Terms of Service

Terms of Service

Effective date: 23 April 2026

These Terms of Service apply to the use of the vahti.ai service provided by Vahti Service Oy. The Service is intended for business customers and is not intended for consumer use.

1. Scope and Parties

These Terms of Service apply to the use of the vahti.ai service (the “Service”). The Service is provided by Vahti Service Oy, Business ID 3598836-2, Kauppakatu 39, 40100 Jyväskylä, Finland (“Vahti Service Oy”).

The user of the Service is a company or other legal entity (the “Customer”). Individuals using the Service on behalf of the Customer are “Users”.

If a separate written agreement, offer, order confirmation or other order document has been agreed with the Customer, that document takes precedence over these Terms to the extent expressly agreed otherwise in that document.

2. Formation of the Agreement and Acceptance of Terms

The agreement is formed when the Customer registers for the Service, accepts an order, starts a trial period, accepts these Terms, or otherwise starts using the Service.

Use of the Service requires acceptance of and compliance with these Terms. The person accepting these Terms on behalf of the Customer represents that they have the right to represent the Customer and bind the Customer to these Terms.

Vahti Service Oy may record information about the acceptance of these Terms, such as the time of acceptance, accepted version of the Terms, the Customer’s organisation and details of the User who accepted the Terms.

3. Description of the Service

vahti.ai is a continuous security and compliance monitoring service for Microsoft 365 environments. The Service helps the Customer detect, monitor and prioritise security and compliance findings related to the Customer’s Microsoft 365 environment.

The Service may produce findings, risk classifications, recommendations, guidance, reports and other views based on data obtained from the Customer’s Microsoft 365 environment.

The Service is a support tool for decision-making and security management. Vahti Service Oy does not guarantee that the Service will detect all risks, vulnerabilities, incorrect settings, deviations or compliance deficiencies. The Service also does not guarantee that the Customer’s environment is secure, error-free, compliant or will pass an audit.

4. Registration, User Accounts and Access Rights

Use of the Service requires registration and creation of a user account. The Customer is responsible for ensuring that the information provided during registration is accurate, up to date and sufficient.

The Customer is responsible for the actions of its Users in the Service and for ensuring that Users have the necessary rights to use the Service on behalf of the Customer. The Customer is also responsible for protecting its user accounts, access rights and login credentials.

The Customer is responsible for appointing main users, administrators and other Users, managing access rights and removing outdated or unnecessary access rights. Access rights are personal and must not be shared with another person.

If the Customer grants access to the Service to a group company, consultant, subcontractor, partner or other external person, the Customer is responsible for the actions of that party and its Users as for its own actions.

The Customer must notify Vahti Service Oy without delay if the Customer suspects misuse of a user account, access right or Service-related credential.

5. Customer Responsibilities

The Customer is responsible for ensuring that:

• the Service is used in accordance with law, regulatory guidance and these Terms;
• the Customer has the right to provide the data, credentials, integrations and materials required for use of the Service;
• the Customer’s own systems, devices, user accounts and administrative practices are appropriately protected;
• the Customer independently evaluates the suitability of the findings and recommendations produced by the Service before taking any actions;
• the Customer does not provide unnecessary personal data, confidential information or other material to the Service where such material is not required for use of the Service;
• the Customer complies with the terms of Microsoft and other third-party services in its own use.

The Customer is responsible for its own Microsoft 365 environment, its settings, licences, access rights, administrative decisions and actions taken based on the Service. Vahti Service Oy does not make changes to the Customer’s environment without a separate agreement or the Customer’s explicit action.

6. Permitted and Prohibited Use

The Customer may use the Service only for its own internal business purposes.

The Customer and Users must not:

• use the Service unlawfully or in a way that infringes third-party rights;
• attempt to breach, disrupt, overload or circumvent the security or usage restrictions of the Service;
• investigate, scan or test the security of the Service without Vahti Service Oy’s prior written permission;
• copy, resell, rent, sublicense or otherwise commercialise the Service without Vahti Service Oy’s written permission;
• reverse engineer the software or structure of the Service, unless expressly permitted by mandatory law;
• use the Service to build, benchmark or design a competing service or for a similar purpose without Vahti Service Oy’s prior written consent;
• introduce malicious code or other material that may compromise the operation of the Service;
• use the Service in a manner that compromises the security or operation of the Service, other customers, subcontractors or third-party services;
• use the Service in violation of export controls, sanctions or other applicable restrictions.

