atlas-managed Customers.

15.3 No Fiskl liability for Atlas Firm services

Fiskl is not a party to the engagement between the Atlas Firm and its clients. Fiskl is not liable for the Atlas Firm’s professional services, advice, omissions, or compliance with professional rules.

16. Cross-references and precedence

This Atlas Supplement is incorporated into the Customer Terms of Service.

In the event of conflict: – between this Atlas Supplement and the Customer Terms of Service in respect of Atlas-specific matters, this Atlas Supplement prevails; – between this Atlas Supplement and the DPA in respect of personal data processing, the DPA prevails; – between this Atlas Supplement and the Privacy Policy in respect of Personal Data of Atlas Firm Users, the Privacy Policy prevails.

17. Changes to this Atlas Supplement

Changes are made on the basis set out in section 11 of the Customer Terms of Service.

18. Contact

Fiskl Limited 6A Thirlmere Road London, N10 2DN United Kingdom Company number: 09330290

This Atlas Terms Supplement is a v2026 initial publication. It supersedes the Accountant Program Terms (effective 8 October 2024) on the Effective Date. Existing Atlas Firms transition to this Atlas Supplement on the Effective Date. Existing Customers managed under the prior Accountant Program Terms continue to be managed under this Atlas Supplement unless objected to in writing within 30 days.

Effective: 15 March 2026

The post Atlas Terms of Service first appeared on Fiskl.

• enterprise customers and their procurement, security, and risk teams;
• accountancy firms and partners conducting third-party risk assessments;
• banks, payment processors, and other commercial partners;
• regulators and auditors with a legitimate basis for review.

Fiskl publishes this Trust Center to provide transparency about how we protect Customer Data and how we operate the Fiskl Platforms. This document is incorporated by reference into the Customer Terms of Service and is updated as our programme evolves.

For requests not addressed below, contact trust@fiskl.com. For data protection matters, contact dpo@fiskl.com.

1. Information security programme

Fiskl operates an Information Security Management System (ISMS) aligned with industry-standard frameworks. The ISMS covers:

• governance, roles, and responsibilities;
• risk assessment and risk register management;
• access control, identity, and authentication;
• data protection and privacy;
• secure development lifecycle;
• vendor and Sub-processor management;
• incident detection and response;
• business continuity and disaster recovery;
• physical and environmental security (for cloud-based infrastructure, supplied by AWS and Google Cloud);
• personnel security, training, and awareness;
• compliance and audit.

The ISMS is reviewed by Fiskl management and updated as the business and threat landscape evolve.

2. Certifications and attestations

Fiskl is committed to obtaining and maintaining third-party attestations appropriate to its customer base:

Where a customer’s procurement process requires SOC 2 Type II or ISO 27001 attestation as a condition of engagement, Fiskl engages with the customer on the timeline and scope.

3. Technical and organisational measures

The technical and organisational measures supporting the Fiskl Platforms are set out in detail in Annex II of the Data Processing Addendum (DPA) at https://fiskl.com/legal/data-processing-addendum/. Highlights:

• TLS 1.2+ encryption in transit; AES-256 encryption at rest
• Multi-region cloud infrastructure on AWS and Google Cloud
• Logical separation of customer environments
• Role-based access control with least-privilege defaults
• AWS Cognito for the Atlas accountant portal authentication layer (with multi-factor authentication options)
• Self-hosted authentication for non-Atlas customers
• Cloudflare for DDoS protection, web application firewall, and bot protection
• Vulnerability scanning, penetration testing, and secure software development lifecycle
• Background checks and confidentiality obligations for personnel
• Documented incident response plan
• AI Provider contractual obligations prohibiting training on Customer Data and limiting data retention

4. Service availability

4.1 Target availability

Fiskl targets 99.9% monthly availability for the production Service, measured at the application layer and excluding scheduled maintenance windows and force majeure events.

4.2 Scheduled maintenance

Scheduled maintenance is performed during low-usage windows. Customers are notified in advance for any maintenance expected to materially affect the Fiskl Platforms.

4.3 Historical availability

Recent availability metrics are published at https://status.fiskl.com (when available) or are provided on request to enterprise customers.

4.4 Service Level Agreement (SLA)

A contractually-binding SLA with credits, covering availability, response times for severity-graded incidents, and support obligations, is available for qualifying Subscription tiers under an Order Form.

5. Insurance

Fiskl maintains a comprehensive insurance programme placed through a UK FCA-regulated coverholder, CFC Underwriting Limited, a recognised Lloyd’s-of-London coverholder for technology insurance, with cover written by Lloyd’s syndicates and other regulated insurers including Zurich Insurance, Markel International Insurance, HDI Global Speciality SE, and Everest Insurance, on the CFC Technology (GB) policy wording.

The programme provides worldwide territorial scope (including the United States) and includes the following cover types:

• Professional Liability (Errors and Omissions) — covering negligent acts, errors and omissions; breach of contract; sub-contractor vicarious liability; intellectual property infringement and defamation; regulatory costs and fines; dishonesty of employees; and payment of withheld fees;
• Network Security and Privacy Liability — covering network security liability; privacy liability; management liability arising from cyber events; regulatory investigation costs; and PCI fines, penalties, and assessments;
• Cyber Incident Response — including 24/7 incident-response hotline access to CFC Response (the panel breach-response provider), with cover for incident response costs, legal and regulatory costs, IT security and forensic costs, crisis communication costs, and privacy breach management costs (first-party and third-party);
• System Damage and Business Interruption — for cyber-event-driven business interruption, including direct loss of profits, increased cost of working, dependent business interruption, consequential reputational harm, and hardware replacement;
• Public and Products Liability;
• Personal and Advertising Injury;
• Pollution Liability;
• Employee Crime (internal and external theft);
• Cyber Extortion;
• Loss Mitigation;
• Reputation and Brand Protection;
• Employers’ Liability (UK statutory);
• Directors and Officers / Management Liability (placed through a separate Management Liability package).

The programme operates on a claims-made basis (standard for professional and cyber cover) with retroactive cover dating back several years. Cover is reviewed at each annual renewal with the broker.

Specific cover limits, deductibles, named insurers, retroactive dates, and policy wording are not published but are available to qualifying customers in a Certificate of Insurance under non-disclosure terms. Requests should be sent to trust@fiskl.com.

Cyber incident response hotline: in the event of a customer-affecting cyber incident, Fiskl operates a documented incident response process aligned with section 9 of the DPA. CFC Response is engaged as the panel provider for breach-response services.

6. Sub-processor management

Fiskl engages Sub-processors only where necessary to deliver the Fiskl Platforms. Each Sub-processor is contractually bound by data protection obligations no less protective than those Fiskl owes to the Customer.

The current list of Sub-processors is at https://fiskl.com/legal/fiskl-subprocessors/. The list is updated when Sub-processors are added, removed, or replaced. Customers may subscribe to Sub-processor change notifications by emailing dpo@fiskl.com.

7. Incident response and breach notification

Fiskl maintains a documented incident response plan covering detection, triage, containment, eradication, recovery, and post-incident review. Where a Personal Data Breach occurs:

• Fiskl notifies affected Customers without undue delay and, where reasonably practicable, within 48 hours of becoming aware (as set out in section 9 of the DPA);
• the notification includes the nature of the breach, categories and approximate numbers of data subjects and records concerned, likely consequences, and remediation measures;
• Fiskl cooperates with the Customer to support the Customer’s own breach-notification obligations to supervisory authorities and data subjects.

8. Business continuity and disaster recovery

Fiskl operates business continuity and disaster recovery arrangements covering: – multi-region cloud infrastructure with failover capability – regular backups, encrypted at rest, with tested restoration procedures – documented BCP and DR plans, periodically reviewed and updated – recovery time objectives (RTO) and recovery point objectives (RPO) appropriate to the criticality of the Fiskl Platforms

Specific RTO/RPO targets are available to qualifying customers under non-disclosure.

9. Personnel security

Fiskl personnel: – are subject to background checks where lawful in the relevant jurisdiction – enter into confidentiality and data protection commitments – complete mandatory information security and privacy training, refreshed annually – are subject to defined onboarding and offboarding procedures, including timely revocation of access on departure – are granted access on a least-privilege, need-to-know basis with regular review

10. Banking and payment partner due diligence

Fiskl integrates with regulated banking aggregators (Yodlee, Salt Edge, WIO Bank) and payment processors (Stripe, GoCardless, PayPal). Each partner is independently regulated and subject to its own security and compliance obligations:

• Yodlee — SOC 1, SOC 2, ISO 27001, ISO 27018 (Envestnet | Yodlee programme)
• Salt Edge — ISO 27001 certified; PSD2-licensed AISP
• Stripe — PCI DSS Level 1 Service Provider; SOC 1, SOC 2 Type II
• WIO Bank — UAE Central Bank-licensed digital bank with applicable banking regulator security obligations
• GoCardless — FCA-authorised; ISO 27001
• PayPal — PCI DSS Level 1 Service Provider

Fiskl conducts due diligence on partners before engagement and reviews periodically.

11. AI Provider obligations

Fiskl uses AI Providers (Anthropic, Google Gemini/Vertex AI, AWS Bedrock) for inference and Fiskl-Exclusive Model fine-tuning. Each AI Provider is contractually:

• prohibited from using Customer Data to train its own general-purpose models;
• prohibited from retaining Customer Data beyond the period necessary to deliver the contracted service;
• prohibited from disclosing Customer Data to any further third party except as required by law.

Fiskl also operates proprietary self-built AI models trained on its own infrastructure. See section 8 of the Customer Terms of Service and the Subprocessors page for full detail.

12. Regulatory and legal compliance

Fiskl operates in compliance with: – UK GDPR and the Data Protection Act 2018 – EU GDPR – US state privacy laws (CCPA/CPRA and equivalents) – LGPD (Brazil), PIPEDA (Canada), POPIA (South Africa), PDPA (Singapore), UAE PDPL, India DPDP Act, and other applicable data protection laws (see Privacy Policy section 17) – UK Bribery Act 2010 and equivalent anti-bribery laws – UK and EU sanctions regimes; US OFAC sanctions where applicable – UK Modern Slavery Act 2015 (statement available on request) – applicable anti-money-laundering and counter-terrorist-financing laws as relevant to Fiskl’s role as a SaaS provider (Fiskl is not a regulated financial institution)

13. Independent assurance

Fiskl supports customer-led assurance activities including: – security questionnaires (SIG, CAIQ, custom enterprise questionnaires) – vendor risk assessments – audit rights as set out in section 8 of the DPA – access to third-party attestation reports under NDA where available

14. Contact

Fiskl Limited 6A Thirlmere Road London, N10 2DN United Kingdom Company number: 09330290

This Trust Center is published as part of Fiskl’s v2026 legal stack refresh and is updated as the security, certification, and operational programme evolves.

Effective: 15 March 2026

The post Fiskl Trust Center first appeared on Fiskl.

It applies to Customer Data processed by Fiskl as a Processor on behalf of the Customer (Controller). Defined terms used in this page have the meaning given in the Customer Terms of Service, the Privacy Policy, and the Data Processing Addendum (DPA).

1. How Fiskl manages Subprocessors

Before engaging any Subprocessor, Fiskl conducts due diligence on the Subprocessor’s privacy, security, and confidentiality practices. Fiskl enters into a written contract with each Subprocessor that:

• requires the Subprocessor to process Customer Data only on Fiskl’s documented instructions;
• imposes confidentiality, security, and data protection obligations no less protective than those Fiskl owes to the Customer;
• restricts onward transfers and engagement of further sub-processors;
• supports the lawful cross-border transfer mechanisms set out in the Privacy Policy and DPA;
• includes audit cooperation and incident notification obligations;
• where the Subprocessor is an AI infrastructure or model provider (“AI Provider”), explicitly prohibits the AI Provider from using Customer Data to train its own general-purpose AI models, prohibits unnecessary retention, and prohibits onward disclosure, in line with section 8.2 of the Customer Terms of Service.

Fiskl maintains an internal vendor risk register and reviews Subprocessors regularly.

2. Notification of changes

Fiskl will publish updates to this page when adding, removing, or replacing a Subprocessor.

Subscription notifications. Customers can subscribe to Subprocessor change notifications by emailing dpo@fiskl.com with the subject line “Subprocessor notifications.” Subscribed Customers receive notice of new Subprocessors at least 30 days before the new Subprocessor begins processing Customer Data, except where the addition is necessary to address a security or operational emergency, in which case notice will be provided as soon as reasonably practicable.

Customer right to object. A Customer may object to a new Subprocessor on reasonable data protection grounds by notifying Fiskl within the 30-day notice period. Fiskl will work in good faith to resolve the objection. If the objection cannot be resolved, the Customer may terminate the affected Subscription on the terms set out in the DPA and receive a pro-rata refund of unused fees.

3. Subprocessors

The current list of Subprocessors is set out below, grouped by category. Locations indicate the country of incorporation of the Subprocessor and, where different, the principal location at which Customer Data is processed.

3.1 Infrastructure and hosting

3.2 Banking and financial data integrations

3.3 Payment processing for invoice payments

3.4 AI infrastructure and model providers

Fiskl engages AI Providers to deliver Fi (Fiskl’s conversational AI and orchestration system) and other AI-driven features. Each AI Provider is contractually prohibited from using Customer Data to train its own general-purpose AI models, from retaining Customer Data beyond the period necessary to deliver the contracted service, and from disclosing Customer Data to any further third party except as required by law.

Fiskl-built models. In addition to third-party model providers, Fiskl operates proprietary, self-built AI models trained and operated by Fiskl using its own infrastructure (provided by the cloud infrastructure providers listed in section 3.1). Self-built models are not third-party Subprocessors of Customer Data — Fiskl is the sole party processing Customer Data for those models. The licence to train, fine-tune, evaluate, and improve Fiskl-built models is granted in section 8.3 of the Customer Terms of Service.

3.5 Communications

3.6 Customer support and engagement

Fiskl operates its in-app chat, support ticketing, and customer engagement tooling on open-source software self-hosted by Fiskl on the cloud infrastructure providers listed in section 3.1. There is no third-party Subprocessor of Customer Data in this layer. Communications you send to Fiskl support are processed within Fiskl’s own infrastructure.

3.7 Analytics and product telemetry

In-product usage analytics and telemetry are processed using open-source software self-hosted by Fiskl on the cloud infrastructure providers listed in section 3.1. There is no third-party Subprocessor of in-product telemetry data.

3.8 Security, identity and authentication, fraud detection, and abuse prevention

Fraud and abuse detection. Fiskl does not engage a dedicated third-party identity verification or KYC provider. Fraud signals and abuse detection are derived from: – security and risk features provided by Amazon Web Services, Inc. as part of the cloud infrastructure listed in section 3.1; and – payment-side fraud signals provided by Stripe, Inc. in connection with the payment-processing services listed in sections 3.2 and 3.3.

No additional Subprocessor of Customer Data is engaged for KYC or sanctions screening at this time.

3.9 Practice and partner management

3.10 Other

4. Fiskl Group affiliates

Members of the Fiskl Group (Fiskl Limited and its current and future Affiliates) may process Customer Data as Sub-processors of the Contracting Fiskl Entity, on the same contractual terms that apply to third-party Sub-processors.

Current members of the Fiskl Group:

The current list is also published at https://fiskl.com/legal/fiskl-group/ once available. Customers will be notified of new Fiskl Group entities through the same notification mechanism described in section 2.

Fiskl Group entities are bound by intra-group data processing agreements and the security obligations set out in the Subprocessor terms of this DPA.

5. Cross-border transfers and residency

Subprocessors are located in multiple jurisdictions. Fiskl uses lawful cross-border transfer mechanisms appropriate to the source jurisdiction, as set out in section 7 of the Privacy Policy. Banking-source-of-record residency (such as UAE residency for WIO Bank-sourced data) is preserved where required.

6. Aggregated Data and Data Products

Aggregated Data — irreversibly de-identified, anonymised, or statistical data derived from Customer Data — is not Customer Data and is owned by Fiskl. Where Fiskl licenses or shares Aggregated Data with third parties as part of Data Products, those third parties are not Subprocessors of Customer Data because they do not receive Customer Data. The recipients of Aggregated Data are governed by separate contractual terms.

7. Change history

8. Contact

Fiskl Limited 6A Thirlmere Road London, N10 2DN United Kingdom Company number: 09330290

Effective: 15 March 2026

The post Fiskl Subprocessors first appeared on Fiskl.

The Fiskl web properties are organised into distinct layers, each with a different cookie posture:

• The marketing and informational website (com) — uses strictly necessary, functional, analytics, and (where you consent) marketing cookies, as described in this policy.
• The Fiskl platform domains (fiskl.com and pricing.fiskl.com) — these are separate from the marketing website. They host registration, pricing, login, checkout, and the logged-in Service. They use only strictly necessary cookies required for the Fiskl Platforms and the registration and checkout flow to function (security, authentication, session, fraud prevention), plus a limited set of conversion-measurement cookies where you have consented on the unauthenticated pages. Third-party analytics and marketing cookies are not deployed inside the logged-in Service.

If you have questions, contact privacy@fiskl.com. For data protection matters, contact dpo@fiskl.com.

1. What are cookies and similar technologies

A “cookie” is a small text file stored on your device when you visit a website. Cookies are widely used to make websites work efficiently, to remember your preferences, to support security, and to provide analytics and marketing.

We also use other technologies that perform a similar function, including:

• local storage and session storage in your browser;
• pixel tags, web beacons, and tracking pixels;
• software development kit (SDK) signals on the Fiskl mobile applications;
• server-side tracking where applicable.

In this Cookie Policy, references to “cookies” include these similar technologies unless the context requires otherwise.

Cookies can be:

• First-party — set by Fiskl on Fiskl-controlled domains;
• Third-party — set by another organisation through code embedded in the Sites;
• Session — temporary, deleted when you close your browser;
• Persistent — kept until they expire or you delete them.

2. How Fiskl uses cookies

Fiskl uses cookies in four categories.

2.1 Strictly necessary

These cookies are required for the Sites to function. They cannot be disabled because doing so would prevent the Sites from working. Examples:

• session and authentication cookies that keep you signed in;
• security cookies that detect fraud and protect against attack;
• load-balancing and infrastructure cookies that route your requests correctly;
• consent record cookies that remember your cookie preferences.

Strictly necessary cookies do not require your consent.

2.2 Functional

These cookies remember choices you make and provide enhanced features. Examples:

• preferred language and region;
• display preferences (dark mode, layout);
• recently viewed items;
• form auto-fill data within the Fiskl Platforms.

We treat functional cookies as opt-in where required by your jurisdiction’s law.

2.3 Analytics

These cookies help us understand how visitors use the Sites so we can improve them. Examples:

• counting visits and traffic sources;
• measuring page performance;
• identifying user-experience issues;
• aggregated reporting on feature usage.

Analytics cookies require your consent in jurisdictions where the law requires it (including the UK and EEA).

2.4 Marketing

These cookies are used to deliver and measure marketing about Fiskl. Examples:

• attribution of marketing campaigns;
• frequency capping on advertising;
• conversion measurement;
• retargeting on third-party platforms.

Marketing cookies require your consent in jurisdictions where the law requires it.

3. Third-party cookies on fiskl.com

The following third parties may set cookies through fiskl.com when you have consented (where consent is required):

Fiskl does not knowingly permit the setting of third-party cookies on logged-in pages of the Fiskl Platforms (the application itself, accessible via app.fiskl.com), other than strictly necessary cookies needed for the Fiskl Platforms to function. Marketing and analytics technologies are limited to the marketing and informational pages on fiskl.com.

The current set of third-party providers and the specific cookies they set is published in the Cookie Preferences centre accessible from the cookie banner and from the footer of fiskl.com.

4. Your choices and how to control cookies

4.1 Fiskl’s custom cookie consent banner

On your first visit to fiskl.com, and at any time afterwards via the Cookie Preferences link in the footer, you can:

• accept all cookies;
• reject all non-strictly-necessary cookies;
• customise your preferences by category (Functional, Analytics, Marketing);
• withdraw or change your consent at any time.

Your choices are stored in a consent record cookie on your device and apply to your interactions with fiskl.com on that device and browser. We retain a record of your consent for compliance purposes.

4.2 Browser controls

You can also control cookies through your browser’s privacy and security settings, including blocking, deleting, and being notified before cookies are set. Each browser provides different controls. Help pages from major browser providers:

• Google Chrome
• Apple Safari (Desktop)
• Apple Safari (Mobile)
• Mozilla Firefox
• Microsoft Edge
• Opera

If you block strictly necessary cookies, parts of the Sites will not function correctly.

