Terms of service

Agreement for Aito.ai Online Services

Updated 13 January 2020

This Agreement for Aito.ai Online Services (the “Agreement”) including its appendices listed below constitutes the entire agreement between the Customer or You and Aito Intelligence Oy (”Supplier”, “we”, “our” or “us”), regarding your use of our services specified in the Agreement (the software, and services are collectively referred to as the “Service”). Please read these Terms carefully. The term “You” shall also include Your employees or other authorized users to the extent applicable and permitted under Your subscription of the Service.

Service & Pricing

Aito.ai is a Software-as-a-Service, where the Aito platform is managed by us. You will get an API endpoint that exposes all the functionality provided by the platform. The service is mainly intended as a secondary index for Machine Learning functionality. Aito.ai is not meant to be used as the main datastore or data warehouse.

Aito.ai operates the service, which includes managing the servers and resources needed by the service as a whole, as well as individual customer environments. Customer support is provided on a best effort basis.

The service does not include consultancy or implementation work on behalf of or for the customer.

Average monthly Service Fee for Aito Intelligence’s standard customer is 500 – 2 000 EUR (Excluding VAT). Monthly invoiced Service Fee depends on the amount of API requests and the capacity of the environment.

The Service, Service Fees and other prices are specified in the Pricing and Service Description documents attached to this Agreement.

Payment Method & Schedule

Aito Intelligence Oy shall invoice the Service monthly. Payment term is 14 days from the date of invoice.


Both Parties may use the other Party’s graphical logo(s) and company name(s) on its website and in marketing materials to represent that the other is a customer or supplier, as applicable, and shall respect any procedures and/or guidelines provided by the other Party for the use of such graphical logo.

Annexes, Term etc.

The following appendices forms an inseparable part of and is governed by the terms of this Agreement:

Annex 1: Service Description
Annex 2: Terms of Service
Annex 3: Pricing
Annex 4: Personal Data Processing Agreement

In the event of any conflicting terms in the Agreement and its appendices, the Agreement shall take precedence over the appendices, except in any matters relating to the processing of personal data, in which case Appendix 4 (Personal Data Processing Agreement) shall take precedence.

By accepting this Agreement by means of a click-through and/or by an account registration and/or by accessing or using the Service, You represent and warrant that You have read, understand and agree to be bound by this Agreement. If You are not satisfied with the Service the subscription can be cancelled at any time. The invoicing will also be discontinued at the start of the next full day.

Any notifications under or in relation to scope, prices, term or termination of this Agreement shall be sent by registered letter or e-mail to the parties’ respective contact person.

Annex 1: Service Description


Aito.ai is a Software-as-a-Service, where the Aito platform is managed by us. You will get an API endpoint that exposes all the functionality provided by the platform. The service is mainly intended as a secondary index for Machine Learning functionality. Aito.ai is not meant to be used as the main datastore or data warehouse.

Aito.ai operates the service, which includes managing the servers and resources needed by the service as a whole, as well as individual customer environments. Customer support is provided from Monday to Friday between 08:00 – 17:00 (local time in Finland) when support requests are attended promptly. Exceptional and demanding incidents and problems are managed on a best effort basis.

The service does not include consultancy or implementation work on behalf of or for the customer.

Subscription and Termination

Aito SaaS is subscription based. Once you subscribe, you will get your own endpoint and the access keys for it within the next working day in Finland. We're working on our full self-service tool, but for now we ask you to contact us at support@aito.ai and provide us with contact details. We will contact you back.

The paid subscription is invoiced on a per day basis, meaning that we will count your invoicing balance per every 24h of use. If you are not satisfied with us the subscription can be cancelled at any time by contacting Aito support through support@aito.ai. The invoicing will be discontinued at the start of the next full day. The day is calculated against the wall-clock time of your subscription start. The invoices are sent to you on a monthly basis.