7. Third-Party Services and Integrations

The Service may use third-party services and integrations, such as Microsoft services, cloud infrastructure, payment services and email delivery services. Such services may also be subject to their own terms, which the Customer must comply with where applicable.

The Customer’s Microsoft 365, Entra ID and other Microsoft environments are the Customer’s own services and are governed by the Customer’s own contractual relationship with Microsoft. Microsoft does not act as Vahti Service Oy’s sub-processor merely because the vahti.ai Service is integrated with the Customer’s Microsoft environment using access rights granted by the Customer.

Vahti Service Oy is not responsible for the operation, availability, changes, pricing, licence terms, access rights, interfaces or errors of Microsoft or any other third-party service to the extent the cause lies with that third-party service.

If a third-party service, interface, term or technical functionality changes or ceases to be available, Vahti Service Oy has the right to modify the Service accordingly.

8. Intellectual Property Rights

All rights related to the Service, its software, user interface, documentation, trademarks, methods, models, risk logic and other materials belong to Vahti Service Oy or its licensors. No intellectual property rights are transferred to the Customer under these Terms.

During the term of the agreement, the Customer receives a limited, non-exclusive, non-transferable and non-sublicensable right to use the Service for its own internal business purposes.

If the Customer provides Vahti Service Oy with feedback, development suggestions or ideas regarding the Service, Vahti Service Oy may use them to develop the Service without separate compensation or obligation to the Customer.

9. Customer Data and Rights to Use It

The Customer or its licensors own the data that the Customer provides to the Service, that is made available through the Service or that is generated in the Service and relates to the Customer. Vahti Service Oy does not obtain ownership of Customer data.

The Customer grants Vahti Service Oy and its subcontractors the right to process Customer data to the extent necessary to provide, maintain, protect and support the Service, handle billing, perform the agreement and ensure the quality of the Service.

Vahti Service Oy may process Customer data to provide, maintain and protect the Service, troubleshoot issues, provide customer support, and develop the quality and detection logic of the Service. Processing is limited to what is necessary to ensure the operation, security and quality of the Service.

Vahti Service Oy does not use Customer data for the identifiable benefit of other customers, does not sell Customer data and does not disclose it to third parties except as permitted by the agreement, the Data Processing Agreement or law.

Vahti Service Oy may use statistical, aggregated, anonymised or otherwise non-identifiable information generated from use of the Service for service development, analytics, improving security and reporting, provided that the Customer or any natural person cannot be identified.

Upon termination of the agreement, the Customer has the right to request export of reasonably available Customer-related data within 30 days of termination. Thereafter, Vahti Service Oy may delete the data in accordance with the Data Processing Agreement and its retention practices.

10. Privacy and Security

Vahti Service Oy processes personal data in accordance with applicable data protection legislation.

To the extent Vahti Service Oy processes personal data for its own purposes, for example in connection with customer relationships, billing, the website, enquiries or customer communications, Vahti Service Oy acts as the controller. This processing is described in more detail in Vahti Service Oy’s Privacy Policy: Privacy Policy.

To the extent Vahti Service Oy processes personal data on behalf of the Customer to provide the vahti.ai Service, the Customer acts as the controller and Vahti Service Oy acts as the processor. This processing is automatically governed by Vahti Service Oy’s Data Processing Agreement (DPA), which forms part of these Terms: Data Processing Agreement (DPA).

Vahti Service Oy implements technical and organisational security measures appropriate to the nature of the Service. The Customer is responsible for the security of its own Users, access rights, devices, Microsoft 365 environment and other systems.

Sub-processors used in the Service are described on a separate sub-processors page: Subprocessors.

11. Prices, Billing and Payment Terms

The current prices, billing periods and available service packages are presented to the Customer during registration, activation or another order process. Unless otherwise stated, prices are in euros and applicable value added tax will be added.

The Service may be billed monthly or annually. Pricing may consist of a fixed base fee and a user-based fee based on billable Microsoft 365 users. The number of billable users is determined by Vahti Service Oy’s backend logic in accordance with the commercial model of the Service.