4.3 Mobile devices

On iPhone, iPad, and Android devices, you can use device-level controls to limit ad tracking, reset advertising identifiers, and control App Tracking Transparency where supported.

4.4 Opt-outs for advertising networks

You can opt out of interest-based advertising provided by participating networks at:

• Digital Advertising Alliance: https://youradchoices.com
• Network Advertising Initiative: https://thenai.org/opt-out/
• European Interactive Digital Advertising Alliance: https://www.youronlinechoices.com/

These tools opt you out of categories of advertising, not from individual cookies.

4.5 Withdrawing consent for the Fiskl Platforms

The Fiskl Platforms (the application itself) only set strictly necessary cookies for their operation. There is no analytics or marketing cookie consent requirement within the logged-in Service.

5. “Do Not Track” signals and Global Privacy Control

We honour Global Privacy Control (GPC) signals where the law of your jurisdiction recognises GPC as an opt-out mechanism (including California under CPRA and Colorado under CPA). When a recognised GPC signal is detected, we treat it as a request to opt out of sale and sharing of personal information.

The legacy “Do Not Track” (DNT) browser signal is no longer widely supported by browsers as a privacy mechanism, and there is no consensus on how websites should respond. We do not modify our cookie practices based on DNT alone, but our cookie banner provides equivalent and more granular controls.

6. Cookies and personal data

Some cookies and similar technologies process information that is personal data under UK GDPR, EU GDPR, and equivalent laws. Where they do, the processing is governed by the Privacy Policy at https://fiskl.com/legal/privacy-policy/, including:

• the legal bases for processing (Privacy Policy section 4);
• your rights as a data subject (Privacy Policy section 8);
• the supervisory authority for your jurisdiction (Privacy Policy section 9);
• jurisdiction-specific notices (Privacy Policy section 17).

7. Children

The Sites are not directed at children under 16. We do not knowingly use cookies to collect personal data from children. If you believe a child has been able to set cookies that involve personal data, contact dpo@fiskl.com.

8. Changes to this Cookie Policy

We may update this Cookie Policy from time to time. Material changes are effective 30 days after we post notice. Non-material changes (clarifications, corrections, structural updates) are effective on posting. Continued use of the Sites after the effective date constitutes acceptance.

The current version is always available at https://fiskl.com/legal/cookie-policy/.

9. Contact

Fiskl Limited (and the wider Fiskl Group) 6A Thirlmere Road London, N10 2DN United Kingdom Company number: 09330290

Effective: 15 March 2026

The post Cookie Policy first appeared on Fiskl.

Defined terms in the Customer Terms of Service apply here unless otherwise stated. Where this AUP is read by a User of an Atlas Firm or a Customer’s Authorized User, references to “you” mean the natural person using the Fiskl Platforms and, where applicable, the Customer or Atlas Firm responsible for that person’s access.

Fiskl may update this AUP from time to time on the basis set out in section 11 of the Customer Terms of Service.

1. Purpose

The AUP exists to protect Fiskl, our customers, our partners, our Authorized Users, and the natural persons whose data flows through the Fiskl Platforms. Fiskl is a financial platform: misuse can cause direct financial harm to third parties, breach criminal and regulatory law, and damage the integrity of the Fiskl Platforms. We enforce this policy strictly.

2. You must

When using the Fiskl Platforms, you must:

• comply with all laws and regulations applicable to your activity, including data protection, financial reporting, tax, anti-money-laundering, sanctions, anti-bribery, consumer-protection, and intellectual property law;
• provide accurate and complete information when registering, billing, and operating your Account, and keep that information current;
• only submit Customer Data that you have the right to submit, that does not infringe third-party rights, and that you can lawfully process;
• only record genuine, verifiable financial events that have actually occurred or that are bona-fide planned (such as a draft invoice for a real proposed transaction);
• maintain reasonable security over your Account credentials, including using strong passwords, enabling multi-factor authentication where available, and notifying Fiskl promptly of any suspected unauthorised access;
• ensure that your Authorized Users comply with this AUP and the User Terms of Service, and exercise reasonable supervision over their use of the Fiskl Platforms;
• comply with the rate limits, fair-use thresholds, and technical requirements published by Fiskl from time to time;
• cooperate with Fiskl in good faith on security investigations, fraud investigations, and inquiries from banking partners, payment processors, AI Providers, regulators, and law enforcement, where Fiskl is required or reasonably entitled to investigate or respond.

3. You must not — financial integrity

You must not use the Fiskl Platforms to:

• issue, send, record, or generate fake, fictitious, false, sham, or fraudulent invoices, quotes, receipts, expenses, transactions, journal entries, payments, or other financial records;
• record financial activity that did not actually occur or that is materially mischaracterised;
• facilitate, conceal, or disguise money laundering, terrorist financing, sanctions evasion, tax evasion, VAT fraud (including missing-trader and carousel fraud), invoice fraud, identity fraud, synthetic-identity fraud, or any other financial crime;
• misrepresent your or any third party’s financial position to lenders, investors, insurers, banks, regulators, tax authorities, professional advisers, customers, vendors, employees, or any other party — including by inflating revenue, suppressing liabilities, fabricating receivables, generating misleading reports, or backdating transactions;
• initiate Bad-Faith Chargebacks (as defined in section 5.9 of the Customer Terms of Service) — including disputing a charge after substantive use of the Fiskl Platforms, after a free or promotional period, or to avoid payment for benefit already received — or manipulate payment-processor disputes;
• manipulate, falsify, or interfere with banking integration data, including by tampering with imported transactions, fabricating bank feed entries, or misrepresenting the source of funds;
• use the Fiskl Platforms to launder content for fraudulent purposes, including by generating documentation to support a fraudulent narrative;
• use the Fiskl Platforms in connection with any business activity that is itself unlawful in your or your client’s jurisdiction.

The activities in this section 3 are material breaches of the Contract regardless of whether they also constitute a criminal or regulatory offence. Fiskl may suspend or terminate access immediately on detection or on reasonable suspicion, and may report to law enforcement, tax authorities, banking partners, and other appropriate parties as set out in section 12.5A of the Customer Terms of Service.

4. You must not — sanctions, restricted parties, and prohibited regions

You must not:

• use the Fiskl Platforms if you are, or if a controlling party of your business is, a person or entity subject to UK, EU, US, or UN sanctions, including persons listed on the UK Sanctions List, the EU Consolidated Sanctions List, the US OFAC SDN list, or equivalent;
• use the Fiskl Platforms to provide goods, services, or financial benefit to a sanctioned person or sanctioned regime;
• export or re-export the Fiskl Platforms to a destination prohibited by export-control law;
• access the Fiskl Platforms from a region in which use is prohibited by law applicable to Fiskl or by Fiskl’s published terms.

5. You must not — security and integrity of the Fiskl Platforms

You must not:

• attempt to gain unauthorised access to the Fiskl Platforms, to other customers’ Accounts, to Fiskl’s infrastructure, or to any third-party system through the Fiskl Platforms;
• circumvent any access control, rate limit, throttling, audit logging, security feature, or technical protection measure;
• probe, scan, or test the vulnerability of the Fiskl Platforms except under a published responsible disclosure or bug bounty programme;
• introduce viruses, worms, malware, ransomware, logic bombs, time bombs, backdoors, or any other harmful code into the Fiskl Platforms;
• initiate or participate in denial-of-service attacks, distributed denial-of-service attacks, or excessive automated traffic against the Fiskl Platforms;
• reverse-engineer, decompile, disassemble, or otherwise attempt to derive the source code, architecture, or models underlying the Fiskl Platforms, except to the extent permitted by mandatory law;
• crawl, scrape, or harvest data from the Fiskl Platforms except through authorised APIs, within published rate limits, and in accordance with the terms governing API use;
• mass-create accounts, use disposable email addresses for account creation, or evade Fiskl’s account-creation controls;
• circumvent or interfere with billing, metering, or usage tracking.

6. You must not — Fi and AI features

When using Fi (Fiskl’s conversational AI and orchestration system) or any other AI feature in the Fiskl Platforms, you must not:

• attempt prompt injection, jailbreaking, or other techniques to bypass Fi’s safety controls or to cause Fi to operate outside its intended scope;
• attempt to extract, reconstruct, or infer other customers’ Customer Data, Personal Data of other customers’ data subjects, or confidential information of Fiskl through Fi or other AI features;
• attempt to extract or reconstruct Fiskl’s prompts, system instructions, model weights, training data, or other proprietary AI assets through Fi or other AI features;
• rely on Fi outputs as legal, tax, audit, or professional accounting advice, or otherwise treat Fi outputs as authoritative without independent verification;
• use Fi to generate content that is unlawful, deceptive, defamatory, harassing, infringing, or harmful;
• automate Fi interactions in a way that exceeds published rate limits or that constitutes abusive load on the system;
• submit Customer Data to Fi that you do not have the right to submit, or that includes Special Categories of Personal Data without complying with section 5 of the DPA.

If you discover a vulnerability, exploit, or unintended behaviour in Fi, please report it through Fiskl’s responsible disclosure channel at security@fiskl.com.

7. You must not — content and conduct

You must not use the Fiskl Platforms to:

• transmit or store unlawful, infringing, defamatory, harassing, threatening, hateful, fraudulent, or otherwise harmful content;
• violate any person’s privacy, including by submitting Customer Data without a lawful basis, by harvesting personal data, or by tracking individuals without consent where consent is required;
• infringe any patent, trademark, copyright, database right, trade secret, or other intellectual property right;
• impersonate any person or entity, or misrepresent your affiliation with any person or entity;
• send unsolicited bulk communications (spam) through the Fiskl Platforms or via Service-generated emails (such as invoice or quote emails);
• target minors or use the Fiskl Platforms in ways that would harm a person who is or appears to be under 16;
• engage in mass automated communications prohibited by applicable communications law (for example, the UK PECR, EU ePrivacy, US TCPA / CAN-SPAM, equivalents).

8. You must not — competitive and commercial misuse

You must not:

• access the Fiskl Platforms to build a competing product or service, to copy or reverse-engineer Fiskl’s features, designs, models, or workflows, or for the benefit of any direct competitor of Fiskl;
• use the Fiskl Platforms for the benefit of, or to provide services to, a Patent Assertion Entity (defined in the Customer-Specific Supplement);
• sublicense, resell, redistribute, or otherwise commercially exploit the Fiskl Platforms to third parties except as expressly permitted (for example, an Atlas Firm providing services to its clients through Atlas);
• misuse Fiskl’s trademarks, logos, brand names, or marketing assets, including by registering similar domain names, by setting up unauthorised co-branded pages, or by misrepresenting your status as a Fiskl partner;
• misuse the Partner Program, the Ambassador Program, or any referral system, including by self-referring, using fake accounts to claim commissions, or fabricating referral conversions.

9. Atlas Firm-specific obligations

If you are an Atlas Firm or an Atlas Firm User, in addition to the rest of this AUP you must:

• use Atlas only in compliance with the rules of your professional regulator and the laws applicable to your practice (including AML/KYC obligations applicable to accountants where relevant in your jurisdiction);
• comply with your professional confidentiality obligations to your clients, including in your use of Customer Data of Atlas-managed Customers and in your interactions with Fi about your clients’ affairs;
• not use Atlas Firm access to a client’s Account for purposes outside the scope of your professional engagement with that client;
• not transfer or grant access to Atlas Firm User accounts to any person who is not authorised by your firm under section 4 of the Atlas Terms Supplement.

10. Fair use and rate limits

Fiskl applies fair-use thresholds and rate limits to protect the Fiskl Platforms for all customers. Current limits are published at [https://fiskl.com/legal/fair-use/] (to be confirmed and published by Fiskl engineering before publication of this AUP), and may include limits on:

• API calls per minute and per day;
• Fi AI queries and tokens per Subscription tier and per day;
• Bulk creation operations (invoices, quotes, contacts, products, transactions);
• Bulk import operations and file size;
• Document storage and attachment storage;
• Outbound emails generated by the Fiskl Platforms (invoice, reminder, quote, recurring);
• Authentication and login attempts.

Fiskl may modify these limits to address abuse, capacity issues, or product changes. Where reasonably possible, customers will be notified in advance of material reductions to fair-use thresholds.

11. Reporting and responsible disclosure

If you become aware of conduct in violation of this AUP, of a security vulnerability in the Fiskl Platforms, or of suspected misuse:

Fiskl will treat reports confidentially to the extent permitted by law. We do not retaliate against good-faith reporters.

12. Enforcement

Fiskl may, in response to a breach or suspected breach of this AUP:

• issue a warning;
• require corrective action within a stated period;
• suspend access to the Fiskl Platforms in whole or in part, with or without prior notice, in accordance with section 12.5 of the Customer Terms of Service;
• terminate the Contract for cause in accordance with section 12.3 of the Customer Terms of Service;
• report to law enforcement, regulators, tax authorities, banking partners, payment processors, AI Providers, and other appropriate parties, in accordance with section 12.5A of the Customer Terms of Service;
• cooperate with civil or criminal proceedings against the offending party;
• recover from the offending party the reasonable costs of investigation and remediation, where permitted by law.

The remedies in this section are cumulative and in addition to all other rights available to Fiskl at law or in equity.

13. Atlas Firm responsibility for its Users

Where an Atlas Firm User breaches this AUP, the relevant Atlas Firm is responsible for the breach to the same extent as if the breach had been committed by the Atlas Firm directly. The Atlas Firm must take reasonable steps to ensure its Atlas Firm Users comply with this AUP, including through training, monitoring, and prompt action on suspected misuse.

14. Customer responsibility for Authorized Users

Where an Authorized User of a Customer breaches this AUP, the Customer is responsible for the breach to the same extent as if the breach had been committed by the Customer directly.

15. Contact

Fiskl Limited (and the wider Fiskl Group) 6A Thirlmere Road London, N10 2DN United Kingdom Company number: 09330290

Effective: 15 March 2026

The post Acceptable Use Policy first appeared on Fiskl.

It applies to: – Customers who hold an account with Fiskl; – Authorized Users invited to a Customer’s account; – Atlas Firms using the accountant portal; – Visitors to fiskl.com and our other websites; – Data Subjects whose information appears in Customer Data (the Customer’s customers, vendors, employees, and contractors); and – anyone else who interacts with Fiskl.

This Privacy Policy is incorporated into the Customer Terms of Service. Definitions used in the Customer Terms apply here unless otherwise stated.

Global scope. Fiskl operates a global Service across 200+ jurisdictions. This Privacy Policy is designed to provide a single, coherent description of our data practices that complies with applicable data protection laws worldwide, including but not limited to:

• United Kingdom (UK GDPR, Data Protection Act 2018);
• European Economic Area (EU GDPR, ePrivacy Directive);
• United States — all states in which Fiskl serves Customers and the District of Columbia. As of the Effective Date this includes the comprehensive privacy laws of California (CCPA / CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MTCDPA), Iowa (ICDPA), Tennessee (TIPA), Indiana (INCDPA), Delaware (DPDPA), New Hampshire (NHDPA), New Jersey (NJDPA), Maryland (MDPA), Minnesota (MNCDPA), Rhode Island (DTPPA), Kentucky (KCDPA), Nebraska (NDPA), and other state privacy laws as enacted from time to time; the Washington My Health My Data Act (MHMDA) and Nevada SB 370 in respect of consumer health data; and sectoral and federal laws including HIPAA (where applicable per Customer-Specific Supplement section 3), GLBA (where applicable), FERPA, and equivalent;
• Canada (PIPEDA federally, Quebec’s Law 25, and provincial laws);
• Brazil (LGPD);
• Australia (Privacy Act 1988 and the Australian Privacy Principles);
• New Zealand (Privacy Act 2020);
• Singapore (PDPA);
• Japan (APPI);
• South Korea (PIPA);
• South Africa (POPIA);
• Mexico (LFPDPPP);
• India (DPDP Act);
• United Arab Emirates (Federal PDPL; DIFC and ADGM data protection regulations);
• Saudi Arabia (PDPL);
• Turkey (KVKK);
• Switzerland (FADP);
• and other applicable laws in countries where the Fiskl Platforms are used.

Where a specific national or regional law grants you rights or imposes obligations on Fiskl beyond those set out in this Privacy Policy, those rights and obligations apply in addition to (and where stricter, in place of) the general provisions of this Privacy Policy. Section 18 contains jurisdiction-specific notices for selected regions.

1. Who is the controller of your data

The “Fiskl Group” means Fiskl Limited and its current and future direct and indirect Affiliates worldwide engaged in providing or supporting the Fiskl Platforms.

Within the Fiskl Group, the entity that controls or processes your personal data depends on your location and the context of the processing:

• Fiskl Limited, a company incorporated in England and Wales (company number 09330290), registered at 6A Thirlmere Road, London, N10 2DN, United Kingdom — current Contracting Fiskl Entity for customers globally and Data Importer under cross-border transfer mechanisms;
• Fiskl, Inc. (or another Fiskl Group entity formed in the United States) — once incorporated, the Contracting Fiskl Entity for US-domiciled customers and a member of the Fiskl Group acting as Sub-processor for other regions;
• other Fiskl Group entities formed in future for specific regions, on the same basis.

The current list of Fiskl Group entities is published at https://fiskl.com/legal/fiskl-group/ once published, or available on request to dpo@fiskl.com.

References in this Privacy Policy to “Fiskl”, “we”, “us”, and “our” mean the relevant Fiskl Group entity that is processing your personal data in the relevant context.

For data protection purposes, our role depends on what data is involved:

For Customer Data we process as a Processor, the terms of our Data Processing Addendum (DPA) govern that relationship.

Our Data Protection Officer can be contacted at dpo@fiskl.com.

2. Information we collect

2.1 Customer Data

Customer Data is the information a Customer or its Authorized Users submit to or generate within the Fiskl Platforms. This includes:

• Invoices, quotes, and customer records;
• Expense records, bills, and vendor records;
• Bank transactions, balances, and account metadata imported via banking integrations;
• Payment processor data imported via Stripe and other payment integrations;
• Time and mileage tracking entries;
• Journal entries, chart of accounts data, and accounting records;
• Tax records and tax authority registration data;
• Documents, attachments, and receipts uploaded to the Fiskl Platforms;
• Inputs and outputs of conversations with Fi, and other AI-processed and AI-interpreted data Fi handles on your instruction;
• Configuration, preferences, and settings within the Customer’s account.

2.2 Account information

Account information is data about a Customer or Authorized User as a holder of an account. This includes:

• Name, business name, business registration number, and tax identification numbers;
• Email address, phone number, postal address;
• Login credentials (passwords are stored hashed; we never receive bank login credentials);
• Role and permissions within the account;
• Subscription plan, billing currency, and Atlas branch where applicable;
• Payment method information, processed by our payment partner (Stripe). We do not store full card numbers.

2.3 Usage data and telemetry

Usage data describes how the Fiskl Platforms are used. This includes:

• Pages, features, and screens accessed within the Fiskl Platforms;
• Actions taken (invoices created, reports run, AI queries submitted, integrations connected);
• Click and scroll behaviour within the application;
• Device type, operating system, browser, screen resolution, language, time zone;
• IP address (used for security, fraud prevention, and approximate geolocation);
• Application logs, crash reports, performance traces;
• Cookies and similar identifiers (see the Cookie Policy);
• AI interaction metadata (request count, latency, error rates).

2.4 Banking integration data

When a Customer connects a bank, payment processor, or other financial account, we receive transaction data, balances, and account metadata via our banking partners (Yodlee, Salt Edge, Stripe, WIO Bank, and others as listed in the Subprocessors page). Login credentials to the financial institution are handled by the relevant banking partner under their direct relationship with the Customer. Fiskl never sees, stores, or has access to those credentials.

2.5 Communications with Fiskl

When you contact us by email, in-app chat, or other channels, we receive your communications and any information you choose to share, including support requests, feedback, and questions for Fi.

2.6 Information about Data Subjects in Customer Data

Customer Data submitted by a Customer often includes personal data of other natural persons — the Customer’s own customers, vendors, employees, contractors, and other individuals (collectively, “Data Subjects”). This data may include name, contact details, payment details, banking information relevant to a transaction, and other information necessary to invoice, pay, or account for a transaction.

Fiskl processes Data Subjects’ personal data on the instructions of the Customer (who is the Controller), unless otherwise stated in this Privacy Policy.