What We Provide to You

An Aito subscription will always contain all the functionality the platform offers. We are constantly improving the old features as well as implementing new ones, and you are entitled to using the latest version of the software. The upgrades are done automatically during the maintenance window each week.

The Aito platform is built around the privacy of your data. The data you store in the database is your own, and we don't use it or look at it without explicit permission from you. We don't log data in the customer messages, nor do we gather any statistics of the internals of your data. We, however, will monitor the API-usage (quantity of calls, response times, message sizes) in order to guarantee the quality of service for you, as well as to improve the service for the future.

We are interested to hear about bugs, feature requests or any other feedback. We aim to improve the service, but features we implement, even on request will be made available to all our customers on the same terms.

We have a public customer support channel in Slack. We also offer support and answer questions by email in support@aito.ai.

What We Expect from You

You, as our customer, are responsible for the actual data being stored in Aito. This means you need to have the permissions to store and use the data in Aito. In GDPR terms you are the Controller of the data, responsible for how, when and why you process the data. Under GDPR Aito is the Processor, i.e. we provide the software for you, but do not use the data in any way, besides making sure it's available for your use.

Aito must not be used for purposes, which are illegal. We reserve the right to terminate the subscription immediately without prior notice and notify the police if the service is used for any illegal purposes.

We also expect you to make sure you use Aito in a way that does not harm or disturb other users of the service. Any purposeful attempts to break the software, circumvent any security measures in place, or to Aito in a way that can be interpreted as malice will lead to immediate termination of the subscription. We will also report any such incidents to the authorities.

We also expect that you notify us immediately in case you notice that someone is acting malevolently in your name, e.g. if your software has been cracked, or someone else is causing you harm. We do our best to solve the problem for you.

Limits on the Use of Service

The limits to the service usage are set to guarantee the level of the service, both for individual users as well as for the collective of all users. There are soft limits, which are monitored but do not immediately prevent usage, and hard limits which cannot be exceeded.

Hard Limits of the Service

CPU and RAM constraints are reserved, and thus in effect hard limits. The environment cannot use more than the allocated share of RAM or CPU capacity. While the exact amount is not public information, we aim to always guarantee sufficient capacity for the size of the data you have reserved.

The number of API calls is limited on a daily basis, as well as setting burst and rate limits for momentary use.

Daily API Call Limit

The daily limit of API calls is set to 40.000 (40k) calls per day, per environment, corresponding roughly to 28 requests per minute.

The burst limit restricts the momentary number of calls to the API and is set to 50 requests per second. This is the highest allowed throughput within one to a few seconds. The calls are also counted against the weekly limit.

The rate limit, i.e. the average requests per second for an extended period of time, is set to 10 requests per second. The calls are counted against the weekly limit.

In summary:

Max calls per day1 000 000The cumulative number of requests within a wall-clock day
Short time burst limit500 rpsThe momentary max burst rate (within a few seconds)
Average rate limit100 rpsSteady rate limit, averaged over a longer period of time (minutes)

The limits are enforced, but configurable. Contact support@aito.ai if you want to change the allowed throughput.

Technical Limits

Payload size is limited to 10MB per message. This includes data and all headers. For uploading larger datasets to the database, the file upload API can be used to overcome this limit.

Queries must be completed within 29 seconds, or they will time out.

API access limits cannot be enforced on an IP or hostname basis. The authentication is based on an API key. The API is served only over HTTP.

Service Level

We reserve the right to interrupt the service for maintenance purposes, but the downtime will not exceed 30 minutes on any given day during business hours (Finland 08:00 – 20:00). This also includes any unexpected interruption due to problems in the service or the software (excluding force majeure reasons).

Normal maintenance is performed outside business hours (Finland 08:00 - 20:00).

Annex 2: Terms of Service

This Annex 2: Terms of Service (the “Terms”) is an annex to and forms an inseparable part of the Agreement for Aito.ai Online Services (the “Agreement”) between the Customer or You (as defined in the Agreement) and Aito Intelligence Oy (”Supplier” or “we,” “our” or “us” ), regarding your use of our services specified in the Agreement (the software, and services are collectively referred to as the “Service”). Please read these Terms carefully. The term “You” shall also include Your employees or other authorized users to the extent applicable and permitted under Your subscription of the Service.