Payments may be charged from the Customer’s selected payment method through a third-party payment service, such as Stripe. The Customer is responsible for ensuring that payment and billing information is accurate and up to date.

Removing a payment method or the expiry of a payment card does not by itself terminate the subscription or remove the Customer’s obligation to pay fees that have already accrued.

If a payment fails or Stripe marks the subscription as past_due, unpaid or canceled, Vahti Service Oy has the right to restrict access to or suspend the Service if the Customer does not remedy the payment issue within a reasonable time after being notified.

Unless mandatory law requires otherwise, the Service may be suspended no later than 7 days after notice or earlier if Stripe marks the subscription as terminated or unpaid and continued provision of the Service is not commercially justified.

12. Trial Periods

Vahti Service Oy may offer a trial period for the Service. Unless otherwise stated, the trial period is 7 days.

Starting a trial requires adding a payment method in advance. If the Customer does not cancel the subscription before the end of the trial period, a paid subscription will automatically start after the trial period in accordance with the Customer’s selected service package and billing period.

During the trial period, the Service may be provided with limited features, usage volumes or support services. Vahti Service Oy may end the trial period or restrict its use if the Service is misused or used in breach of these Terms.

13. Term, Termination and Expiry

The agreement enters into force when the Customer registers for the Service, accepts an order or starts using the Service.

The agreement remains in force according to the selected subscription period. A monthly subscription renews monthly and an annual subscription renews annually, unless the Customer cancels the subscription before the beginning of the next billing period or unless otherwise agreed.

The Customer may terminate the subscription through account management in the Service or by another method indicated by Vahti Service Oy. Fees already paid will not be refunded unless required by mandatory law or a separately agreed term.

Vahti Service Oy may terminate the agreement or suspend the Service if the Customer materially breaches these Terms, misuses the Service, compromises the security of the Service or other customers, fails to pay fees, or if provision of the Service cannot reasonably be continued.

Either party may terminate the agreement with immediate effect if the other party is declared bankrupt, enters restructuring proceedings, becomes insolvent or otherwise ceases to conduct its business in all material respects.

14. Changes and Interruptions to the Service

Vahti Service Oy continuously develops the Service and may change the Service’s features, user interface, technical implementation, integrations, pricing and documentation.

Vahti Service Oy aims to notify the Customer of material changes within a reasonable time in advance where practically possible. The Service may be subject to planned or unplanned downtime, for example due to maintenance, updates, security measures, capacity issues, errors or third-party services.

Vahti Service Oy has the right to suspend the Service or restrict its use immediately if necessary to protect the security, availability or integrity of the Service, the Customer, other customers, subcontractors or third-party services.

Vahti Service Oy does not guarantee any specific availability, service level or response time for the Service unless separately agreed in writing.

15. Artificial Intelligence and Automated Recommendations

The Service may use artificial intelligence, machine analysis or automated methods to explain findings, produce recommendations, generate guidance or improve usability of the Service.

Content produced by artificial intelligence or automated analysis is supportive information. It is not a legal, technical, security or compliance decision, guarantee or final assessment. The Customer is responsible for assessing the suitability of recommendations for its own environment before making decisions or taking actions based on them.

Findings, risk classifications and recommendations produced by the Service may be based on available information, Microsoft interfaces, the Customer’s licences, access rights, settings and technical limitations. For this reason, they may be incomplete, change over time or differ from the Customer’s own assessment.

The Service does not make automated decisions that produce legal effects concerning the Customer or a data subject. AI-assisted content produced by the Service is information used to support the Customer’s decision-making.

16. Beta, Preview and Experimental Features

Vahti Service Oy may provide beta, preview, early access or other experimental features in the Service. Such features may be incomplete, change, be removed or contain errors.

Experimental features are provided as is and are not subject to separate warranties, service levels or permanence unless otherwise agreed in writing. The Customer uses experimental features at its own discretion.

17. Limitations of Liability

Vahti Service Oy is not liable for indirect or consequential damages, such as loss of revenue, profit, savings, business opportunities, reputation, data or use, unless mandatory law requires otherwise.