2.7 Information from third parties

We may receive information about you from:

• Banking partners delivering transaction data to your account;
• Payment processors (such as Stripe) confirming payment status;
• Identity verification or fraud-prevention services (where used);
• Public information, such as company registers and tax authority public databases;
• Marketing partners and advertising networks for visitors to fiskl.com;
• Atlas firms who invite a client into the platform.

3. How we use information

We use the information described in section 2 for the purposes set out below. The legal basis under UK GDPR / EU GDPR for each purpose is identified in section 4.

3.1 To provide the Fiskl Platforms

We use Customer Data and Account information to deliver the Fiskl Platforms, process transactions, run reports, deliver AI features, sync banking data, send invoices, accept payments, and otherwise perform the Customer Terms.

3.2 To operate Fiskl as a business

We use Account information, Usage data, and other operational data to administer accounts, bill Customers, enforce the Customer Terms, prevent fraud and abuse, ensure security and integrity, comply with law, and manage corporate matters.

3.3 To improve the Fiskl Platforms and develop new products

We use Customer Data, Aggregated Data, and Usage data to improve features, fix defects, develop new features and products, conduct research, and produce statistical reporting on the Fiskl Platforms. This includes the AI training and Data Product activities described in sections 3.4 and 3.5.

3.4 To train, fine-tune, and evaluate AI models

We use Customer Data and Aggregated Data to train, fine-tune, evaluate, refine, and improve: – Fiskl’s own AI models, including Fi and any future Fiskl AI features and products; – AI models that are owned by, exclusively licensed to, or developed for the exclusive use of Fiskl (“Fiskl-Exclusive Models”), where Fiskl engages an AI Provider, research partner, or other third party to build them.

We do not provide raw Customer Data to third-party AI developers for training of those third parties’ general-purpose AI models. Where third-party AI Providers receive data from Fiskl, that data is either Aggregated Data, or it relates to a Fiskl-Exclusive Model.

When we use AI Providers (such as model and inference providers) to deliver AI features to you, we contract with them on terms that prohibit the AI Provider from using Customer Data to train their own general-purpose models, prohibit unnecessary retention, and prohibit onward disclosure.

3.5 To develop and operate Data Products

We use Customer Data and Aggregated Data to develop, operate, market, license, and sell Data Products as defined in the Customer Terms — including industry benchmarking, market intelligence, credit and lending insight products, analytics, AI-powered services for banks and financial institutions, regulatory and compliance products, embeddings and trained model artefacts, data feeds and APIs, and research outputs. Data Products are developed using Aggregated Data unless they are Fiskl-Exclusive Models built on Customer Data.

3.6 To communicate with you

We use Account information and Usage data to send Service-related communications (security alerts, billing notifications, feature updates), to respond to support requests, and — where you have opted in or where law allows — to send marketing communications about Fiskl products and partner offers.

3.7 To meet legal and regulatory obligations

We use information as needed to comply with applicable law, respond to legal requests, exercise or defend legal claims, and meet regulatory or audit obligations.

3.8 To detect and prevent fraud, abuse, and harm

We use information to detect, prevent, and respond to fraud, security incidents, abuse of the Fiskl Platforms, and risks to Customers, Authorized Users, Data Subjects, Fiskl, or third parties.

4. Legal bases for processing

Where the law of your jurisdiction requires a legal basis for processing personal data (such as UK GDPR, EU GDPR, LGPD in Brazil, POPIA in South Africa, and similar regimes), we rely on the bases set out in the table below. Where we rely on legitimate interests (or its functional equivalent under non-EU law), we have conducted a Legitimate Interests Assessment (LIA) and balanced our interests against the rights and freedoms of data subjects. You can request a summary of the relevant LIA by contacting dpo@fiskl.com.

The table references UK GDPR / EU GDPR Article numbers because they are the most widely-recognised reference framework. The same purposes are supported under equivalent provisions in LGPD, POPIA, PIPEDA, and other regimes (including consent, performance of contract, legal obligation, legitimate interests, and similar bases).

For our processing of Data Subjects’ personal data on behalf of a Customer (Customer Data), the Customer is the Controller and is responsible for ensuring there is a valid legal basis for that processing.

You have the right to object to processing based on legitimate interests. See section 8.

5. AI training, Data Products, and your data

This section explains in plain English what Fiskl does and does not do with your data in connection with AI and data monetisation.

What Fiskl does: – Trains Fi and other Fiskl AI models on Customer Data. – Engages selected AI Providers and research partners to build AI models that are owned by, exclusively licensed to, or developed for Fiskl, using Customer Data. – Calls third-party AI inference providers (such as large language model providers) to deliver AI features to you, on contracts that prohibit those providers from training their own general-purpose models on your Customer Data. – Generates Aggregated Data — irreversibly de-identified, anonymised, or statistical data — from Customer Data and Service usage. – Uses Aggregated Data to develop, market, license, and sell Data Products to third parties (including banks, lenders, fintechs, regulators, and other businesses). – Treats Aggregated Data and AI models trained on Customer Data as Fiskl assets.

What Fiskl does not do: – Sell raw Customer Data. – Share raw Customer Data with third-party AI developers so they can train their general-purpose AI models. – Use special category data (health, biometric, religious or philosophical belief, sexual orientation, ethnic origin, trade union membership) for AI training or Data Products without explicit consent. – Train AI models on a Customer’s data in ways that would expose that Customer’s information to other Customers in their use of Fi.

Your controls: – Opt-out from AI training and Data Products — you can opt your Customer Data out of use for AI training and Data Products in your Account settings, where required by data protection law. The opt-out is forward-looking and does not require Fiskl to delete or retrain models that have already been built using your data prior to your opt-out. – Special category data — excluded by default, with an opt-in mechanism for explicit consent if needed for a specific use case. – Atlas firms — accounting firms using Atlas have additional controls over AI training and Data Product use of their clients’ Customer Data, set out in the Atlas Terms Supplement. – Right to object — under UK GDPR / EU GDPR Article 21, you may object to processing based on legitimate interests. Fiskl will assess the request and respond in accordance with the law.

6. How we share information

We share information only in the circumstances described below.

6.1 With Subprocessors

We use third-party Subprocessors to deliver the Fiskl Platforms, including infrastructure providers (AWS, Google Cloud), banking integration partners (Yodlee, Salt Edge, WIO Bank), payment processors (Stripe), AI Providers, communications providers (SendGrid, Twilio), analytics providers, customer-support tools, and others. The current list is at https://fiskl.com/legal/fiskl-subprocessors/. Subprocessors process information only on Fiskl’s instructions and on contractual terms aligned with this Privacy Policy and the DPA.

6.2 With banking and payment partners

When a Customer connects a banking integration or payment processor, the Customer’s data flows between the Customer, Fiskl, and the relevant partner. The partner’s own privacy policy governs the partner’s processing of that data.

6.3 With Atlas firms and accountants

Where a Customer is connected with an Atlas firm or accountant, the firm or accountant has access to the Customer’s data based on the connection level chosen by the Customer. Atlas firm access is governed by the Atlas Terms Supplement.

6.4 With other Authorized Users and Customers in shared contexts

Information appears within the Customer’s account based on the role and permissions configured by the Customer.

6.5 With Data Product purchasers and partners

We share Aggregated Data and Fiskl-Exclusive Model outputs with third parties as part of Data Products, on the basis described in section 3.5. Aggregated Data shared in this way is de-identified and is not, in our reasonable assessment, capable of re-identification to you, your Authorized Users, or Data Subjects.

6.6 With professional advisers

We share information with our auditors, lawyers, accountants, insurers, and similar advisers under confidentiality obligations.

6.7 In a corporate transaction

If Fiskl is involved in a merger, acquisition, financing, restructuring, sale of business, or insolvency event, information may be transferred to a counterparty, prospective counterparty, or successor entity, subject to confidentiality protections.

6.8 To comply with law

We share information where required by law, court order, or regulatory authority, or where we believe disclosure is necessary to protect rights, property, or safety of Fiskl, our Customers, Data Subjects, or others.

6.9 With your consent

We share information at your direction or with your consent.

We do not sell Customer Data. References to selling, licensing, or sharing of Aggregated Data and Data Products in this Privacy Policy and the Customer Terms relate exclusively to data that has been de-identified or that constitutes outputs of Fiskl-Exclusive Models, in accordance with section 5.

7. International transfers

Fiskl is established in the United Kingdom. Subprocessors and Service infrastructure are located in multiple jurisdictions, including the United States, the European Economic Area, the United Kingdom, the United Arab Emirates, Canada, and other countries. Customer Data may be processed in any of these jurisdictions in connection with the Fiskl Platforms.

We use lawful cross-border transfer mechanisms appropriate to the source jurisdiction:

Transfers from the UK: – UK International Data Transfer Agreement (IDTA); – UK Addendum to the EU Standard Contractual Clauses; – Adequacy decisions (e.g. UK adequacy regulations).

Transfers from the EEA: – EU Standard Contractual Clauses in their then-current form; – Adequacy decisions of the European Commission; – Other Article 46 GDPR safeguards as applicable.

Transfers from Switzerland: – Swiss-equivalent Standard Contractual Clauses recognised by the FDPIC.

Transfers from Brazil (LGPD): – ANPD-approved standard contractual clauses, adequacy decisions, or Customer consent as applicable.

Transfers from other jurisdictions: – We rely on the lawful transfer mechanisms recognised in each source jurisdiction, including consent, contractual safeguards, binding corporate rules, adequacy decisions, and other mechanisms applicable under PIPEDA, the Australian Privacy Principles, Singapore PDPA, UAE PDPL, POPIA, India DPDP Act, and equivalent laws.

Supplementary measures. Where required by supervisory authority guidance (such as the Schrems II framework in the EEA), we apply additional technical, organisational, and contractual measures to ensure equivalent protection during transfer.

Data residency. Certain banking integration data is subject to data residency requirements imposed by banking regulators (for example, banking data sourced through WIO Bank for UAE customers, or US-sourced banking data). We design the Fiskl Platforms to comply with such residency obligations where applicable.

Copies of the relevant transfer mechanisms are available on request to dpo@fiskl.com or as part of our DPA.

8. Your rights

Subject to applicable law, you have rights in respect of your personal data. Where Fiskl is the Controller, you can exercise these rights with us directly. Where Fiskl is the Processor (for Customer Data on a Customer’s instructions), please contact the Customer first, and Fiskl will assist the Customer in responding.

The rights described below are not exhaustive. Where the law of your jurisdiction grants additional or different rights, those rights apply.

8.1 UK and EEA (UK GDPR, EU GDPR)

• Right of access;
• Right to rectification;
• Right to erasure (“right to be forgotten”);
• Right to restriction of processing;
• Right to data portability;
• Right to object — including to processing based on legitimate interests, AI training, and Data Products;
• Right to withdraw consent;
• Right not to be subject to solely automated decision-making with legal or similarly significant effects;
• Right to lodge a complaint with a supervisory authority.

8.2 United States (CCPA / CPRA and other state privacy laws)

You have rights under the comprehensive privacy law of your state of residence. The exact rights vary by state but include the following (provided in California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, Rhode Island, Kentucky, Nebraska, and other state privacy laws as enacted):

• Right to know what personal information is collected, used, shared, sold, or processed;
• Right to access a copy of your personal information;
• Right to delete personal information;
• Right to correct inaccurate personal information;
• Right to data portability;
• Right to opt out of sale or sharing of personal information;
• Right to opt out of processing for targeted advertising;
• Right to opt out of profiling that produces legal or similarly significant effects;
• Right to limit use and disclosure of sensitive personal information;
• Right to appeal a privacy-rights-request decision (where required by state law);
• Right to non-discrimination for exercising privacy rights.

Specific health-data rights apply under the Washington My Health My Data Act (MHMDA) and Nevada SB 370 for consumer health data. Where applicable, Fiskl Customers (rather than Fiskl) are typically the regulated party for “consumer health data” under these laws; see Customer-Specific Supplement section 3.

Fiskl does not “sell” personal information in the conventional commercial sense. Our processing of Aggregated Data and operation of Data Products is described in section 5; we do not provide raw Customer Data to third-party AI developers for training their general-purpose models. Where state law defines “share” or “process for targeted advertising” expansively, we honour your opt-out — including via Global Privacy Control (GPC) signals where recognised by state law (currently California under CPRA and Colorado under CPA).

8.3 Canada (PIPEDA, Quebec Law 25, and provincial laws)

• Right to access;
• Right to challenge accuracy;
• Right to withdraw consent;
• Right to be informed of automated decision-making;
• Right to data portability (Quebec).

8.4 Brazil (LGPD)

• Right to confirmation and access;
• Right to correction;
• Right to anonymisation, blocking, or deletion;
• Right to portability;
• Right to information about sharing;
• Right to revoke consent;
• Right to oppose processing;
• Right to review of automated decisions.

8.5 Australia (Privacy Act / Australian Privacy Principles) and New Zealand (Privacy Act 2020)

• Right to access;
• Right to correction;
• Right to make a privacy complaint;
• Right to anonymity or pseudonymity where practicable.

8.6 Singapore (PDPA), Japan (APPI), South Korea (PIPA)

• Right to access;
• Right to correction;
• Right to withdraw consent;
• Right to deletion or restriction in defined circumstances;
• Other rights as provided under each law.

8.7 South Africa (POPIA)

• Right of access;
• Right to correction or deletion;
• Right to object to processing;
• Right to lodge a complaint with the Information Regulator.

8.8 UAE (Federal PDPL, DIFC, ADGM)

• Right to access;
• Right to correction;
• Right to deletion;
• Right to object;
• Right to data portability;
• Right to restrict processing;
• Right to withdraw consent.

8.9 Other jurisdictions

Where the data protection law of your jurisdiction grants you rights not listed above (including but not limited to Mexico’s LFPDPPP, Turkey’s KVKK, India’s DPDP Act, Saudi Arabia’s PDPL, and others), those rights apply.

8.10 Exercising your rights

To exercise your rights, contact dpo@fiskl.com or use the privacy controls in your Account. We respond within the timeframes required by the applicable law (typically 30 days under UK/EU GDPR, 45 days under CCPA, 15 days under LGPD, and similar timeframes elsewhere). Where the law allows, we may extend this period for complex requests on notice to you.

We do not discriminate against anyone for exercising privacy rights.

9. Data protection authorities and complaints

If you believe we have infringed your data protection rights, you have the right to lodge a complaint with the supervisory authority in your jurisdiction. Selected authorities:

URLs are provided for convenience and may change over time. The current version of this Privacy Policy is always available at https://fiskl.com/legal/privacy-policy/.

Our lead supervisory authority in the UK is the ICO. For EEA-related matters, we welcome contact through any EEA supervisory authority and will cooperate with the lead authority designated under the one-stop-shop mechanism where applicable.

We invite you to contact us first at dpo@fiskl.com so we have the opportunity to address your concerns.

10. Data retention

We retain personal data for as long as necessary for the purposes for which it was collected, including:

• Customer Data: while the Customer’s account is active and as required to provide the Fiskl Platforms. After account termination, Customer Data is deleted in accordance with section 12.6 of the Customer Terms (typically within 30 days, subject to legal retention obligations).
• Account information: while the account is active and for a reasonable period afterwards for record-keeping, billing, and legal purposes.
• Usage data: typically for up to 24 months, unless a longer retention is justified for security, fraud, or legal reasons.
• Aggregated Data and Fiskl-Exclusive Models: indefinitely. Once Customer Data has been used to train a model or has been irreversibly aggregated, the resulting model or Aggregated Data does not need to be deleted on the Customer’s request, because it does not constitute Customer Data and is, in the case of Aggregated Data, not personal data.
• Records of communications: typically for 6 years for legal, audit, and dispute purposes.
• Information required to be retained by law: for the period required.

11. Security

We implement appropriate technical and organisational measures to protect personal data, including:

• Encryption of data in transit (TLS) and at rest;
• Access controls, authentication, and least-privilege access;
• Logging, monitoring, and intrusion detection;
• Vendor due diligence and contractual safeguards with Subprocessors;
• Employee training on security and privacy;
• Incident response procedures;
• Regular security reviews and testing.

No system is completely secure. If we become aware of a personal data breach affecting your data, we will notify the Customer (where Fiskl is the Processor) or you directly (where Fiskl is the Controller) and, where required, the relevant supervisory authority, in accordance with applicable law.

12. Children

The Fiskl Platforms are not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided personal data, please contact dpo@fiskl.com and we will take reasonable steps to delete it.

13. Cookies and tracking

We use cookies and similar technologies on fiskl.com and in the Fiskl Platforms. Our use of cookies, the categories of cookies, and your choices are described in the Cookie Policy at https://fiskl.com/legal/cookie-policy/.

14. Marketing communications

You may opt out of marketing emails using the unsubscribe link in any marketing email or by emailing privacy@fiskl.com. Service communications (security alerts, billing, account notifications) are not marketing and continue to be sent regardless of marketing opt-out, while you have an account.

15. Atlas-specific privacy notes

Atlas firms are themselves Customers of Fiskl. The Atlas Terms Supplement and the DPA describe additional aspects of how data flows in Atlas, including:

• Atlas firm access to clients’ Customer Data based on the billing model and connection level;
• Default protections for Customer Data of clients managed under Atlas firm relationships in respect of AI training and Data Products;
• Atlas firm controls and disclosure obligations to their clients;
• Ownership transfer of accounts when an Atlas firm relationship ends.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes take effect 30 days after we post notice (typically by email and in-app). Non-material changes (clarifications, corrections, structural updates) take effect on posting. Continued use of the Fiskl Platforms after the effective date constitutes acceptance.

The current version is always available at https://fiskl.com/legal/privacy-policy/.

17. Jurisdiction-specific notices

This section provides supplementary notices for selected jurisdictions. Where there is conflict between this section and the general provisions of this Privacy Policy, the more protective provision applies.

17.1 United States — California (CCPA / CPRA)

Categories of personal information collected in the past 12 months. Identifiers (name, email, IP address); commercial information (subscription, billing); internet/network activity (logs, usage data); geolocation (approximate, from IP); professional or employment-related information (business name, role); inferences (categorisations); financial information (transaction data submitted by Customers); sensitive personal information limited to login credentials and account access information.

Sources are described in section 2 and purposes in section 3.

Disclosures. We disclose personal information to Subprocessors as service providers (section 6.1). We do not “sell” personal information for monetary consideration. We do “share” personal information for cross-context behavioural advertising in limited circumstances on our marketing site (fiskl.com), and you may opt out via the cookie preference centre.

Sensitive personal information. We use sensitive personal information only as needed to provide the Fiskl Platforms or as required by law, and we do not use it for inferring characteristics about you.

Authorized agents. California residents may use an authorised agent to submit requests, with verification.

17.2 European Economic Area and United Kingdom (GDPR)

The lead supervisory authority is the UK ICO. Where you are an EEA data subject, the GDPR applies and you may exercise rights with the supervisory authority of your country of residence.

17.3 Brazil (LGPD)

Fiskl’s representative for LGPD purposes can be contacted at dpo@fiskl.com. Data subjects may exercise rights under LGPD Article 18 by contacting us. ANPD is the data protection authority.

17.4 Canada (PIPEDA, Quebec Law 25)

Fiskl complies with PIPEDA and applicable provincial laws. For Quebec residents, Fiskl appoints a person responsible for the protection of personal information, contactable at dpo@fiskl.com. Quebec residents have rights under Law 25 including data portability and a right to know about automated decision-making.

17.5 Australia and New Zealand

Fiskl complies with the Australian Privacy Principles (APPs) and the New Zealand Privacy Act 2020. Complaints may be made directly to us or to the OAIC (Australia) or the Office of the Privacy Commissioner (New Zealand).

17.6 Singapore (PDPA)

Fiskl complies with the Singapore Personal Data Protection Act. Our DPO is contactable at dpo@fiskl.com.

17.7 South Africa (POPIA)

Fiskl complies with POPIA. The Information Regulator is the relevant authority. Operator obligations apply where Fiskl processes personal information on behalf of a Customer (Responsible Party).

17.8 United Arab Emirates (Federal PDPL, DIFC, ADGM)

Fiskl complies with the UAE Federal PDPL and, where the Customer is established in DIFC or ADGM, the relevant DIFC Data Protection Law or ADGM Data Protection Regulations. Banking integration data sourced through WIO Bank is subject to UAE banking regulator residency requirements.