1. Definitions

Confidential Information means any information and material in whatever form disclosed to one Party by the other Party and either marked as confidential or should be understood to be confidential.

Customer Data means information or material transferred by the Customer to Service or information or material otherwise provided or made available to the Supplier for Customer’s benefit and for purposes of the Service or other information or material specified as Customer Data by the Parties.

Customer Support shall mean the support functions provided by the Supplier to the Customer as further specified in Section 9.

Effective Date is the date when You have accepted to be bound by the Agreement by means of a click-through and/or by an account registration and/or by accessing or using the Service.

Intellectual Property Right means any and all patents, utility models, designs, copyright, domain names, trademarks, trade names and any other intellectual property rights, whether registered or not and applications for any of the aforementioned respectively as well as any trade secrets.

Service means the agreed fee which covers the provision of the Service for the term of these Terms.

User means personnel and contractors of the Customer and any third parties acting on Customer’s behalf for the Customer’s normal business purposes during the term of these Terms.

2. Eligibility

The Service is not intended for users that are consumers (being an individual acting primarily for purposes other than a trade, business or profession) and the applicability of consumer protection legislation is therefore excluded. You must be 18 years of age or older to enter into this agreement and use the Service. You represent and warrant that any information You submit is true and accurate and that You are 18 years of age or older and are fully able and competent to enter into, and abide by these Terms.

3. Purpose of the Agreement

The Customer acquires access to the Service provided by the Supplier and the Supplier grants the access pursuant to the terms and conditions of these Terms.

4. Supplier Responsibilities

The Supplier undertakes to perform the tasks for which it is responsible in conformity with these Terms, with due care and with the professional skills reasonable expected from an experienced service provider.

The Supplier shall deliver to the customer in writing the necessary API keys and other instructions for operating the environment.

5. Customer Responsibilities

The Customer shall notify the Supplier immediately of any unauthorized use of the Service or any other known or suspected breach of security.

6. Grant of Access to the Service

Customer shall not transfer, lease, loan, resell, distribute or otherwise make the Service or materials contained in the Service available in whole or in part in any form whatsoever to any third parties.

Customer shall not attempt to gain access to any parts of the Service to which the Customer has not acquired access rights nor will the Customer attempt to modify, copy, decompile, adapt, reverse engineer or otherwise attempt to derive the source code of the Service or any computer software programs the Service is based upon.

7. Free trial

The Supplier may at its sole discretion offer You free trials for selected features of the Service or a limited time trial period of the entire Service. Once Your free trial period ends, Your ability to access the Service will terminate. The Supplier reserves the right to determine if You are eligible for a free trial and to discontinue any free trial without notice at its sole discretion.

8. Service Content and Service Levels

The Service and content of the Service are set forth in the Service Description (Annex 1) attached to the Agreement.

9. Customer Support

The Supplier shall provide the Customer with reasonable technical and use related Customer Support on a best efforts basis, using the means and channels in its sole discretion. The Supplier shall separately communicate the support channels and appropriate contact details to the Customer.

For the avoidance of doubt, the Supplier shall not be obliged under these Tems to provide support, assistance or maintenance concerning third party equipment or software.

10. Changes to the Service

The Supplier shall be entitled to make such a change to the Service that is necessary to prevent or mitigate severe technical issue or data security risk to the Service. If the supplier makes a change to the Service due to technical issue or data security risk and which has an effect on the Service, the Supplier shall inform the Customer of the change in good time before making it or, if this is not reasonably possible, without delay after the Supplier has learned of such matter.