Vahti Service Oy is not liable for damage caused by the Customer’s own actions, omissions, incorrect information, insufficient access rights, changes in the Microsoft 365 environment, third-party services, or the Customer using the findings or recommendations of the Service without its own assessment.

The Service is provided without warranty that it will be uninterrupted, error-free, complete or suitable for all of the Customer’s specific purposes, unless otherwise agreed in writing.

18. Maximum Liability

Vahti Service Oy’s total liability to the Customer under these Terms, the Service or the contractual relationship is limited to the amount of service fees paid by the Customer to Vahti Service Oy during the 12 months preceding the event giving rise to the damage, subject to a minimum of EUR 2,000 and a maximum of EUR 10,000.

If the Customer has used the Service for less than 12 months, the liability cap is calculated based on fees paid during the term of the agreement, subject to the minimum and maximum amounts stated above.

During a trial or other free use, Vahti Service Oy’s total liability is limited to EUR 500.

The above limitations of liability do not limit liability to the extent such liability cannot be limited under mandatory law, for example in cases of intent or gross negligence.

19. Confidentiality

The parties undertake to keep confidential information received from each other confidential. Confidential information means information that has been marked as confidential or that should be understood as confidential based on its nature or the circumstances of disclosure, including Customer data, non-public features of the Service, technical information, pricing, business information and security information.

Confidential information may be used only to perform the agreement. It may be disclosed only to employees, advisers, subcontractors or other representatives who need to know the information and who are bound by a corresponding duty of confidentiality.

The confidentiality obligation does not apply to information that is generally available without breach of the agreement, that the receiving party has lawfully received from a third party without a duty of confidentiality, that the receiving party has independently developed without using confidential information, or that must be disclosed under law or an order of an authority or court.

The confidentiality obligation remains in force during the term of the agreement and for three years after its termination. For trade secrets, the confidentiality obligation continues for as long as the information qualifies as a trade secret under applicable law.

20. Force Majeure

A party is not liable for delay or damage caused by an event beyond the party’s reasonable control that the party could not reasonably have foreseen or prevented.

Force majeure events may include, for example, war, terrorist act, natural disaster, pandemic, labour dispute, order of an authority, widespread telecommunications or power outage, cyberattack, widespread cloud service disruption or other similar event beyond the party’s control.

The affected party must notify the other party of the force majeure event without undue delay. If the force majeure event continues for more than three months, either party has the right to terminate the agreement.

21. Notices

Notices related to these Terms may be delivered by email, in the Service or by another verifiable written method.

Notices to Vahti Service Oy must be sent to contact@vahti.ai. Notices to the Customer may be sent to the contact or billing email address provided by the Customer in the Service.

The Customer is responsible for keeping its contact and billing information up to date.

22. Assignment

The Customer may not assign the agreement or its rights under it to a third party without Vahti Service Oy’s prior written consent.

Vahti Service Oy may assign the agreement and its rights and obligations under it to a group company, buyer of the business or in connection with a corporate transaction, provided that the assignment does not materially weaken the Customer’s position.

23. Governing Law and Dispute Resolution

These Terms and use of the Service are governed by the laws of Finland, excluding its conflict of law rules.

The parties aim to resolve disputes primarily through negotiations. If a dispute cannot be resolved through negotiations, it will be resolved by the competent Finnish general court.

24. Changes to the Terms

Vahti Service Oy may change these Terms due to changes in the Service, legislation, business, security or technical requirements.

Material changes will be notified to the Customer within a reasonable time in advance, for example by email, in the Service or on the website. If the Customer continues to use the Service after the changes take effect, the Customer is deemed to have accepted the changes.

If a change materially weakens the Customer’s position, the Customer has the right to terminate the Service so that it ends by the effective date of the change.

25. Miscellaneous

If any provision of these Terms is found to be invalid or unenforceable, this does not affect the validity of the remaining provisions. The invalid or unenforceable provision will, where possible, be replaced by a provision that corresponds as closely as possible to the purpose of the original provision.

A party’s failure to immediately exercise any right under these Terms does not constitute a waiver of that right.

26. Contact Details

Vahti Service Oy
Business ID: 3598836-2
Kauppakatu 39, 40100 Jyväskylä, Finland
Email: contact@vahti.ai