17.9 India (DPDP Act)

Fiskl complies with the Digital Personal Data Protection Act 2023. Indian residents may exercise rights including the right to access, correction, erasure, grievance redressal, and to nominate another individual to exercise rights in the event of death or incapacity.

17.10 Other jurisdictions

For all other jurisdictions, applicable national or regional law governs and we comply with it. If you are unsure how this Privacy Policy applies to you, contact dpo@fiskl.com.

18. Contacting Fiskl about privacy

Postal address: Fiskl Limited, 6A Thirlmere Road, London, N10 2DN, United Kingdom

Effective: 15 March 2026

The post Privacy Policy first appeared on Fiskl.

This DPA is designed to satisfy: – Article 28 of the UK GDPR; – Article 28 of the EU GDPR; – equivalent processor-engagement requirements under other applicable data protection laws (LGPD, PIPEDA, POPIA, PDPA, UAE PDPL, Swiss FADP, and others as applicable).

Cross-border transfers are addressed in Section 7 and in Annex IV (EU SCCs and UK IDTA).

If you are a Customer that requires a counter-signed DPA for your records, request one at dpo@fiskl.com. The signed copy will mirror this published version.

1. Definitions

Definitions in the Customer Terms of Service apply to this DPA. The following additional definitions apply:

“Applicable Data Protection Law” means each law governing the processing of personal data that applies to a Party, including UK GDPR, EU GDPR, the UK Data Protection Act 2018, US state privacy laws, LGPD, PIPEDA, POPIA, PDPA, UAE PDPL, and equivalents.

“Controller”, “Processor”, “Data Subject”, “Personal Data”, “Processing”, “Special Categories of Personal Data” have the meanings given in UK GDPR / EU GDPR and equivalents.

“Customer Personal Data” means Personal Data within Customer Data, processed by Fiskl as Processor on behalf of the Customer.

“EU SCCs” means the Standard Contractual Clauses approved by European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, in their then-current form.

“UK IDTA” means the UK International Data Transfer Agreement and the UK Addendum to the EU SCCs, issued by the UK Information Commissioner’s Office under section 119A of the UK Data Protection Act 2018.

“Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control with another entity, where “control” means ownership of more than 50% of voting interests or equivalent power to direct management.

“Controller Affiliate” means an Affiliate of the Customer that (a) is subject to Applicable Data Protection Law of the EEA, the UK, or Switzerland, (b) is permitted to use the Fiskl Platforms under the Agreement between the Customer and Fiskl, (c) has not signed its own Order Form and is not itself a “Customer” under the Agreement, and (d) is the Controller of Customer Personal Data processed by Fiskl.

“Fiskl Group” means Fiskl Limited and its Affiliates engaged in the Processing of Customer Personal Data.

“Sub-processor” means a third party engaged by Fiskl or any member of the Fiskl Group to process Customer Personal Data, as listed at https://fiskl.com/legal/fiskl-subprocessors/.

“Personal Data Breach” has the meaning given in UK GDPR / EU GDPR Article 4(12).

“Restricted Transfer” means a transfer of Personal Data from a jurisdiction whose laws restrict cross-border transfers to a country that does not benefit from an adequacy decision or equivalent recognition.

2. Roles and scope

2.1 Roles

For Customer Personal Data processed under the Agreement: – the Customer is the Controller (or, where the Customer itself is a processor for a third-party controller, the Customer is the Processor and Fiskl is the Sub-processor); – Fiskl is the Processor, processing Customer Personal Data only on the Customer’s documented instructions.

2.2 Other Information

This DPA does not apply to Personal Data for which Fiskl is the Controller (such as Account information of the Customer’s representatives, Usage data, and Aggregated Data), which is governed by the Privacy Policy.

2.3 Scope of processing

The subject matter, duration, nature, purpose, and categories of processing are described in Annex I.

2.4 Customer instructions

The Agreement, this DPA, and the Customer’s use of the Fiskl Platforms constitute the Customer’s documented instructions to Fiskl. Additional instructions may be given in writing (including by email to dpo@fiskl.com). Fiskl will inform the Customer if, in Fiskl’s reasonable opinion, an instruction infringes Applicable Data Protection Law, and may suspend the relevant processing pending resolution.

2.5 Controller Affiliates

By executing or accepting this DPA, the Customer enters into this DPA on behalf of itself and, to the extent required under Applicable Data Protection Law, on behalf of its Controller Affiliates. This establishes a separate DPA between Fiskl and each Controller Affiliate, on the same terms as this DPA. Each Controller Affiliate is bound by the obligations of this DPA but is not a party to the Agreement except through this DPA.

The Customer that is the contracting party to the Agreement is responsible for coordinating all communication with Fiskl under this DPA on behalf of its Controller Affiliates. Where Applicable Data Protection Law requires a Controller Affiliate to exercise rights or seek remedies directly, the Controller Affiliate may do so against Fiskl. In all other cases, the Customer exercises rights and remedies in a combined manner for all of its Controller Affiliates.

Where the Customer (or a Controller Affiliate) carries out an audit under Section 8.2, the Customer must combine, where reasonably possible, audit requests on behalf of multiple Controller Affiliates into a single audit to limit operational impact on Fiskl.

2.6 Fiskl Platforms security non-degradation

Fiskl will not materially decrease the overall security of the Fiskl Platforms during a Subscription term. Where Fiskl makes a change that affects the technical and organisational measures in Annex II, it will make available to Customers updated information about those measures.

3. Fiskl obligations

Fiskl will:

• process Customer Personal Data only on the Customer’s documented instructions, including with regard to international transfers, except where required by law (in which case Fiskl will inform the Customer of that legal requirement before processing, unless prohibited);
• ensure that personnel authorised to process Customer Personal Data are bound by confidentiality obligations or are under appropriate statutory obligations of confidentiality;
• implement and maintain the technical and organisational measures set out in Annex II;
• engage Sub-processors only as permitted under Section 6;
• taking into account the nature of the processing, assist the Customer by appropriate technical and organisational measures, insofar as possible, in fulfilling the Customer’s obligations to respond to Data Subject requests;
• assist the Customer in ensuring compliance with the obligations under UK GDPR / EU GDPR Articles 32 to 36 (security, breach notification, data protection impact assessment, prior consultation), taking into account the nature of processing and the information available to Fiskl;
• at the Customer’s choice, delete or return Customer Personal Data after the end of the provision of the Fiskl Platforms relating to processing, and delete existing copies, unless Applicable Data Protection Law requires storage;
• make available to the Customer the information necessary to demonstrate compliance with the obligations in Article 28 GDPR and equivalents, and contribute to audits as set out in Section 8.

4. Customer obligations

The Customer:

• is solely responsible for the accuracy, quality, and legality of Customer Personal Data and for the means by which it acquired and submitted it to the Fiskl Platforms;
• warrants that it has all necessary rights, lawful bases, and (where required) consents to instruct Fiskl to process Customer Personal Data;
• is responsible for providing required notices to its Data Subjects (including its customers, vendors, employees, and contractors whose data is included in Customer Personal Data) in accordance with Applicable Data Protection Law;
• is responsible for the legal basis for Fiskl’s processing of Customer Personal Data for AI training and Data Products, where the Customer has not opted out under section 8.6 of the Customer Terms of Service. The Customer warrants that it is appropriate to invoke a legitimate interests basis (or other lawful basis) for that processing in respect of its Data Subjects.

5. Special categories of Personal Data

• The Customer must not submit Customer Personal Data falling within UK GDPR / EU GDPR Article 9 (Special Categories of Personal Data) to the Fiskl Platforms unless the Customer has obtained explicit consent or has another lawful basis under Article 9, and has notified Fiskl in writing where ongoing processing of Special Categories is contemplated.
• Special Categories of Personal Data are excluded by default from use in AI training and Data Products under section 8.6 of the Customer Terms of Service.
• Where the Customer instructs Fiskl to process criminal-conviction or offence data under Article 10, equivalent restrictions apply.

6. Sub-processors

6.1 General authorisation

The Customer provides general authorisation for Fiskl to engage Sub-processors. The current list is at https://fiskl.com/legal/fiskl-subprocessors/.

6.2 Notification

Fiskl will notify the Customer of any intended addition or replacement of a Sub-processor by updating the Subprocessors page. Customers subscribed to Subprocessor change notifications will receive notice at least 30 days in advance, except in cases of emergency where shorter notice may be required.

6.3 Right to object

The Customer may object to a new Sub-processor on reasonable data protection grounds within the 30-day notice period, by emailing dpo@fiskl.com. The Parties will work in good faith to resolve the objection. If the objection cannot be resolved, the Customer may terminate the affected Subscription on the terms of Section 11 and receive a pro-rata refund of unused fees. Until termination, Fiskl may continue processing using the existing Sub-processor stack.

6.4 Sub-processor terms

Fiskl imposes data protection obligations on Sub-processors that are no less protective than those imposed on Fiskl by this DPA, in particular providing sufficient guarantees to implement appropriate technical and organisational measures.

6.5 Liability for Sub-processors

Fiskl remains liable to the Customer for the performance of Sub-processors’ obligations to the same extent as if Fiskl performed those obligations directly.

7. International data transfers

7.1 General

Fiskl and its Sub-processors may transfer Customer Personal Data internationally as described in Section 7 of the Privacy Policy and in Annex III of this DPA.

7.2 EEA transfers

Where Fiskl transfers Customer Personal Data from the EEA to a country that does not benefit from an EU adequacy decision, the EU SCCs Module 2 (Controller to Processor) or Module 3 (Processor to Sub-processor) are incorporated into this DPA by reference, with the elections set out in Annex IV.

7.3 UK transfers

Where Fiskl transfers Customer Personal Data from the UK to a country not benefiting from a UK adequacy regulation, the UK IDTA, or the UK Addendum to the EU SCCs, is incorporated into this DPA by reference, with the elections set out in Annex IV.

7.4 Swiss transfers

Where Fiskl transfers Customer Personal Data from Switzerland under the FADP, the EU SCCs are incorporated with FDPIC-recognised modifications.

7.5 Other transfers

Where Applicable Data Protection Law of a country other than the UK, EEA, or Switzerland requires a specific cross-border transfer mechanism, the Parties will execute, or be deemed to execute, the relevant standard contractual clauses, model clauses, or equivalent mechanism applicable in that country, using the elections in Annex IV by analogy.

7.6 Supplementary measures

Where required by supervisory authority guidance (such as the European Data Protection Board’s guidance following Schrems II), the Parties acknowledge the technical, organisational, and contractual measures set out in Annex II as supplementary safeguards.

7.7 Banking data residency

Where Customer Personal Data is sourced from a banking integration partner subject to local banking residency obligations (for example, UAE banking data sourced via WIO Bank), Fiskl will preserve the residency of that data in line with applicable banking regulator requirements, even where the Customer is established in a different jurisdiction.

8. Audit

8.1 Information rights

Fiskl will make available to the Customer, on reasonable request, information necessary to demonstrate compliance with this DPA and Article 28 GDPR equivalents, including: – the most recent third-party audit reports of Fiskl’s information security programme (such as SOC 2 Type II, ISO 27001 certification, or equivalent), where available; – responses to reasonable security questionnaires; – summaries of penetration testing results; – the current version of this DPA, the Privacy Policy, and the Subprocessors page.

8.2 Audit rights

Where the information made available under Section 8.1 is insufficient and Applicable Data Protection Law requires an audit right, the Customer (or an independent auditor mandated by the Customer) may conduct an audit. Audits are subject to the following: – not more than once per 12-month period, except where Applicable Data Protection Law requires more frequent audit, or where there has been a Personal Data Breach affecting the Customer; – on at least 30 days’ written notice; – during normal business hours; – at the Customer’s cost (unless the audit identifies a material non-compliance, in which case Fiskl bears the reasonable cost); – subject to confidentiality obligations and minimum disruption to the Fiskl Platforms; – not extending to commercially sensitive information of Fiskl unrelated to the Customer’s data; – the auditor must not be a Fiskl competitor.

8.3 Regulatory cooperation

Fiskl will cooperate with supervisory authorities of competent jurisdiction in the performance of their tasks.

9. Personal Data Breach

9.1 Notification to Customer

Fiskl will notify the Customer of a Personal Data Breach affecting Customer Personal Data without undue delay after becoming aware of it, and in any event within 48 hours where reasonably practicable.

9.2 Information provided

The notification will include, to the extent known: – the nature of the Personal Data Breach; – categories and approximate numbers of Data Subjects and records concerned; – likely consequences; – measures taken or proposed to address the breach and mitigate adverse effects.

9.3 Cooperation

Fiskl will cooperate with the Customer and provide such assistance as the Customer reasonably requests to enable the Customer to meet its own breach-notification obligations to supervisory authorities and Data Subjects.

9.4 Customer notification responsibility

The Customer is responsible for notifying its supervisory authority and affected Data Subjects where required by Applicable Data Protection Law.

10. Data Subject rights

Fiskl will, taking into account the nature of the processing, provide the Customer with:

• functionality in the Fiskl Platforms that allows the Customer to access, rectify, restrict, erase, export, or otherwise act upon Customer Personal Data on instructions from Data Subjects;
• reasonable assistance with Data Subject requests that cannot be fulfilled through Service functionality alone, on terms reflecting the actual cost of assistance;
• prompt forwarding to the Customer of any Data Subject request received directly by Fiskl that should be handled by the Customer as Controller.

11. Term, termination, and return or deletion of data

11.1 Term

This DPA continues for the term of the Agreement and survives termination to the extent processing of Customer Personal Data continues.

11.2 Return or deletion on termination

On termination of the Agreement: – the Customer has 30 days from termination to export Customer Personal Data using the export tools provided in the Fiskl Platforms; – after this period, Fiskl will delete Customer Personal Data, unless Applicable Data Protection Law requires retention or unless the Atlas Terms Supplement provides for transfer of an Atlas-managed Customer’s Account ownership to the Customer; – at the Customer’s written request, Fiskl will provide a written certification of deletion confirming that Customer Personal Data has been deleted from production systems in accordance with this DPA. The certification will identify any data retained under legal-retention obligations and the period of such retention; – Aggregated Data and AI models trained using Customer Personal Data prior to termination are governed by section 8.7 of the Customer Terms of Service and are not subject to the deletion obligation in this section.

11.3 Survival

Sections concerning confidentiality, sub-processor liability, audit, breach handling for breaches that occurred prior to termination, and these termination provisions survive.

12. Liability and indemnities

The Parties’ liability under this DPA is subject to the limitations set out in the Customer Terms of Service. Nothing in this DPA limits or excludes either Party’s liability where Applicable Data Protection Law prohibits such limitation or exclusion.

13. Conflict and precedence

In the event of conflict between this DPA, the Customer Terms of Service, the Atlas Terms Supplement (where applicable), and an Order Form, the order of precedence is as set out in section 17.1 of the Customer Terms of Service. For matters concerning processing of Personal Data, this DPA prevails over inconsistent provisions in the Customer Terms of Service or the Atlas Terms Supplement, except where those instruments grant stronger protection to Data Subjects.

In the event of conflict between this DPA and the EU SCCs / UK IDTA where they apply, the EU SCCs / UK IDTA prevail.

14. Governing law and jurisdiction

The governing law and jurisdiction of this DPA are as set out in section 16 of the Customer Terms of Service, except that: – the EU SCCs are governed by the law of an EU Member State chosen in Annex IV; – the UK IDTA is governed by the laws of England and Wales.

Annex I — Description of processing

Annex I.A — Parties

Where the Customer is an Atlas firm acting on behalf of its end clients (and the end client is the Controller), the Atlas firm acts as Processor and Fiskl acts as Sub-processor in respect of that end client’s Customer Personal Data.

Annex I.B — Description of processing

Subject matter: Provision of the Fiskl Platforms to the Customer.

Duration: The term of the Agreement and the deletion period set out in Section 11.

Nature and purpose of processing: – Hosting and operating the Fiskl Platforms for the Customer; – Providing invoicing, expense management, banking integration, accounting, financial reporting, AI features (Fi), team management, integrations, and related functionality; – Providing the Atlas accountant portal where applicable; – Communicating with the Customer about the Fiskl Platforms; – Detecting and preventing fraud, abuse, and security incidents; – Complying with law.

Categories of Data Subjects: – Authorized Users of the Customer (employees, contractors, accountants, other invitees); – The Customer’s customers, clients, and end-users (information about whom appears in invoices, transactions, and account records); – The Customer’s vendors, suppliers, and other counterparties; – The Customer’s employees, contractors, and other personnel (including for time and mileage records); – Where applicable, the Customer’s Atlas firm contacts and clients.

Categories of Personal Data: – Identity and contact data (name, email, phone, address, business name); – Financial and transaction data (transactions, invoice amounts, payments, banking metadata); – Tax and registration identifiers (tax IDs, business registration numbers); – User account data (login credentials, role, permissions, MFA configuration — Atlas only); – Communications (support requests, AI conversation inputs and outputs, emails); – Usage and device data; – Documents and attachments uploaded by the Customer.

Special Categories of Personal Data: Not knowingly processed. The Customer is responsible for not submitting Special Categories without notifying Fiskl and ensuring a lawful basis under Article 9 (see Section 5).

Frequency of transfer: Continuous, for the term of the Agreement.

Annex I.C — Competent supervisory authority

For EEA matters, the supervisory authority of the EEA Member State in which the Customer (as Data Exporter) is established. For UK matters, the UK Information Commissioner’s Office. For other jurisdictions, the supervisory authority listed in section 9 of the Privacy Policy.

Annex II — Technical and Organisational Measures (TOMs)

Fiskl implements and maintains the technical and organisational measures set out below, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing. Specific configurations evolve with the state of the art; current configurations are confirmed in the Trust Center and on request to trust@fiskl.com.

1. Encryption and key management

• Data in transit: TLS 1.3 (with TLS 1.2 only as a deprecated fallback to legacy clients where unavoidable);
• Data at rest: AES-256 across cloud infrastructure (production database, object storage, backups);
• Key management: AWS Key Management Service (AWS KMS), with managed customer master keys, automatic key rotation in line with AWS KMS best practice, and access-controlled use within the production environment;
• Backups: encrypted at rest using the same standards.

2. Identity, authentication, and access control

• Multi-factor authentication (MFA) is required for all users with access to the Fiskl Platforms or to Fiskl’s production environment, including:
  • Atlas Firm Users (delivered through AWS Cognito);
  • Customer administrators on standard Fiskl accounts;
  • Authorized Users where MFA is enabled by the Customer;
  • Fiskl personnel accessing engineering, production, and administrative systems.
• Password policy (Fiskl personnel and Customer-administrator accounts where applicable):
  • minimum length of 32 characters;
  • rotation cadence not exceeding 90 days for credentials with access to production systems;
  • prohibition on password reuse and common-password lists;
  • secret-management infrastructure for production credentials.
• Role-based access control (RBAC) within the Fiskl Platforms, with permissions granted on the principle of least privilege.
• Access reviews: conducted quarterly; signed off by the Chief Technology Officer (or successor role) and recorded in Fiskl’s ISMS records.
• Production access is restricted to authorised personnel under documented procedures, with named-user logging and segregation between development, staging, and production environments.

3. Confidentiality, integrity, availability, resilience

• Multi-region cloud infrastructure on Amazon Web Services (primary) and Google Cloud (where applicable);
• Logical separation between Customers and between Customer environments;
• Industry-standard architecture for confidentiality, integrity, and availability of Customer Personal Data;
• Disaster recovery and business continuity plans documented and reviewed periodically, with restoration procedures tested.

4. Backups

Fiskl operates a three-tier backup architecture for Customer Personal Data:

• Tier 1 — Multi-region replication. Live replication across multiple AWS regions and instances, providing continuity in the event of a region-level failure;
• Tier 2 — Daily snapshots. At-least-daily point-in-time snapshots of production data, retained in line with Fiskl’s recovery objectives;
• Tier 3 — Long-term cold archival. Backups copied to AWS Glacier (or equivalent cold-storage tier) for longer-term retention and resilience against operational data loss.

All backups are encrypted at rest using the same standards as the production environment, protected by the same access controls, and restoration procedures are tested periodically. Backup management uses AWS-native mechanisms with the access and audit logging set out in Section 6.

5. Network and application security

• DDoS protection, web application firewall, and bot protection delivered through Cloudflare;
• Penetration testing conducted by an independent third party at least annually, with material findings remediated under a documented schedule;
• Vulnerability scanning of the application, dependencies, and infrastructure on a monthly automated cadence, supplemented by the annual independent third-party penetration test referenced above;
• Secure development lifecycle (SDLC) including code review, dependency scanning, security testing in CI, and pre-release security review.