The Supplier shall be entitled to make a change to the Service other than specified above in this Section after notifying the Customer in advance. If the contemplated change has a material effect on the content of the Service or the agreed Service Level, the Supplier must inform the customer about the change in writing at least 30 days before the effective date of the change. In such case the Customer may terminate the Agreement in writing taking effect immediately (or a certain date indicated in the notice of termination, that must not be later than three (3) months from the notice of termination). The Customer shall deliver the notice of termination during seven (7) days as of the effective date of the change. Changes to the content of the service are communicated through the Spectrum channel.

11. Suspension of the Service

The Supplier shall have the right to suspend delivery of the Service for scheduled maintenance breaks as notified to the Customer at least 14 days in advance.

The Supplier shall have the right to suspend delivery of the Service due to installation, change or maintenance work of general data network outside Supplier’s control or due to severe data security risk to the Service or if required by mandatory law or competent authorities.

The Supplier shall have the right to prevent Customer’s access to the Service without prior notice, if the Supplier reasonably suspects that the Customer burdens or uses the Service in such a manner as to jeopardize the delivery of the Service to other users.

The Supplier shall also have the right to restrict the Customer’s access to and use of the Service in cases where the customer’s momentary or long-term use of the Service causes unexpected or unreasonable stress on the Service and its background systems. The Supplier reserves the right to specify such unexpected on unreasonable use but shall base its assessment i.e. on the technical limits outlined under the Service Description above.

We may at any time suspend or terminate Your access to the Service if we have reason to believe that You are not complying with applicable laws, these Terms or You are otherwise abusing the Service or if Your payment of the Service fee is delayed by more than 30 days from the due date despite a written reminder.

12. Prices and Terms of Payment

The Service Fees and other prices are specified in the Pricing document and the Service Description attached to the Agreement (appendices 2 and 3).

The Supplier may change the prices by giving the Customer prior written notice 60 days in advance. The price change has no effect on payments which are due before the change becomes effective.

Unless otherwise agreed in writing, the prices specified in the Agreement shall include all public charges determined by the authorities and effective on the Effective Date, with the exception of value added tax. Value added tax shall be added to the prices in accordance with the then current regulations.

The terms of payment are 14 days net from the date of the invoice. Interest rate for any delayed payment shall be 7% p.a.

13. Subcontractors

The Supplier may engage subcontractors to perform the Service under the Agreement, provided that The Supplier remains fully liable for any actions of such subcontractor, as if the work had been carried out by The Supplier itself. The Supplier shall ensure that its subcontractors comply with the confidentiality provisions specified in the Section 14.

14. Confidentiality

Each Party shall keep in confidence all Confidential Information and shall not disclose the Confidential Information to any third party or use the Confidential Information for any purpose other than for the purpose of the Agreement.

A receiving Party shall have the right to:

a) copy Confidential Information only to the extent necessary for the purpose of the Agreement; and

b) disclose Confidential Information only to those of its employees and subcontractors fulfilling the obligations of the Agreement who need to know the Confidential Information for the purpose of the Agreement.

c) disclose Confidential Information to its own legal and financial advisors provided that such advisors are bound by the confidentiality provisions at least as restrictive as contained in this Section 14.

Notwithstanding the foregoing the confidentiality obligation shall not be applied to any material or information:

a) which is generally available or otherwise public other than by a breach of the Agreement on the part of the receiving Party; or

b) which the Party has received from a third party without any obligation of confidentiality; or

c) which was in the possession of the receiving Party prior to receipt of the same from the other Party without any obligation of confidentiality related thereto; or

d) which a Party has developed independently without using material or information received from the other Party; or

e) which a Party shall disclose pursuant to a law, decree, or other order issued by the authorities or judicial order.

Each Party shall cease using Confidential Information received from the other Party promptly upon termination of the Agreement or when the Party no longer needs the Confidential Information in question for the purpose of the Agreement and, unless the Parties separately agree on the destruction of such material, return the material in question and all copies thereof. Each Party shall, however, be entitled to retain copies required by law or regulations.

Each Party warrants the observance and proper performance of this Section 14 by all of its subcontractors and other parties to which Confidential Information has been disclosed.