6. Logging and monitoring

• Application access logs and security-relevant audit logs are retained for at least 90 days, with longer retention for specific categories of logs as required by law or by Fiskl’s internal investigation and audit needs;
• Cloud-environment access and administrative actions are logged through cloud-provider audit mechanisms (AWS CloudTrail and equivalents);
• Continuous monitoring with alerting on anomalous activity, with documented triage procedures.

7. Personnel

• Background checks where lawful in the relevant jurisdiction;
• Confidentiality obligations in employment and contractor contracts;
• Mandatory information-security and data-protection training, refreshed at least annually;
• Defined onboarding and offboarding procedures, including timely revocation of access on departure.

8. Sub-processor management

• Documented vendor due diligence prior to engagement;
• Written data-protection terms with each Sub-processor;
• Periodic review of Sub-processors;
• Current list at https://fiskl.com/legal/fiskl-subprocessors/.

9. Incident detection and response

• Monitoring and alerting on production systems;
• Documented incident response plan covering detection, triage, containment, eradication, recovery, and post-incident review;
• Personal Data Breach notification procedures aligned with Section 9 of this DPA.

10. AI processing measures

• AI Providers contractually prohibited from training their general-purpose models on Customer Personal Data;
• AI Providers contractually prohibited from retaining Customer Personal Data beyond the period necessary to deliver the contracted service;
• Special Categories of Personal Data excluded by default from AI training and Data Products;
• Customer opt-out available where required by Applicable Data Protection Law (or via dpo@fiskl.com pending in-Service control deployment).

11. Audit and compliance

• Periodic internal compliance reviews and risk assessments;
• SOC 2 Type II: targeted by end of Q4 2026, available to qualifying customers under non-disclosure once issued;
• ISO 27001: pursued in parallel;
• Other third-party attestations available on request as obtained.

12. Data minimisation and retention

• Customer Personal Data is retained only for the period necessary to provide the Fiskl Platforms or as required by law;
• Customer-controlled retention configuration is available within the Fiskl Platforms for certain data categories;
• Aggregated Data is not Customer Personal Data and is governed by section 4.5 of the Customer Terms of Service.

Annex III — Sub-processors

Annex III is incorporated by reference from the Subprocessors page, which is the authoritative current list:

https://fiskl.com/legal/fiskl-subprocessors/

The Subprocessors page sets out the name, processing activities, location, and any relevant data residency notes for each Sub-processor.

Annex IV — EU SCCs and UK IDTA elections

This Annex sets out the elections required under the EU SCCs and UK IDTA where they apply to Restricted Transfers under this DPA.

Annex IV.A — EU SCCs Module elections

Annex IV.B — UK IDTA / UK Addendum elections

The UK Addendum to the EU SCCs is used. Tables of the Addendum are completed as follows:

Annex IV.C — Other jurisdictions

For Restricted Transfers governed by Applicable Data Protection Law of jurisdictions other than the EEA, UK, and Switzerland, the Parties will execute, or are deemed to have executed, the standard contractual clauses, model clauses, or equivalent mechanism applicable in the source jurisdiction, with the elections in this Annex IV applied by analogy.

Signature (where a counter-signed copy is required)

Where a Customer requires a counter-signed copy of this DPA, Fiskl will provide one on request. The counter-signed copy mirrors the published version effective on the date of signature.

For Fiskl Limited:
Name: ___________________________

Title: ___________________________

Date: ___________________________

Signature: ___________________________

For the Customer:

Name: ___________________________

Title: ___________________________

Customer Entity: ___________________________

Date: ___________________________

Signature: ___________________________

Effective: 15 March 2026

The post Data Processing Addendum (DPA) first appeared on Fiskl.

In the event of conflict between this Supplement and the Customer Terms of Service in respect of a category covered by this Supplement, this Supplement prevails, except where the Customer Terms of Service or applicable mandatory law grants stronger protection to you.

Defined terms in the Customer Terms of Service apply here unless otherwise stated.

1. Sole Traders and Other Customers Who Are Consumers

1.1 Who this section applies to

This section applies if you qualify as a consumer under the law of your jurisdiction. Examples:

• United Kingdom — a consumer under the Consumer Rights Act 2015 (typically a sole trader acting wholly or mainly outside their business);
• European Economic Area — a consumer under EU consumer protection law (Directive 2011/83/EU and equivalents);
• United States, Canada, Australia, and other jurisdictions — equivalent consumer-protection regimes.

If you are a registered company, partnership, or other organisation acting in the course of business, you do not qualify as a consumer under this section.

1.2 Consumer rights preserved

Nothing in the Customer Terms of Service, this Supplement, the Acceptable Use Policy, the Atlas Terms Supplement, or any Order Form excludes, restricts, or modifies any consumer right that cannot be excluded, restricted, or modified by contract under applicable mandatory law.

In particular:

• UK consumers retain rights under the Consumer Rights Act 2015 (services to be performed with reasonable care and skill, supplied within a reasonable time, and at a reasonable price), the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (right of withdrawal where applicable), and other consumer-protection law.
• EU/EEA consumers retain rights under the Consumer Rights Directive, the Unfair Contract Terms Directive, and equivalent national law.
• Other consumer regimes retain whatever statutory rights apply.

1.3 Cooling-off / right of withdrawal

Where the law of your jurisdiction grants a cooling-off or right of withdrawal in respect of distance contracts for digital content or services, and where that right has not been waived by you (where waiver is permitted), you may exercise that right by contacting support@fiskl.com within the applicable period. Refunds for any amount you have paid are processed in line with the applicable law.

1.4 Consumer disputes

Where you are a consumer in the UK, EEA, or another jurisdiction whose mandatory law grants you the right to bring proceedings in your local courts, that right is preserved. The English-law / English-courts provisions in section 16 of the Customer Terms of Service apply where compatible with that mandatory law.

2. Regulated Professionals

2.1 Who this section applies to

This section applies if you are an accountant, bookkeeper, lawyer, financial adviser, tax adviser, auditor, healthcare provider, or other regulated professional using the Fiskl Platforms in the course of your professional practice. It also applies to professional firms employing such professionals.

2.2 Your professional obligations

Your use of the Fiskl Platforms must comply with the rules of your professional regulator, including:

• accountancy bodies (such as ICAEW, ACCA, AICPA, CPA Australia, CPA Canada, CA ANZ, SAICA, IFAC member bodies);
• legal regulators (such as the SRA, BSB, equivalent state bar associations, Law Society of England and Wales, and equivalents);
• financial-services regulators (such as the FCA, SEC, FINRA, ASIC, MAS, and equivalents — to the extent your activity is regulated by them);
• healthcare regulators (such as the GMC, GDC, NMC, state medical boards, CQC, HCPC, and equivalents);
• tax-adviser regulation (such as HMRC standards, Circular 230 in the United States, and equivalents).

2.3 Confidentiality and your clients

You acknowledge that the Fiskl Platforms are a tool you choose to use in your professional practice. Your duties of confidentiality, conflict-of-interest avoidance, professional secrecy, and fiduciary care toward your own clients are matters between you and your clients. Fiskl does not become a party to your professional engagement.

2.4 No reliance on Fi for professional advice

Fi outputs and other AI-generated content in the Fiskl Platforms are tools to support your work. They are not substitutes for your own professional judgement, training, qualifications, and verification, and they are not regulated advice in any jurisdiction. You must apply your own professional skill and care to all outputs of the Fiskl Platforms before using them for, or communicating them to, your clients.

2.5 Atlas Firm overlap

If you are an accountancy or bookkeeping firm using Atlas, the Atlas Terms Supplement applies to your Atlas-specific activities. This Supplement applies in addition.

3. Healthcare Providers and Customers Processing Health Data

3.1 Who this section applies to

This section applies if you are:

• a healthcare provider (medical practice, dental practice, mental-health practitioner, allied-health practitioner, veterinary practice, hospital, clinic, pharmacy, or equivalent);
• a healthcare-adjacent business (medical-billing service, healthcare administrator, practice manager, or equivalent);
• any other Customer that may submit information about identifiable health-status, treatment, or diagnosis of natural persons through the Fiskl Platforms (including in invoices, customer records, customer notes, expense records, or attachments).

3.2 Fiskl is not a Business Associate and the Fiskl Platforms are not HIPAA-compliant

You acknowledge and agree that:

• Fiskl is not a “Business Associate” as defined in the United States Health Insurance Portability and Accountability Act (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and related regulations;
• Fiskl does not offer, and will not enter into, a Business Associate Agreement (BAA) for use of the Fiskl Platforms;
• the Fiskl Platforms are not designed, configured, or certified for the storage, transmission, or processing of “Protected Health Information” (“PHI”) as defined in HIPAA;
• the Fiskl Platforms are similarly not certified or configured for compliance with the equivalent health-data regimes in other jurisdictions, including (without limitation):
• UK / EEA — Article 9 of UK GDPR / EU GDPR (data concerning health), the UK Data Protection Act 2018 health-data provisions, and the NHS Data Security and Protection Toolkit;
• Canada — provincial Personal Health Information Protection Acts (PHIPA in Ontario, equivalents in other provinces);
• Australia — the Privacy Act 1988 (Cth) health-information provisions and the My Health Records Act 2012;
• New Zealand — the Health Information Privacy Code 2020;
• California — the Confidentiality of Medical Information Act (CMIA);
• South Africa — POPIA’s special-personal-information provisions;
• and equivalent regimes elsewhere.

3.3 Your obligation: do not submit PHI or equivalent health data

You must not submit PHI or equivalent health data to the Fiskl Platforms, whether intentionally or inadvertently, including in:

• invoice line-item descriptions or notes;
• customer (patient) records and customer notes fields;
• expense records or attachments;
• bills, receipts, or transaction memos;
• documents or attachments uploaded to the Fiskl Platforms;
• inputs to Fi (including conversational queries that reference patient health information);
• product/service catalogue descriptions;
• email content sent through the Fiskl Platforms.

If you must record health-related information for legitimate business reasons, use generic, non-identifying descriptors (“Consultation”, “Treatment”, “Procedure code A123” — without the patient’s identity in the same record), and rely on a separate HIPAA-compliant or equivalent practice-management or electronic-health-record system to store the identifiable clinical details.

3.4 Customer responsibility for PHI that does enter the Fiskl Platforms

If PHI or equivalent health data is submitted to the Fiskl Platforms in breach of section 3.3:

• you remain the Controller of that data under applicable data protection law;
• Fiskl is not a Business Associate, joint Controller, or joint Processor in respect of that data;
• you are solely responsible for any consequences of the breach, including notification to data subjects, supervisory authorities, the Office for Civil Rights (HHS) under HIPAA, the ICO under UK GDPR, and equivalent authorities;
• you will indemnify Fiskl against any claim, fine, or loss arising from PHI submitted in breach of section 3.3 (this is in addition to your indemnity under section 14.3 of the Customer Terms of Service);
• Fiskl may, at its sole discretion, suspend or terminate your access if PHI is submitted to the Fiskl Platforms after Fiskl has notified you to stop, on the basis of section 12.3 and 12.5 of the Customer Terms of Service.

3.5 Cooperation with deletion of inadvertent PHI

If Fiskl identifies PHI within Customer Data and notifies you, you will promptly remove or anonymise the PHI. Fiskl is not obliged to identify or remove PHI on your behalf, but may remove obviously-identified PHI in response to a complaint or as required by law.

3.6 No medical, clinical, or health-services advice

Fi outputs and other Service outputs are not, and must not be relied on as, medical, clinical, diagnostic, prognostic, treatment-related, or other healthcare advice. Healthcare decisions for your patients are the sole responsibility of you as the qualified healthcare provider.

4. Customers Processing Other Sensitive Data — Cross-Industry, Cross-Jurisdiction

4.1 Why this section exists

Fiskl serves Customers in over 200 countries across many industries. Customers may submit, intentionally or inadvertently, sensitive data of natural persons through the Fiskl Platforms — for example, in invoice descriptions, customer record fields, customer notes, expense memos, attachments, transaction memos, product/service catalogue descriptions, or inputs to Fi.

Section 3 deals specifically with Healthcare Providers and health data. This section deals with all other categories of sensitive data, which carry similar legal exposure under data-protection, sectoral, and country-specific regimes around the world.

4.2 What “sensitive data” means in this section

For the purpose of this section, sensitive data includes any of the following submitted to the Fiskl Platforms:

• Special categories of personal data — including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data used for unique identification, sex life, sexual orientation, and (as covered separately in section 3) data concerning health (UK GDPR / EU GDPR Article 9, equivalents in LGPD, POPIA, PIPEDA, APP, PDPA, UAE PDPL, India DPDP, and other regimes);
• Personal data of children — typically under 16 in the UK / EEA, under 13 in the United States under COPPA, and equivalent age thresholds in other jurisdictions;
• Criminal-conviction and offence data — including criminal records, regulatory infringements, and proceedings (UK GDPR / EU GDPR Article 10, equivalents);
• Legal-privilege material — attorney-client privileged communications, work-product, and confidences governed by professional secrecy rules in your jurisdiction;
• Country-specific sensitive identifiers and categories — including (without limitation) Singapore NRIC numbers, US Social Security numbers, UK National Insurance numbers, EU national identification numbers, India Aadhaar numbers, South African ID numbers, Brazilian CPF numbers, China sensitive personal information under PIPL, and equivalent identifiers and special categories elsewhere;
• Sensitive financial information beyond what is necessary for invoicing and accounting — including full credit-card numbers, online banking credentials, full bank account numbers (beyond standard bank-feed metadata), tax-authority access credentials, and equivalent;
• Industry-specific sensitive data — examples by industry:
• Legal practice — client confidential communications, matter-related strategic information, settlement terms;
• Financial advisory — client investment portfolios, trading strategies, regulator-confidential information;
• Recruiting and HR consultancy — candidate background-check data, employee disciplinary records, references containing sensitive opinions;
• Education and tutoring — pupil records and parental information;
• Beauty, wellness, fitness, and personal-care — client physical condition, body metrics, lifestyle information that approaches health-data territory;
• Insurance — claims data, underwriting information, beneficiary information;
• Religious, charitable, and not-for-profit — beneficiary information that reveals religious or political affiliation;
• Media, journalism, and human-rights — source identities, whistle-blower information, materials covered by source-protection regimes;
• Other — any other industry-specific category of sensitive data subject to enhanced legal protection.

4.3 Fiskl is not certified or designed for processing sensitive data

You acknowledge and agree that:

• the Fiskl Platforms are not designed, configured, or certified for the storage, transmission, or processing of sensitive data as defined in section 4.2;
• Fiskl does not enter into category-specific compliance agreements (such as health-data Business Associate Agreements as covered in section 3, or other category-specific addenda for the data types in section 4.2) for use of the Fiskl Platforms;
• Fiskl is not certified or accredited for any sectoral data-handling regime that may apply to your industry (for example, legal-sector confidentiality protocols, financial-sector regulator-confidential data regimes, or equivalents);
• the security and confidentiality measures Fiskl applies to Customer Data are appropriate for accounting and financial-management purposes, but are not represented as sufficient to meet the heightened obligations that may apply to sensitive data in your jurisdiction or industry.

4.4 Your obligations

You must:

• not submit sensitive data to the Fiskl Platforms unless strictly necessary for legitimate business purposes that fall within the intended use of the Fiskl Platforms (an accounting and financial-management platform);
• where submission is unavoidable, minimise the data — use generic, non-identifying descriptors (e.g. “Consultation” rather than “[Diagnosis] consultation”; “Client A” rather than the client’s full identity coupled with sensitive descriptors); separate sensitive identifiers from sensitive descriptors where possible; and rely on a separate, sectorally-compliant primary system (an EHR, case management system, secure portfolio management system, etc.) for the identifiable sensitive material;
• ensure your submission has a lawful basis under the data-protection law of each affected jurisdiction (legitimate interests, explicit consent, contractual necessity, or other applicable basis), and that you have provided required notices to the relevant data subjects;
• comply with all sectoral and country-specific obligations that apply to you, including professional rules of conduct, mandatory data-residency rules, and any regulator-specific requirements;
• not submit children’s personal data to the Fiskl Platforms except for the strict purpose of recording an identifiable customer record where the child’s parent or guardian is the underlying customer (and only with appropriate parental authority);
• not submit criminal-conviction data to the Fiskl Platforms except where strictly necessary and lawful in your jurisdiction.

4.5 Customer responsibility for sensitive data that does enter the Fiskl Platforms

If sensitive data is submitted to the Fiskl Platforms in breach of section 4.4, or if you choose to submit sensitive data despite Fiskl’s lack of certification:

• you remain the Controller of that data under applicable data-protection law (and the corresponding role under sectoral regimes);
• Fiskl is not a joint Controller, joint Processor, or specially-positioned party in respect of that data, and Fiskl does not assume any sectoral obligations that may attach to the data;
• you are solely responsible for any consequences of the submission, including notifying data subjects, supervisory authorities, sector regulators, and equivalent parties as required by law;
• you will indemnify Fiskl, the Fiskl Group, and Fiskl’s Sub-processors against any claim, fine, regulatory penalty, professional liability, or other loss arising from sensitive data submitted in breach of section 4.4 (this is in addition to your indemnity under section 14.3 of the Customer Terms of Service and section 3.4 of this Supplement);
• Fiskl may, at its sole discretion and without incurring liability, suspend or terminate your access if sensitive data continues to be submitted to the Fiskl Platforms after Fiskl has notified you to stop, on the basis of section 12.3 and 12.5 of the Customer Terms of Service.

4.6 Cooperation with deletion of inadvertent sensitive data

If Fiskl identifies sensitive data within Customer Data and notifies you, you will promptly remove or anonymise the sensitive data. Fiskl is not obliged to identify or remove sensitive data on your behalf, but may remove obviously identified sensitive data in response to a complaint, regulatory inquiry, or as required by law.

4.7 No sectoral or specialist advice

Fi outputs and other Service outputs are not, and must not be relied on as, legal, regulatory, sectoral, professional, or specialist advice in any category covered by this section. You remain solely responsible for compliance with the law and standards applicable to your industry, your data, and your jurisdiction.

4.8 Relationship with section 3 (Healthcare)

Section 3 is the more specific and detailed treatment for health data. Where you process both health data and other sensitive data (for example, a wellness practitioner who processes both health information and client physical-condition information), section 3 governs the health-data aspects and this section 4 governs the rest.

5. Patent Assertion Entities

5.1 Definition

A “Patent Assertion Entity” (sometimes called a “non-practising entity” or “patent troll”) is:

• any entity that derives or seeks to derive a substantial portion of its revenue from the offensive assertion of patent rights, rather than from the manufacture or sale of goods or the provision of services that practise the patent; or
• any entity that directly or indirectly controls, is controlled by, or is under common control with an entity described in (a).

5.2 Prohibition

You agree that if you are a Patent Assertion Entity, or are acting on behalf of, or for the benefit of, a Patent Assertion Entity:

• you must not use the Fiskl Platforms;
• you will not assert, or authorise, assist, encourage, or enable any third party to assert, any claim, or pursue any actions, suits, proceedings, or demands, against Fiskl, the Fiskl Group, any AI Provider, any banking partner, any payment processor, or any other Sub-processor that allege that the Fiskl Platforms or any feature of it (including Fi or any other AI feature) infringes, misappropriates, or otherwise violates any intellectual property right (including patents).

5.3 Termination right and survival

If Fiskl reasonably determines that you are a Patent Assertion Entity, Fiskl may terminate the Contract immediately under section 12.3 of the Customer Terms of Service. This section 5 survives termination of the Contract.

5.4 Reciprocal protection

You acknowledge that this section is essential consideration for the Fiskl Platforms. The licence to use the Fiskl Platforms are granted on the express condition that you and your Affiliates do not engage in conduct described in section 5.2.

6. Conflict and contact

6.1 Conflict

Where this Supplement conflicts with the Customer Terms of Service or the Atlas Terms Supplement in respect of a category to which it applies, this Supplement prevails. Where it conflicts with mandatory law (including consumer-rights law and data-protection law), mandatory law prevails.

6.2 Contact

Fiskl Limited (and the wider Fiskl Group) 6A Thirlmere Road London, N10 2DN United Kingdom Company number: 0933029

Effective: 15 March 2026

The post Customer Specific Supplement first appeared on Fiskl.

If you are also a Customer in your own right (for example, you hold your own Fiskl Account), the Customer Terms of Service apply to you separately as the Customer of that Account, and these User Terms apply to your use of any other Account to which you are invited as an Authorized User.

These User Terms are part of the Fiskl legal stack and incorporate the Acceptable Use Policy and the Privacy Policy by reference. Defined terms in the Customer Terms of Service apply here unless otherwise stated.

1. Who these User Terms cover

You are an “Authorized User” if a Fiskl Customer has invited you to access their Account. Authorized Users include:

• employees, contractors, and consultants of the Customer;
• accountants, bookkeepers, and other professional advisers acting for the Customer;
• Atlas Firm Users acting on behalf of an Atlas Firm in respect of the Atlas Firm’s clients;
• any other individual the Customer has granted access to, in any role provided by the Fiskl Platforms.

The “Customer” is the organisation, business, or individual whose Account you are accessing. If you do not know who the Customer is, ask the person who invited you.

2. The Customer controls the Account

2.1 Customer ownership of the Account

The Customer (not you) is Fiskl’s contracting party for the Account. The Customer:

• chooses the Subscription tier and pays Fiskl the applicable fees;
• decides who to invite as Authorized Users and what role and permissions each Authorized User holds;
• controls the Customer Data within the Account;
• decides retention, export, and deletion settings;
• can change permissions, suspend, or remove your access at any time.

2.2 Customer Data is the Customer’s

Customer Data submitted to or generated within the Account belongs to the Customer. You may have access to Customer Data only in the role granted to you by the Customer.

2.3 What this means for you

Fiskl provides the Fiskl Platforms to the Customer and follows the Customer’s instructions in respect of the Account. Practical consequences:

• the Customer may export, modify, or delete Customer Data, including data you have submitted in your role;
• the Customer may revoke your access at any time;
• if you believe a Customer is misusing your personal data, raise it with the Customer first; Fiskl will assist the Customer in responding;
• if you have a dispute about Customer Data, your relationship with the Customer governs that dispute.

Fiskl is not responsible for the Customer’s policies, the Customer’s instructions to its Authorized Users, or the Customer’s relationship with you.

2.4 Atlas-specific note

If you are an Atlas Firm User accessing a client’s Account on behalf of the Atlas Firm, your access is also governed by the Atlas Terms Supplement. The Atlas Firm — not the underlying client — directs your access in that case.

3. You must follow the rules

3.1 Eligibility

You must be at least 16 years old. The Fiskl Platforms are intended for use in connection with a business, freelance practice, or professional engagement, not for personal consumer purposes (unless you are a sole trader using the Fiskl Platforms for your own business).

3.2 Account security

You must:

• keep your login credentials secure;
• not share your credentials with another person;
• enable multi-factor authentication where the Fiskl Platforms offers it for your role (and you must use the MFA provided for the Atlas accountant portal where applicable);
• notify Fiskl or the Customer promptly if you suspect unauthorised access to your access credentials.

3.3 Acceptable Use Policy

You must comply with the Acceptable Use Policy. The AUP includes prohibitions on fraudulent use, financial misrepresentation, money laundering and sanctions evasion, abuse of Fi (Fiskl’s conversational AI and orchestration system), abuse of the Fiskl Platforms’s security and integrity, and misuse of the Customer’s Account. Breaches by you may be attributed to the Customer who invited you (see the AUP and the Customer Terms of Service).

3.4 Customer policies

The Customer may have its own policies that apply to your use of the Fiskl Platforms (acceptable use, data classification, retention, IT security, professional conduct). You are responsible for following those policies; Fiskl does not enforce them on the Customer’s behalf.

4. Your data and Fi

4.1 Personal data

The Privacy Policy describes how Fiskl collects and uses information about Authorized Users (including your account information, usage data, and Fi conversation data). Read it at https://fiskl.com/legal/privacy-policy/.

4.2 Customer Data of the Customer

Customer Data within the Account is the Customer’s data, not yours. The Customer is the Controller of that Customer Data; Fiskl is the Processor. The Customer Terms of Service and the Data Processing Addendum (DPA) govern that processing.

4.3 Fi reads Customer Data

Fi accesses Customer Data within the Account to answer questions, run reports, and (where you instruct) perform actions. Fi does not expose your Account’s Customer Data to Authorized Users of other Customers’ Accounts.

4.4 AI training and Data Products

The Customer’s instructions, the Customer’s opt-out choices, and the Customer Terms of Service govern whether Customer Data within the Account is used for AI training and Data Products. As an Authorized User, you do not control these settings; raise the question with the Customer if it matters to you.

4.5 Use of Fi

Fi outputs may contain errors. You must verify Fi outputs before relying on them, especially for filings, payments, regulatory submissions, and material business decisions. Do not treat Fi outputs as legal, tax, audit, or professional accounting advice.

5. Limits of authority

5.1 You don’t bind Fiskl

You have no authority to bind Fiskl, to vary the Customer Terms of Service, to vary the Atlas Terms Supplement, or to make commitments on Fiskl’s behalf.

5.2 You bind the Customer

Within the role and permissions the Customer has granted you, your actions in the Account are deemed to be the Customer’s actions for the purposes of the Contract between Fiskl and the Customer. The Customer is responsible for your activity to the same extent as if the Customer had performed it directly.

6. Limitation of liability (between you and Fiskl)

6.1 No financial liability of you to Fiskl

Other than for breaches of the AUP or for unlawful conduct, you have no financial liability to Fiskl under these User Terms. The Customer is the contracting party for fees and other commercial obligations.

6.2 Fiskl liability cap to you

Subject to section 6.4, Fiskl’s aggregate liability to you under these User Terms in any 12-month period is capped at GBP 100. This is the same cap that applied under the prior User Terms; it reflects the indirect commercial relationship between you and Fiskl through the Customer.

6.3 Excluded losses

Fiskl is not liable to you for indirect, incidental, special, consequential, or punitive damages, or for loss of profits, revenue, or savings, regardless of the legal theory.

6.4 Exclusions from cap

Nothing in this section limits Fiskl’s liability for: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; (c) any other liability that cannot be limited or excluded by law.

6.5 Consumer rights preserved

Where you are a consumer under applicable law in your jurisdiction (for example, sole traders in the UK under the Consumer Rights Act 2015), nothing in this section affects rights that cannot be excluded or limited by contract.

7. Termination of your access

7.1 By the Customer

The Customer may revoke your access at any time, for any reason, without notice to Fiskl.

7.2 By Fiskl

Fiskl may suspend or terminate your access immediately if:

• you breach these User Terms or the AUP;
• your use of the Fiskl Platforms threatens security, system integrity, or the rights of others;
• the Customer’s Subscription is terminated or suspended (in which case all Authorized Users on the Account lose access);
• Fiskl reasonably suspects fraudulent use or financial crime under the AUP.

Where practicable, Fiskl will give notice; in cases involving suspected fraud, security, or unlawful activity, Fiskl may act without prior notice.

7.3 By you

You may stop using the Fiskl Platforms at any time. Contact the Customer to revoke your invitation and access. Fiskl deletes Authorized User-level data within a reasonable period after access ends, subject to retention required by law and the Customer’s account-level retention.

7.4 What survives

Sections that by their nature should survive (including limits on authority, liability provisions, the AUP obligations relating to past conduct, and confidentiality) survive termination of your access.

8. General

8.1 Changes to these User Terms

Fiskl may update these User Terms from time to time on the basis set out in section 11 of the Customer Terms of Service. Material changes are effective 30 days after notice (by email to your account email address or in-Service message). Continued use after the effective date constitutes acceptance.

8.2 Governing law and jurisdiction

These User Terms are governed by the laws of England and Wales, with the courts of England and Wales having exclusive jurisdiction, except that: – where you are a consumer in a jurisdiction whose mandatory law preserves your right to bring proceedings in your local courts, that right is preserved; – where the Customer Terms of Service have been varied by an Order Form between Fiskl and the Customer to provide a different governing law for the Account, that Order Form governs the relationship between you and the Customer (not your relationship with Fiskl, which remains under English law).

8.3 Notices

• Notices to Fiskl: legal@fiskl.com (legal notices) or feedback@fiskl.com (other notices), with copy to Fiskl Limited, 6A Thirlmere Road, London, N10 2DN, United Kingdom.
• Notices to you: by email to the address associated with your Authorized User access, or via the Fiskl Platforms.

8.4 Entire agreement and conflict

These User Terms, the AUP, and the Privacy Policy (together with the Customer Terms of Service and other documents in the Fiskl legal stack to the extent applicable to you) constitute the entire agreement between you and Fiskl in respect of your use of the Fiskl Platforms as an Authorized User. In the event of conflict between these User Terms and the Customer Terms of Service, the Customer Terms of Service prevail. In the event of conflict in respect of personal data processing, the DPA prevails.

8.5 No third-party beneficiaries

Except where expressly provided, no third party (including the Customer that invited you) may enforce these User Terms against you or against Fiskl.

8.6 Severability and waiver

Failure to enforce a right is not a waiver. If any provision is held unenforceable, it is modified to the minimum extent necessary, and the remaining provisions continue in effect.

9. Contact

For account-specific issues (your role, your access, your activity in the Account), contact the Customer that invited you. Fiskl can only act on instructions from the Customer in respect of the Account.

Fiskl Limited (and the wider Fiskl Group) 6A Thirlmere Road London, N10 2DN United Kingdom Company number: 09330290

Effective: 15 March 2026 Version 2026.4

The post User Terms of Service first appeared on Fiskl.

If you are entering into these Customer Terms on behalf of an entity (a company, partnership, sole tradership, or other organisation), you represent that you have authority to bind that entity, and “you” and “Customer” refer to that entity.

These Customer Terms incorporate by reference our Acceptable Use Policy, Privacy Policy, Subprocessors page, Cookie Policy, the Customer-Specific Supplement (where applicable to your category), and where you use Atlas, the Atlas Terms Supplement. Together with any Order Form executed between you and Fiskl, these documents form the “Contract.”

1. Definitions

“Account” means the Customer’s instance of the Fiskl Platforms, including all associated data, configurations, users, and connected integrations.

“Atlas” means Fiskl’s accountant practice-management product, including parent organisations, branches, team management, and client management as described in the Atlas Terms Supplement.

“Authorized User” means an individual you grant access to your Account, including employees, contractors, accountants, and other invitees, governed by the User Terms.

“Customer Data” means all data, information, files, transactions, invoices, financial records, banking data, accounting entries, documents, attachments, and content that you, your Authorized Users, or your connected integrations submit to or generate within the Fiskl Platforms.

“Fi” means Fiskl’s conversational AI and orchestration system, including all AI features, AI-driven processing, AI-generated outputs, AI-interpreted data, and AI capabilities integrated into the Fiskl Platforms. Fi includes (without limitation) the conversational interface, AI-Powered Expenses categorisation, document interpretation and extraction, AI-driven calculations and reporting, AI-generated insights and recommendations, and the orchestration of tools, agents, integrations, and workflows on the user’s instruction. References elsewhere in the Contract to “Fi outputs” or “AI outputs” mean any output, result, response, categorisation, calculation, summary, recommendation, or other artefact produced by Fi.

“Fiskl”, “we”, “us”, “our” mean the member of the Fiskl Group that is your Contracting Fiskl Entity under section 1A.

“Fiskl Group” means Fiskl Limited and its current and future direct and indirect Affiliates worldwide engaged in providing or supporting the Fiskl Platforms. The current members of the Fiskl Group are listed at https://fiskl.com/legal/fiskl-group/ or, where that page is not yet published, in this Customer Terms of Service.

“Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control with another entity, where “control” means ownership of more than 50% of voting interests or equivalent power to direct management.

“Fiskl Platform” means any individual platform within the Fiskl Platforms.

“Fiskl Platforms” means, collectively: (a) FisklAI, the end-user accounting platform; (b) Fiskl Atlas, the accountant practice-management platform; (c) Fiskl Orbit, the multi-entity consolidation platform; (d) Fi, the conversational AI and orchestration system that operates across the Fiskl Platforms; (e) the A2A Gateway, the agent-to-agent infrastructure platform; and (f) any other platform launched by Fiskl from time to time, in each case including all features, mobile and desktop applications, websites, APIs, and related interfaces. Where the context requires, references to the Fiskl Platforms include each Fiskl Platform individually.

“Order Form” means a written ordering document signed by both parties or an online subscription confirmation that references these Customer Terms.

“Subprocessor” means any third party Fiskl engages to process Customer Data on our behalf, listed at https://fiskl.com/legal/fiskl-subprocessors/.

“Subscription” means your paid or free subscription to the Fiskl Platforms, including the plan tier (Free, Solo, Pro, Prime, or such other tiers as Fiskl may offer from time to time).

“User Terms” means the User Terms of Service applicable to Authorized Users.

1A. Which Fiskl entity contracts with you

The Fiskl Group operates through one or more legal entities. The Fiskl Group entity that is your contracting party (the “Contracting Fiskl Entity”) is determined as follows:

• where you are domiciled in the United Kingdom, the European Economic Area, Switzerland, the Middle East, Africa, Asia, Latin America, Oceania, or any other region not covered by another Fiskl Group entity: Fiskl Limited, a company incorporated in England and Wales (company number 09330290), registered at 6A Thirlmere Road, London, N10 2DN, United Kingdom;
• where you are domiciled in the United States or Canada and Fiskl, Inc. (or another Fiskl Group entity formed in the United States — targeted incorporation: September 2026) has been incorporated and is operational: that US Fiskl Group entity, with its name and registered address communicated to you at sign-up, in your Order Form, by notice through the Fiskl Platforms, or at https://fiskl.com/legal/fiskl-group/;
• where another Fiskl Group entity has been formed for a particular region in future: that entity, on the same terms.

The current Contracting Fiskl Entity for new and existing customers is Fiskl Limited (United Kingdom) until the relevant Fiskl Group entity is incorporated and assigned. When a new Fiskl Group entity becomes the Contracting Fiskl Entity for a region, Fiskl will give existing customers in that region notice and a clear assignment of contract; the assignment is on the same terms and does not require active acceptance unless the customer objects in writing within 30 days, in which case the existing arrangement continues.

Other Fiskl Group entities act as Sub-processors of Customer Data on the terms of the DPA, regardless of which entity is the Contracting Fiskl Entity. References to “Fiskl” obligations in this Contract apply to the Contracting Fiskl Entity, and obligations performed by another Fiskl Group entity on its behalf are deemed performed by Fiskl.

If you are unsure which Fiskl Group entity is your Contracting Fiskl Entity, contact legal@fiskl.com.

2. The Fiskl Platforms

2.1 What Fiskl provides

Fiskl is an AI-core, multi-currency accounting and financial management platform for businesses, freelancers, and accounting professionals. The Fiskl Platforms include invoicing and quoting, expense management (including AI-Powered Expenses), client and vendor management, time and mileage tracking, accounting (including chart of accounts, journal entries, reconciliation), financial reporting, banking integrations, products and services catalogue, payment processing connections, team management, and the Fi AI advisor.

2.2 Subscription tiers and feature availability

Different Subscription tiers grant access to different features. Tier definitions, feature inclusions, and pricing are published at https://pricing.fiskl.com/. Fiskl may modify tier definitions, features, and pricing on the terms set out in section 11.

2.3 Multi-currency and global use

The Fiskl Platforms support transactions, invoices, accounts, and reporting in multiple currencies. Fiskl is incorporated in the United Kingdom but the Fiskl Platforms are delivered globally. References to currency conversion rates are provided as a convenience and may not match the rate applied by your bank or payment provider.

2.4 Banking integrations

The Fiskl Platforms connect to financial institutions through third-party banking aggregators and direct partners (currently Yodlee, Salt Edge, Stripe, and WIO Bank). When you connect a financial account, you authorise Fiskl and the relevant aggregator to retrieve your transaction data, account balances, and related metadata for use in the Fiskl Platforms. The terms of the relevant aggregator govern your direct relationship with them. Fiskl does not store your bank login credentials at any point.

2.5 Fi

The Fiskl Platforms include Fi, Fiskl’s conversational AI and orchestration system. Fi can analyse Customer Data, run reports, retrieve information from regional tax authorities and Fiskl’s knowledge base, automate categorisation and other AI-driven tasks, orchestrate workflows across the Fiskl Platforms and connected integrations, and respond to natural-language requests. Fi is not a regulated financial, tax, legal, audit, or accounting adviser. Use of Fi is subject to section 8.

2.6 Atlas

Where you sign up for, or are invited into, Atlas as an accounting firm, your use of Atlas is additionally governed by the Atlas Terms Supplement. The Atlas Terms Supplement prevails over these Customer Terms to the extent of any conflict in respect of Atlas-specific functionality.

2.7 Platform evolution

Fiskl continuously improves the Fiskl Platforms. We may add, modify, or remove features. We will not materially diminish the Fiskl Platforms during a paid Subscription period without giving you the right to terminate and receive a pro-rata refund as set out in section 11.

3. Account, access, and security

3.1 Account creation

You create your Account by registering at fiskl.com or through a partner or accountant invitation. You must provide accurate, current, and complete information and keep that information updated.

3.2 Eligibility

The Fiskl Platforms are intended for use by businesses, sole traders, freelancers, and accounting professionals. You must be at least 16 years old. You must have legal capacity to enter into a contract under the laws of your jurisdiction.

3.3 Account security

You are responsible for safeguarding access credentials and for all activity occurring under your Account. You must notify Fiskl promptly if you suspect unauthorised access or compromise.

3.4 Authorized Users

You may grant access to Authorized Users subject to your Subscription tier limits. You are responsible for the conduct of your Authorized Users and their compliance with the Contract and the User Terms. Their actions are deemed your actions for the purposes of the Contract.

3.5 Roles and permissions

The Fiskl Platforms provide role-based access control. You determine which Authorized Users hold which roles. The default Account holder is the Business Owner role with full administrative access.

4. Customer Data and our role

4.1 Ownership of Customer Data

Customer Data is and remains your property. You retain all right, title, and interest in Customer Data, subject to the limited licence in section 4.2.

4.2 Licence to Fiskl

You grant Fiskl a worldwide, non-exclusive, royalty-free, sublicensable licence to host, store, copy, transmit, display, process, modify, and otherwise use Customer Data to provide and improve the Fiskl Platforms, to operate Fiskl’s business, to develop and improve Fiskl’s AI models and other products and services, to derive aggregated and de-identified insights, and to comply with law. The scope of this licence in respect of AI model training and Data Products is set out in section 8 (AI provisions and Data Products). This licence survives termination only to the extent set out in sections 8 and 12.

4.3 Data protection roles

For Customer Data that constitutes personal data under UK GDPR, EU GDPR, or equivalent law: – You are the Controller of personal data you submit about your customers, vendors, employees, contractors, and other data subjects. – Fiskl acts as Processor in respect of that personal data. – The terms of our Data Processing Addendum (DPA) govern that processing and are incorporated by reference. The DPA is available at https://fiskl.com/legal/data-processing-addendum/.

4.4 Other Information

Fiskl is the Controller of usage data, telemetry, account metadata, billing data, and other information relating to your use of the Fiskl Platforms (“Other Information”). Our processing of Other Information is described in the Privacy Policy.

4.5 Aggregated and de-identified data

Fiskl produces aggregated, de-identified, anonymised, and statistical data derived from Customer Data and from the operation of the Fiskl Platforms (“Aggregated Data”). Aggregated Data is not Customer Data. Fiskl owns Aggregated Data and may use it for any lawful purpose without restriction, including AI training (whether by Fiskl or its partners), benchmarking, industry research, market intelligence, the development of Data Products as defined in section 8.4, public reporting, and commercialisation including licensing to financial institutions, banks, lenders, payment networks, regulators, fintechs, and other third parties.

De-identification standard. Fiskl applies de-identification techniques designed to ensure that Aggregated Data cannot, by reasonable means and in light of the resources reasonably available to a third party, be re-identified to you, your Authorized Users, your customers, your vendors, or any other natural-person data subject. These techniques include (as applicable to the data and use case): aggregation to a minimum group size, removal of direct identifiers, removal or hashing of indirect identifiers, generalisation, suppression, and noise injection. Where data is licensed to third parties as a Data Product, contractual obligations on the recipient prohibit attempts at re-identification.

4.6 Data export

You may export your Customer Data at any time during an active Subscription using the export tools provided in the Fiskl Platforms. Where you require an export in a format we do not natively support, contact support@fiskl.com.

5. Subscriptions, fees, and payment

5.1 Subscription fees

You pay the fees for your Subscription tier as set out at https://pricing.fiskl.com/ or as agreed in an Order Form. Fees are exclusive of VAT, GST, sales tax, withholding tax, and any equivalent. You are responsible for those taxes except taxes imposed on Fiskl’s net income.

5.2 Billing cycle

Subscriptions are billed monthly in advance unless an annual or other cycle is agreed. Annual billing is available on request and may carry a discount.

5.3 Pro-rata billing

When you upgrade your Subscription mid-cycle, Fiskl charges a pro-rata amount for the remainder of the current cycle. Downgrades take effect at the next billing cycle.

5.4 Free tier

A Free tier is available subject to feature limits. Fiskl reserves the right to modify, limit, or discontinue the Free tier on 30 days’ notice.

5.5 Payment method

You authorise Fiskl (or our payment processor) to charge your nominated payment method for all fees. You must keep payment information current. If a charge fails, Fiskl may suspend the Fiskl Platforms in accordance with section 5.7.

5.6 Refunds

Subscription fees are non-refundable except (a) where required by applicable consumer law, including the right of withdrawal under the UK Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 where you qualify as a consumer, (b) where Fiskl terminates without cause under section 12.4, or (c) at Fiskl’s discretion.

5.7 Late payment and suspension

If a payment is overdue by more than 14 days, Fiskl may suspend access to the Fiskl Platforms. Suspension does not relieve you of the obligation to pay accrued fees. Fiskl will give reasonable prior notice before suspension where practicable.

5.8 Atlas billing

Where you are an accounting firm using Atlas under the Charge Us model, your firm pays for your clients’ Subscriptions on the terms set out in the Atlas Terms Supplement. Where you are a Customer whose Subscription is paid by your accountant under the Charge Us model, the Atlas Terms Supplement governs the ownership transfer mechanism and disconnection rights.

5.9 Chargebacks, payment disputes, and friendly fraud

This section addresses the increasing pattern of “friendly fraud” or “first-party misuse” in which customers initiate chargebacks or payment disputes after substantive use of paid services. Nothing in this section overrides legitimate consumer-protection rights that cannot be waived under mandatory law (UK Consumer Rights Act 2015, US state consumer-protection law, equivalents); this section addresses the abuse of those rights.

(a) Mandatory pre-dispute escalation. If you have a billing concern, a question about a charge, or a complaint about the Fiskl Platforms, you must contact Fiskl support at support@fiskl.com and give Fiskl a reasonable opportunity (no less than 14 days) to address the concern, before initiating a chargeback or payment dispute with your card issuer, bank, or payment processor.

(b) Bad-faith chargebacks defined. You agree that the following constitute “Bad-Faith Chargebacks”:

• initiating a chargeback after substantive use of the Fiskl Platforms (including use during any free, promotional, trial, or discounted period);
• alleging unauthorised charges or fraud where you (or an Authorized User) authenticated to the Account, accepted the Customer Terms, supplied a payment method, and used the Fiskl Platforms;
• alleging non-receipt of the Fiskl Platforms where usage logs, login records, or feature-activity evidence show receipt;
• disputing a charge for a period during which the Fiskl Platforms were made available to you and you did not contact Fiskl support to raise a concern under section 5.9(a);
• disputing a charge for the purpose of avoiding payment after taking the benefit of the Fiskl Platforms.

(c) Factual acknowledgments. You expressly acknowledge and agree that:

• acceptance and receipt — your use of the Fiskl Platforms during any free, promotional, trial, or discounted period constitutes acceptance of, and full receipt of, the Fiskl Platforms;
• evidence retention — Fiskl maintains, and is entitled to maintain for the period reasonably necessary, evidence of your authorisation and use, including timestamped acceptance of the Customer Terms, account-creation IP and device fingerprint, login history, authentication events, feature-usage records, AI-interaction logs, transaction records, support communications, and Stripe dispute-evidence packages;
• conclusive evidence — you agree that the records described in (ii) are admissible and conclusive evidence of your authorisation and use of the Fiskl Platforms for the purpose of a chargeback dispute.

(d) Consequences of a Bad-Faith Chargeback. If you initiate a Bad-Faith Chargeback, you are in material breach of the Contract, and Fiskl may, in addition to all other rights and remedies:

• suspend and/or terminate your Account immediately under sections 12.3 and 12.5;
• recover the original disputed amount;
• recover all bank, card-network, and payment-processor dispute and representment fees Fiskl incurs in connection with the chargeback;
• recover liquidated administrative damages of USD 250 per Bad-Faith Chargeback (or such higher amount, where lawful, as is necessary to cover Fiskl’s actual administrative cost), as a genuine pre-estimate of the administrative burden, which the parties agree is not a penalty;
• recover reasonable legal fees and collection costs to the extent permitted by law;
• accelerate the remaining contractual term — for annual or fixed-term Subscriptions, the unpaid balance for the remainder of the term becomes immediately due;
• offset any of these amounts against any credits, balances, refunds, or commissions otherwise owed to you.

(e) Permanent ban and anti-cycling. Where you initiate a Bad-Faith Chargeback, Fiskl may permanently terminate your Account and prevent re-registration, including by blocking accounts associated with the same email address, payment method, business name, business-registration number, controlling individual, IP address, device fingerprint, or domain. You agree that Fiskl’s good-faith determination of association is conclusive between the parties.

(f) Reporting to fraud and chargeback databases. Where you initiate a Bad-Faith Chargeback, Fiskl may report the chargeback, your identity, and supporting evidence to:

• chargeback-abuse and merchant-defence databases (including Ethoca, Verifi, Chargebacks911, and equivalents);
• Fiskl’s payment processors and banking partners (including Stripe);
• card networks (Visa, Mastercard, American Express, Discover) where their compelling-evidence frameworks (such as Visa CE 3.0) permit;
• law-enforcement and fraud-prevention authorities, where Fiskl reasonably suspects criminal conduct.

(g) Consumer-rights carve-out. Nothing in this section limits or excludes any right of a consumer that cannot be limited or excluded under applicable mandatory law. A chargeback initiated for a genuine reason (an unauthorised charge made by a third party who obtained your credentials without your authorisation; a billing error materially in excess of the agreed amount; a service that was not made available to you despite your good-faith request; or any other legitimate ground recognised by mandatory law) is not a Bad-Faith Chargeback.

(h) Survival. Fiskl’s rights under this section 5.9 survive termination of the Contract.

6. Customer obligations

6.1 Compliance with the Contract

You must use the Fiskl Platforms in accordance with the Contract, including the Acceptable Use Policy.

6.2 Lawful use

You must comply with all laws applicable to your use of the Fiskl Platforms, including data protection, consumer protection, financial reporting, tax, anti-money laundering, anti-bribery, sanctions, and export-control laws.

6.3 Accuracy of data

You are responsible for the accuracy, completeness, and legality of Customer Data. The Fiskl Platforms produce outputs (including financial reports, tax calculations, and AI-generated insights) based on the data you provide. Fiskl is not responsible for outputs that result from inaccurate or incomplete inputs.

6.4 Professional advice

The Fiskl Platforms, including Fi, provide tools, information, calculations, and guidance. They do not provide legal, tax, accounting, financial, or investment advice for your specific situation. You should consult a qualified professional for advice specific to your circumstances.

6.5 Banking authorisations

When you connect a banking account, you represent that you are authorised to connect that account and to authorise Fiskl and the relevant aggregator to retrieve data from it.

6.6 Third-party services

You are responsible for your relationships with third-party services you connect to the Fiskl Platforms (banking aggregators, payment processors, integration partners). The terms of those third parties govern your direct relationship with them.

6.7 Anti-corruption, sanctions, and trade controls

You represent, warrant, and covenant that:

• you and your Affiliates, officers, directors, employees, and agents will comply with the US Foreign Corrupt Practices Act (FCPA), the UK Bribery Act 2010, and all other applicable anti-corruption and anti-bribery laws in the jurisdictions in which you operate;
• you and your Affiliates are not, and your beneficial owners are not, persons or entities subject to economic or trade sanctions administered or enforced by the US Office of Foreign Assets Control (OFAC), the UK Office of Financial Sanctions Implementation (OFSI), the EU Council, the United Nations Security Council, or equivalent authorities, and you and your Affiliates are not located in, organised under the laws of, or ordinarily resident in any sanctioned jurisdiction;
• you will not use the Fiskl Platforms in violation of, or to facilitate the violation of, any applicable export control, sanctions, or trade-control law (including the US Export Administration Regulations and the International Traffic in Arms Regulations);
• you will notify Fiskl promptly if any of these representations cease to be true.

A breach of this section 6.7 entitles Fiskl to terminate the Contract immediately under section 12.3.

7. Acceptable use and prohibited activities

You agree to comply with the Acceptable Use Policy. Without limiting that policy, you must not:

• use the Fiskl Platforms to transmit or store unlawful, infringing, defamatory, harassing, fraudulent, or harmful content;
• reverse-engineer, decompile, or otherwise attempt to derive the source code or underlying structure of the Fiskl Platforms except to the extent permitted by mandatory law;
• circumvent any access control, rate limit, or technical protection measure;
• use the Fiskl Platforms to develop a competing product;
• use the Fiskl Platforms for the benefit of, or to provide services to, a Patent Assertion Entity, a sanctioned person, or any party in a sanctioned jurisdiction;
• misuse Fi, including by attempting to extract personal data of other Fiskl customers, by attempting to bypass safety controls, or by relying on Fi outputs as regulated or professional advice;
• submit Customer Data that you do not have the right to submit, or that violates the privacy or other rights of any third party;
• use the Fiskl Platforms to issue, send, or record fake, fictitious, false, sham, or fraudulent invoices, quotes, receipts, expenses, transactions, journal entries, or financial records, or otherwise to fabricate financial activity that did not actually occur;
• use the Fiskl Platforms to facilitate money laundering, terrorist financing, sanctions evasion, tax evasion, VAT fraud (including missing-trader and carousel fraud), invoice fraud, identity fraud, synthetic-identity fraud, or any other financial crime;
• use the Fiskl Platforms to misrepresent the Customer’s financial position to lenders, investors, insurers, banks, regulators, tax authorities, professional advisers, customers, vendors, employees, or any other third party, including by inflating revenue, suppressing liabilities, fabricating receivables, or generating misleading reports;
• use the Fiskl Platforms to deceive Fiskl’s payment, banking, or AI Provider partners, including by initiating Bad-Faith Chargebacks (see section 5.9), manipulating banking integration data, or exploiting AI features to launder content for fraudulent purposes.

The activities in (h) to (k) are material breaches of the Contract regardless of whether the Customer’s conduct also constitutes a criminal or regulatory offence in any jurisdiction.

8. Fi, AI processing, orchestration, Data Products, and Data Monetisation

8.1 Fi reads, processes, and acts on Customer Data

Fi accesses Customer Data within your Account to answer questions, run reports, retrieve information, perform AI-driven categorisation and processing, orchestrate workflows and integrations, and (where you instruct) perform actions. Fi does not expose your raw Customer Data to other Fiskl customers in their respective Accounts.

8.2 AI sub-processors and inference providers

Fi uses third-party AI infrastructure providers and model providers (“AI Providers”) listed in the Subprocessors page. AI Providers process Customer Data only to deliver inference, fine-tuning, and other services to Fiskl, only as instructed by Fiskl, and on contractual terms that:

• prohibit AI Providers from using Customer Data to train AI Providers’ own general-purpose AI models;
• prohibit AI Providers from retaining Customer Data beyond the period necessary to deliver the contracted service;
• prohibit AI Providers from disclosing Customer Data to any further third party except as required by law.

Where Fiskl engages an AI Provider to develop a Fiskl-specific or Fiskl-exclusive fine-tuned model, that model is owned or exclusively licensed by Fiskl, and the rights granted in section 8.3 apply.

8.3 AI training rights

You acknowledge that Fiskl operates a global accounting platform and that the value of the Fiskl Platforms to you and other customers depends on Fiskl’s ongoing development of AI capabilities. You grant Fiskl and its affiliates a worldwide, perpetual, irrevocable, royalty-free, sublicensable licence to use Customer Data and Aggregated Data to:

• train, fine-tune, evaluate, refine, and improve Fiskl’s own AI models, including Fi and any future AI features and products;
• develop, evaluate, and improve new AI features, products, and services;
• engage AI Providers, research partners, and other third parties to train, fine-tune, evaluate, and improve AI models that are owned by, exclusively licensed to, or developed for the exclusive use of Fiskl (“Fiskl-Exclusive Models”);
• develop, evaluate, and improve benchmarking models, industry analytics, credit and lending models, market intelligence products, and other AI-driven Data Products;
• license Aggregated Data and AI-derived insights to third parties.

Boundary on third-party general-purpose AI training. Fiskl does not provide raw Customer Data to third-party AI developers for the purpose of training those third parties’ general-purpose AI models. Where third-party AI developers receive data from Fiskl, that data is Aggregated Data, or the resulting model is a Fiskl-Exclusive Model. This boundary applies regardless of any sublicensing right granted in this section.

8.4 Data Products and data monetisation

Fiskl may develop, market, license, sell, and otherwise commercialise products, services, datasets, insights, analytics, models, APIs, and feeds derived from Customer Data and Aggregated Data (collectively, “Data Products”). Data Products may include, without limitation:

• industry benchmarking reports and sector analytics;
• market intelligence, economic indicators, and macro-economic insights;
• credit, lending, and underwriting insight products for banks, lenders, payment networks (including card networks), insurers, and other financial institutions;
• regulatory, supervisory, and compliance-reporting products for regulators and financial-stability authorities;
• AI-powered services and embedded analytics for accounting firms, banks, fintech partners, payment providers, ERP and software vendors, and other businesses;
• trained AI models, embeddings, fine-tunes, and other derived AI artefacts (including Fiskl-Exclusive Models as defined in section 8.3);
• data feeds, APIs, and streaming products delivering aggregated insights to third parties;
• research, white papers, indices, and public reporting on global small-business and accounting trends;
• bespoke data and AI products developed under commercial agreement with strategic partners (including financial institutions, payment networks, banks, and other enterprise customers).

Data Products may be made available on a paid or free basis. Fiskl owns all right, title, and interest in Data Products. Fiskl may share revenue from Data Products with strategic partners and may engage exclusive or non-exclusive distribution arrangements. Recipients of Data Products are bound by separate contractual terms that prohibit re-identification, secondary selling, and uses inconsistent with this Contract.

8.5 Fiskl’s data assets

You acknowledge that the combination of Customer Data, Aggregated Data, AI models trained using Customer Data and Aggregated Data, and Data Products derived from them constitute valuable Fiskl assets and a core part of Fiskl’s business. The licence in section 4.2 and the rights in this section 8 are essential to Fiskl’s ability to provide the Fiskl Platforms and to evolve its products and business.

8.6 Customer choice and protections

Fiskl applies the following protections:

• Special category data. Personal data falling within UK GDPR Article 9 (including data revealing health, biometric data, sexual orientation, religious or philosophical belief, ethnic origin, or trade union membership) is excluded from AI training and Data Products unless you have given explicit consent through an opt-in mechanism.
• Customer opt-out. You have the right under applicable data protection law to object to the use of personal data within your Customer Data for AI training and Data Products. Where the Fiskl Platforms provide an opt-out control in your Account settings, you may exercise this right through the Fiskl Platforms. Where the Fiskl Platforms do not yet provide such control, you may exercise this right by emailing dpo@fiskl.com, and Fiskl will give effect to your objection on a forward-looking basis. Section 8.7 (survival of training and Data Product rights) applies to AI models and Aggregated Data already produced before your objection.
• Raw data not shared with third-party developers. Fiskl does not provide raw Customer Data to third-party AI developers for the purpose of training those third parties’ general-purpose AI models. Data shared with third-party AI developers is either Aggregated Data, or it relates to a Fiskl-Exclusive Model as defined in section 8.3.
• Personal data of data subjects. Personal data of natural-person data subjects whose information appears in your Customer Data (your customers, vendors, employees, contractors, and other individuals) is additionally governed by the Privacy Policy and the DPA, including the legal basis for processing for AI training and Data Products.
• Atlas firms. Customer Data of clients managed by Atlas accounting firms is subject to additional protections set out in the Atlas Terms Supplement, which provides Atlas firms with controls over the use of their clients’ Customer Data in AI training and Data Products.

8.7 Survival of AI and Data Product rights

The rights granted to Fiskl in sections 4.5, 8.3, and 8.4 survive termination of the Contract with respect to (a) AI models that have been trained, fine-tuned, or otherwise improved using Customer Data or Aggregated Data prior to termination — Fiskl has no obligation to delete, retrain, or unlearn those models — and (b) Aggregated Data and Data Products already produced. Raw Customer Data is handled on termination as set out in section 12.6.

8.8 AI accuracy and your verification obligation

Fi outputs and any other AI-generated, AI-processed, AI-categorised, AI-interpreted, or AI-derived results in the Fiskl Platforms may contain errors, omissions, inaccuracies, hallucinations, biases, outdated information, or misinterpretations. This includes (without limitation):

• Fi conversational outputs;
• tax guidance referencing tax-authority content;
• financial calculations, summaries, projections, and forecasts;
• AI-Powered Expenses categorisation and any other AI-driven categorisation;
• document interpretation, OCR, and data extraction;
• AI-generated reports, recommendations, and insights;
• outputs of orchestration workflows that Fi performs on your instruction;
• any other output of an AI feature in the Fiskl Platforms.

AI outputs are provided “as is” and “as available”. You are solely responsible for independently verifying any AI output before relying on it — particularly for tax filings, regulatory submissions, payments, financial reporting, professional advice to your own clients, and material business decisions. Fiskl makes no warranty as to the accuracy, completeness, currency, or fitness for purpose of any AI output. Fi is not a regulated financial, tax, legal, audit, or accounting adviser, and Fi outputs are not regulated advice in any jurisdiction.

8.9 Tax authority content

Fi references content from tax authorities (such as the IRS, HMRC, and equivalent agencies in supported regions). Tax authority content is owned by the relevant tax authority and is provided subject to its own terms. Fi’s referencing of tax-authority content does not constitute the provision of tax advice and does not establish a regulated relationship between you and Fiskl.

8.10 Output ownership

Subject to section 8.11, you own the outputs Fi generates in response to your instructions in your Account. Fiskl retains all right, title, and interest in Fi itself, in the underlying models, prompts, infrastructure, and in any AI models or Data Products developed using Customer Data or Aggregated Data.

8.11 Limits on output exclusivity

AI outputs may be similar or identical to outputs generated for other customers asking similar questions. You acknowledge this and waive any claim against Fiskl based on such similarity.

9. Intellectual property

9.1 Fiskl IP

Fiskl owns all right, title, and interest in the Fiskl Platforms, including all underlying software, models, content, designs, trademarks, logos, and documentation. No rights are granted to you except as expressly set out in the Contract.

9.2 Customer marks

You grant Fiskl a non-exclusive, worldwide, royalty-free licence to use your name and logo to identify you as a Fiskl customer in customer lists, case studies, marketing materials, and public statements. You may opt out of this use by emailing legal@fiskl.com. Sensitive use (specific testimonials, case studies referencing your customers) requires your prior written consent.

9.3 Feedback

If you provide feedback, suggestions, or ideas about the Fiskl Platforms, you grant Fiskl a perpetual, worldwide, royalty-free, sublicensable licence to use that feedback without obligation to you.

10. Confidentiality

10.1 Confidential Information

Each party may receive non-public information of the other party that is identified as confidential or that a reasonable person would understand to be confidential (“Confidential Information”). Customer Data is your Confidential Information. Pricing, the structure of the Fiskl Platforms, and product roadmap information are Fiskl’s Confidential Information.

10.2 Obligations

The Receiving Party must (a) protect Confidential Information with at least the same degree of care it uses for its own Confidential Information of similar sensitivity (and at minimum reasonable care), (b) use Confidential Information only to perform the Contract, and (c) limit access to its personnel and advisers who need to know.

10.3 Exceptions

The obligations in section 10.2 do not apply to information that (a) is or becomes public other than through breach of the Contract, (b) was lawfully known prior to disclosure, (c) is lawfully received from a third party without confidentiality obligation, or (d) is independently developed without use of the Confidential Information.

10.4 Compelled disclosure

If a party is compelled by law to disclose Confidential Information, it must (where lawful) give prompt notice to the other party and reasonable assistance to limit or contest the disclosure.

11. Changes to the Fiskl Platforms and the Contract

11.1 Changes to the Fiskl Platforms

Fiskl may modify the Fiskl Platforms from time to time. Where a change materially diminishes the Fiskl Platforms during a paid Subscription period, you may terminate that Subscription and receive a pro-rata refund of fees for the unused portion.

11.2 Changes to the Contract

Fiskl may update these Customer Terms, the Acceptable Use Policy, the Privacy Policy, the Subprocessors page, the Cookie Policy, the DPA, the Atlas Terms Supplement, and the Customer-Specific Supplement from time to time. Material changes take effect 30 days after notice (by email or through the Fiskl Platforms). Non-material changes (clarifications, typo corrections, structural reformatting) take effect on posting. Continued use after the effective date constitutes acceptance.

11.3 Subprocessor changes

Fiskl maintains the current list of Subprocessors at https://fiskl.com/legal/fiskl-subprocessors/. Where you have subscribed to Subprocessor change notifications, Fiskl will notify you of new Subprocessors at least 30 days before they begin processing Customer Data. You may object to a new Subprocessor on the terms set out in the DPA.

12. Term, suspension, and termination

12.1 Term

The Contract starts on the day you create your Account (or the date specified in your Order Form) and continues until terminated.

12.2 Termination by you

You may terminate the Contract at any time. For monthly Subscriptions, termination takes effect at the end of the current billing cycle. For annual Subscriptions, termination takes effect at the end of the annual term unless required earlier by mandatory law.

12.3 Termination for cause

Either party may terminate the Contract immediately if the other party materially breaches the Contract and fails to cure within 30 days of written notice (or shorter where the breach is incapable of cure). Fiskl may also terminate immediately and without cure period for: (a) non-payment beyond 30 days; (b) breach of section 7 (acceptable use), including specifically the activities in section 7(h) to 7(k) (fraudulent use, financial crime, financial misrepresentation, deception of partners); (c) violation of sanctions or export-control laws; (d) bankruptcy, insolvency, administration, receivership, or similar event; (e) a credible determination by Fiskl, acting reasonably, that the Customer is using the Fiskl Platforms to commit or facilitate fraud or financial crime.

12.4 Termination without cause by Fiskl

Fiskl may terminate any Free tier Subscription on 30 days’ notice. Fiskl may terminate paid Subscriptions only for cause as set out in 12.3, except where a tier is being discontinued (in which case 90 days’ notice and pro-rata refund of unused fees).

12.5 Suspension

Fiskl may suspend access immediately and without prior notice where: (a) required by law, court order, or regulatory authority; (b) there is a credible threat to security or system integrity; (c) a payment is overdue under section 5.7; (d) there is a material breach of the Acceptable Use Policy; (e) Fiskl detects, suspects on reasonable grounds, or is notified by a banking, payment, or AI Provider partner of, fraudulent use, financial crime, financial misrepresentation, or other conduct prohibited under section 7(h) to 7(k); (f) a banking, payment, or AI Provider partner suspends or terminates services to Fiskl in respect of the Customer.

Fiskl will use reasonable efforts to give prior notice and to limit suspension scope, except where giving prior notice would prejudice the investigation or detection of fraud, financial crime, or breach of law, or would be inconsistent with regulatory obligations.

12.5A Cooperation with authorities and partners

Fiskl may, in connection with suspected or detected fraud, financial crime, or breach of section 7: (a) cooperate with law enforcement, tax authorities, regulators, banking partners, payment processors, and AI Providers, including by sharing Customer Data, account information, transaction records, and Fi conversation logs to the extent permitted by Applicable Data Protection Law; (b) make reports required by Applicable Data Protection Law, anti-money-laundering law, tax law, sanctions law, or other applicable law; (c) retain Customer Data and other information for the period necessary to support investigations, regulatory inquiries, or legal proceedings, notwithstanding section 12.6.

These rights apply during the term of the Contract and survive termination.

12.6 Effect of termination

On termination: (a) your right to access the Fiskl Platforms ends; (b) you must pay all accrued fees through the effective date of termination; (c) you have 30 days from termination to export Customer Data using available export tools; (d) after 30 days, Fiskl will delete Customer Data unless retention is required by law or unless agreed otherwise (Atlas firms with Charge Us clients have additional retention obligations under the Atlas Terms Supplement); (e) provisions that by their nature should survive (including sections 4 (Customer Data), 5 (accrued fees), 9 (IP), 10 (confidentiality), 13 (warranties), 14 (indemnities), 15 (liability), 16 (governing law)) survive termination.

12.7 Atlas account ownership transfer

Where the Customer’s Account was created and paid for by an Atlas firm under the Charge Us model, the Atlas Terms Supplement sets out the procedure for transferring account ownership to the Customer if the firm’s relationship ends.

13. Warranties and disclaimers

13.1 Mutual warranties

Each party warrants that it has the legal authority to enter into the Contract.

13.2 Fiskl warranties

Fiskl warrants that it will provide the Fiskl Platforms with reasonable skill and care, in line with industry-standard practice for SaaS providers of comparable services. Fiskl will use commercially reasonable efforts to maintain availability and to address defects.

13.2A Insurance

Fiskl maintains, with reputable insurers selected on advice from recognised insurance brokers, and on terms appropriate for a SaaS provider of comparable size, scope, and risk profile, insurance cover that includes:

• professional indemnity and cyber liability cover (covering negligent acts, errors and omissions, breach of confidentiality, infringement of third-party intellectual property, data breach response and notification costs, cyber extortion, loss of income, and related liabilities);
• public and products liability cover;
• employment practices liability cover;
• directors and officers (management liability)

Fiskl reviews this cover annually and adjusts levels as the business and risk profile evolve. Certificates of insurance are available on request to qualifying customers under non-disclosure terms, with cover limits set out at the Fiskl Trust Center (https://fiskl.com/legal/trust-center/) or in an Order Form. For enterprise-tier engagements, an Order Form may specify (i) minimum cover limits, (ii) named-insured or additional-insured arrangements where Fiskl can support them, (iii) advance notice of material reductions in cover, and (iv) certificate-of-insurance refresh cadence.

13.2B Service availability

Fiskl publishes its service-level commitment, scheduled-maintenance window, and historical availability at the Fiskl Trust Center. Where the Customer requires a contractually-binding Service Level Agreement (SLA) with credits, this is available in an Order Form for qualifying Subscription tiers.

13.2C Security and certifications

Fiskl operates an information security management programme aligned with industry standards. Current security capabilities, certification status (including any SOC 2 or ISO 27001 certifications, where held), Sub-processor due diligence, and incident response posture are described at the Fiskl Trust Center. Customers may request the most recent third-party attestation reports under non-disclosure terms.

13.3 Disclaimer

Subject to section 13.4 and to the extent permitted by law, the Fiskl Platforms are provided “as is” and “as available.” Fiskl disclaims all other warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy of AI-generated outputs, uninterrupted operation, and freedom from errors or harmful components.

13.4 Consumer rights preserved

Where you are a consumer under applicable law (including the UK Consumer Rights Act 2015), nothing in section 13.3 affects rights that cannot be excluded or limited by contract.

14. Indemnification

14.1 By Fiskl

Subject to sections 14.1A and 14.2, Fiskl will defend you against any third-party claim alleging that the Fiskl Platforms, when used in accordance with the Contract, infringe that third party’s UK, EU, or US patent, copyright, trademark, or trade secret right (a “Claim Against Customer”), and will pay the damages and reasonable costs finally awarded against you, or agreed by Fiskl in settlement, in respect of the Claim Against Customer, provided that:

• you promptly notify Fiskl in writing of the Claim Against Customer (and in any event no later than is required to avoid prejudice to the defence);
• you give Fiskl sole control of the defence and settlement of the Claim Against Customer;
• you do not admit liability, make any settlement offer, or make any public statement about the Claim Against Customer without Fiskl’s prior written consent;
• you cooperate with Fiskl, at Fiskl’s reasonable expense, in the defence and settlement; and
• the Claim Against Customer arises from your use of the Fiskl Platforms in accordance with the Contract.

14.1A Exclusions from IP indemnity

Fiskl’s obligation in section 14.1 does not apply to, and Fiskl has no liability for, any Claim Against Customer arising from or relating to:

• Customer Data (including Personal Data, content, instructions, prompts, or files you submit to the Fiskl Platforms);
• Modifications to the Fiskl Platforms by you or any third party other than Fiskl;
• Combinations of the Fiskl Platforms with products, services, software, or data not provided by Fiskl, where the alleged infringement would not have occurred but for the combination;
• Use of the Fiskl Platforms in breach of the Contract or contrary to Fiskl’s documentation and reasonable instructions;
• Third-party banking integration partners and their software development kits — including Yodlee, Salt Edge, WIO Bank, Stripe (in their banking-feed capacity), and any successor or replacement banking partner — where the alleged infringement is specifically directed at the technology, integration, or content provided by the banking partner. The banking partner’s own indemnity provisions govern such claims;
• Third-party AI Provider models — including Anthropic Claude models, Google Gemini and Vertex AI models, AWS Bedrock infrastructure and models, and any successor or replacement AI Provider — where the alleged infringement is specifically directed at the AI Provider’s models, training data, or infrastructure. The AI Provider’s own indemnity provisions govern such claims;
• Open-source software components that you could lawfully obtain from a public source independent of the Fiskl Platforms, where the alleged infringement is specifically directed at the open-source component itself rather than at Fiskl’s incorporation, modification, or use of it;
• Outputs of Fi or other AI features — including AI-generated text, summaries, recommendations, calculations, categorisations, and orchestration outputs — where the alleged infringement is specifically directed at the AI output rather than at the Fiskl Platforms themselves. The position on AI outputs is governed by sections 8.8 (AI accuracy), 8.10 (output ownership), 8.11 (limits on output exclusivity), and 15.6 (no liability for AI-processed or AI-interpreted data).

14.2 Mitigation ladder

If the Fiskl Platforms become the subject of, or in Fiskl’s reasonable opinion are likely to become the subject of, a Claim Against Customer, Fiskl may at its option and at its own expense:

Step 1 — Modify. Modify the Fiskl Platforms so that they are no longer alleged to infringe, while preserving substantially equivalent functionality;

Step 2 — Licence. Procure for you the right to continue using the Fiskl Platforms or affected feature; or

Step 3 — Terminate and refund. If neither modification nor licensing is, in Fiskl’s reasonable judgement, commercially practicable, terminate the affected Subscription or feature and refund a pro-rata portion of prepaid fees in respect of the unused period.

The remedies in this section 14.2, together with the indemnity in section 14.1 (subject to section 14.1A), constitute your sole and exclusive remedy and Fiskl’s entire liability in respect of any Claim Against Customer.

14.3 By you

You will defend Fiskl against any third-party claim arising from (a) Customer Data, (b) your breach of section 6 (Customer obligations) or section 7 (acceptable use), or (c) your relationship with your customers, vendors, employees, contractors, or accountant, and pay damages and reasonable costs finally awarded or agreed in settlement.

14.4 Sole remedy

The indemnities in this section are each party’s sole remedy for the matters covered.

15. Limitation of liability

15.1 Excluded losses

Subject to section 15.4, neither party is liable to the other for indirect, incidental, special, consequential, or punitive damages, or for loss of profits, revenue, savings, goodwill, or data (other than Fiskl’s obligations to maintain backups in line with industry practice), arising from or in connection with the Contract, regardless of the legal theory and even if advised of the possibility.

15.2 Liability cap (default)

Subject to sections 15.2A, 15.4, and 15.5, each party’s aggregate liability arising from or in connection with the Contract in any 12-month period is capped at the greater of (a) the fees you paid Fiskl in the 12 months preceding the event giving rise to liability, or (b) USD 5,000.

15.2A Order Form liability allocation (enterprise tier)

An Order Form may set out a different liability cap and risk allocation for the relevant Subscription, including: (a) a higher general liability cap, commonly expressed as a multiple of annual Subscription fees; (b) super-caps for specific high-impact events such as Personal Data Breach, breach of confidentiality, and intellectual property indemnity; (c) different categories of excluded losses; (d) reciprocal or asymmetric structures appropriate to the Customer’s tier.

Where an Order Form sets out a different liability allocation, that Order Form prevails over the default cap in section 15.2 in respect of that Subscription, except section 15.4 (which always applies).

15.3 Allocation of risk

The limitations in this section reflect the parties’ agreed allocation of risk and are reflected in the pricing of the Fiskl Platforms.

15.4 Exclusions from cap

Nothing in this section limits liability for: (a) death or personal injury caused by negligence, (b) fraud or fraudulent misrepresentation, (c) any other liability that cannot be limited or excluded by law, (d) Customer’s indemnity obligations under section 14.3, or (e) Customer’s obligation to pay accrued fees.

15.5 Default super-caps for enterprise Order Forms

Where an Order Form expressly incorporates this section 15.5 (typically for enterprise-tier engagements), the following super-caps apply notwithstanding section 15.2: (a) for liability arising from a Personal Data Breach caused by Fiskl’s material breach of the DPA: five (5) times the annual Subscription fees; (b) for Fiskl’s IP indemnity under section 14.1: uncapped; (c) for breach of confidentiality under section 10: three (3) times the annual Subscription fees.

Customer’s payment obligations under the Contract are not subject to a cap.

15.6 No liability for AI-processed or AI-interpreted data and AI outputs

To the extent permitted by applicable law, and subject to section 15.4 (matters that cannot be limited), Fiskl is not liable to you for any loss, damage, claim, regulatory penalty, professional liability, business interruption, fine, third-party claim, or other harm arising from or connected to:

• the accuracy, completeness, currency, or interpretation of any AI-processed or AI-interpreted data within the Fiskl Platforms;
• your reliance on any Fi output, AI-generated recommendation, AI-derived calculation, AI-driven categorisation, AI summary, AI-generated report, AI-orchestrated action, or any other AI output;
• decisions made by you, your Authorized Users, your Atlas Firm, or your clients on the basis of any AI output;
• the failure of any AI feature to detect, categorise, classify, extract, summarise, or interpret data correctly;
• AI outputs that prove to be inaccurate, incomplete, biased, hallucinated, outdated, or misleading;
• any orchestration action taken by Fi on instruction (including action against connected third-party services), including failures, errors, or unintended consequences of such orchestration.

This exclusion applies in addition to the warranty disclaimer in section 13.3 and the liability cap in section 15.2 (or in section 15.5 where applicable). It is not subject to the super-caps in section 15.5.

You acknowledge that AI is a probabilistic technology, that AI outputs require human verification and judgement before being acted on, and that you are solely responsible for that verification. You agree that the allocation of risk in this section reflects the nature of AI as a technology category and the pricing of the Fiskl Platforms.

This section does not affect rights that cannot be excluded under applicable mandatory law (including consumer rights under the UK Consumer Rights Act 2015 and equivalent regimes, liability for death or personal injury caused by negligence, and liability for fraud or fraudulent misrepresentation).

16. Governing law, jurisdiction, and dispute resolution

16.1 Governing law

The Contract is governed by the laws of England and Wales, excluding conflicts-of-law rules and the United Nations Convention on Contracts for the International Sale of Goods.

16.2 Jurisdiction

The courts of England and Wales have exclusive jurisdiction over any dispute arising out of or in connection with the Contract, except that either party may seek injunctive or equitable relief in any court of competent jurisdiction to protect its intellectual property or Confidential Information.

16.3 Consumer rights

Where you are a consumer resident in the UK, EU/EEA, or another jurisdiction whose mandatory law grants you the right to bring proceedings in your local courts, that right is preserved.

16.4 Informal resolution

Before commencing formal proceedings, the parties will attempt in good faith to resolve disputes by escalation to senior representatives for at least 30 days, unless either party reasonably believes the dispute requires immediate court relief.

16.5 Disputes involving US-domiciled Customers — arbitration and class-action waiver

Where the Customer is domiciled in the United States, the following dispute-resolution provisions apply in addition to sections 16.1 to 16.4:

(a) Arbitration. Any dispute, claim, or controversy arising out of or relating to the Contract, the Fiskl Platforms, Fi, Data Products, or the relationship between the parties, that is not resolved through the informal-resolution process in section 16.4, will be resolved by binding individual arbitration administered by JAMS under its Comprehensive Arbitration Rules and Procedures, except that:

• either party may bring an individual action in small-claims court for disputes within that court’s jurisdiction;
• either party may seek injunctive or equitable relief in any court of competent jurisdiction to protect its intellectual property, Confidential Information, or to prevent unauthorised access to or misuse of the Fiskl Platforms;
• the arbitrator (not a court) has exclusive authority to decide all issues relating to the scope, enforceability, and arbitrability of this section.

The arbitration will be conducted in English, in the State of Delaware, by a single arbitrator with substantial experience in technology, AI, or commercial software disputes. The arbitrator’s decision is final and binding, and judgment on the award may be entered in any court of competent jurisdiction.

(b) Class-action waiver. YOU AND FISKL EACH AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT AS A CLASS, COLLECTIVE, CONSOLIDATED, OR REPRESENTATIVE ACTION. The arbitrator may not consolidate more than one party’s claims and may not preside over any form of representative or class proceeding. If this class-action waiver is found to be unenforceable in respect of a particular claim, that claim must be brought in the courts identified in section 16.5(c) below, and not in arbitration; the rest of this section continues to apply.

(c) Court alternative for matters outside arbitration. Where a matter is not subject to arbitration under this section 16.5 (for example, an injunction request under (a)(ii), a small-claims action, or a claim falling outside this section as a matter of law), it will be heard exclusively by the state and federal courts located in the State of Delaware, and each party submits to the exclusive jurisdiction of those courts. Each party waives any right to a jury trial in respect of any claim arising out of or relating to the Contract.

(d) Costs. Each party bears its own arbitration costs except that Fiskl will pay the JAMS filing fees for any individual claim by a Customer where Fiskl’s enterprise pricing exceeds Customer’s annual fees, to the extent required by JAMS Consumer Minimum Standards or by law.

(e) Opt-out. A Customer may opt out of this arbitration agreement by giving written notice to legal@fiskl.com within thirty (30) days of first agreeing to the Customer Terms. The opt-out must include the Customer’s name, account email, and a clear statement of intention to opt out. An opt-out applies only to disputes between you and Fiskl.

(f) Survival. This section 16.5 survives termination of the Contract.

17. General provisions

17.1 Entire agreement

The Contract is the entire agreement between the parties on its subject matter and supersedes all prior or contemporaneous agreements, proposals, and representations. In the event of conflict, the order of precedence is: (1) Order Form, (2) Atlas Terms Supplement (where applicable), (3) Customer-Specific Supplement (where applicable), (4) DPA, (5) these Customer Terms, (6) Acceptable Use Policy, (7) Privacy Policy, (8) other referenced documents.

17.2 Assignment

You may not assign the Contract without Fiskl’s prior written consent (not to be unreasonably withheld). Fiskl may assign the Contract to an affiliate, to a successor in connection with a merger, acquisition, reorganisation, or sale of all or substantially all of its business or assets, without consent.

17.3 Force majeure

Neither party is liable for failure or delay in performance (other than payment obligations) caused by events beyond its reasonable control, including acts of God, war, terrorism, civil unrest, pandemic, government action, internet outages, denial-of-service attacks, or third-party infrastructure failure.

17.4 Notices

Notices to Fiskl must be sent to legal@fiskl.com (legal notices) or feedback@fiskl.com (other notices), with a copy to Fiskl Limited, 6A Thirlmere Road, London, N10 2DN, United Kingdom. Notices to you may be sent to the email associated with your Account or delivered through the Fiskl Platforms.

17.5 Independent contractors

The parties are independent contractors. The Contract does not create any partnership, joint venture, agency, franchise, or employment relationship.

17.6 No third-party beneficiaries

Except as expressly provided, the Contract is not enforceable by any person who is not a party.

17.7 Waiver and severability

Failure to enforce a right is not a waiver. If any provision is held unenforceable, it will be modified to the minimum extent necessary to make it enforceable, and the remaining provisions will continue in effect.

17.8 Headings

Headings are for convenience only and do not affect interpretation.

17.9 Language

The English version of the Contract is the controlling version. Translations are provided as a convenience.

17.10 Counterparts and electronic signatures

Where signed, the Contract may be signed in counterparts and electronically.

18. Contact

Questions about these Customer Terms: legal@fiskl.com General support: support@fiskl.com or via the in-app help and Fi.

Effective: 15 March 2026

The post Customer Terms of Service first appeared on Fiskl.