Each Party is entitled to use the professional skills and experience acquired in connection with the Agreement.

The rights and obligations under this Section 14 shall survive the termination or expiration of the Agreement and shall remain in force for a period of 5 years from the Effective Date, or if the Confidential Information is disclosed after the Effective Date, for a period of 5 years from the date of disclosure.

15. Force Majeure Event

Force Majeure Event means any failure by a Party to perform its obligations under these Terms caused by an impediment beyond its control, which it could not have taken into account at the time of the conclusion of these Terms, and the consequences of which could not reasonably have been avoided or overcome by such Party. If not proven otherwise such impediments may include, but are not limited to, acts of government in its sovereign or contractual capacity, fires, disturbance of data networks, floods, epidemics, quarantine restrictions, strikes, lock-outs, industrial disputes, riots, acts of terror or specific threats of terrorist activity, transportation or energy. Strike, lock-out, boycott and other industrial action shall constitute a Force Majeure Event also when the Party concerned is the object or a party to such an action.

Neither Party shall be liable for delays and damages caused by a Force Majeure Event.

A Force Majeure Event suffered by a subcontractor of a Party shall also discharge such a Party from liability if subcontracting from other source cannot be made without unreasonable costs or a significant loss of time.

A Party shall notify the other Party in writing without delay of a Force Majeure Event. The Party shall correspondingly notify the other Party of the termination of a Force Majeure Event.

16. Intellectual Property Rights

The Intellectual Property Rights to the Service and any amendments, modifications, new versions thereto shall belong to the Supplier. The product names associated with the Service are service marks and trademarks of the Supplier or third parties, and no right or license is granted to use them. These Terms does not grant the Customer any rights of ownership in or related to the Service or the Intellectual Property Rights owned by the Supplier. The Customer acknowledges that, except as specifically provided under these Terms, no other right, title, or interest is granted.

The Intellectual Property Rights and the title to the Customer Data shall belong to the Customer.

These Terms has no effect on the Intellectual Property Rights each Party had prior the Effective Date. These Terms shall not give a Party any direct, indirect or implied right or license to use or otherwise exploit Intellectual Property Rights belonging to the other Party.

17. Infringement of Third Party Rights

The Supplier will defend, indemnify and hold harmless Customer, its representatives, subsidiaries, affiliates and customers from and against any costs, damages, expenses, and liabilities (including, but not limited to, reasonable attorneys’ fees) arising out of or in relation to any claims or actions regarding infringement of a third party’s intellectual property rights due to Customer’s use of the Service. The obligation by the Supplier only applies under the condition that Customer has notified the Supplier in writing of a claim or action within a reasonable time. In case such third party claim is made or is likely to be made, the Supplier is responsible, at its own cost, for obtaining any necessary rights for Customer to continue to use the Service under these Terms or replace or modify the infringing part of the Service to be non-infringing without decreasing functionality. If all Services provided under these Terms are affected and terminated, the Agreement shall be considered terminated in its entirety.

The liability of the Supplier for infringement of Intellectual Property Rights shall be limited to this Section 17.

18. Feedback

The Customer may from time to time provide suggestions, comments or feedback (“Feedback”) with respect to the Service or Confidential Information provided originally by the Supplier. The Customer agrees that all Feedback is voluntary and, even if marked as confidential (unless subject to a separate written agreement), will not create a confidentiality obligation for the Supplier. The Supplier will be free to use, disclose, reproduce, license or otherwise distribute such Feedback, without obligation or restriction of any kind with relation to a Party’s Intellectual Property Rights or otherwise. Notwithstanding the above, no right shall be granted to any Intellectual Property Rights that were in existence prior to the Effective Date.

19. Customer Data

The data the Customer stores in the database is Customer’s own, and the Supplier does not process it without explicit request or permission from the Customer. However, the Supplier may process Customer Data for the purposes of the Agreement and provisioning of the Service (e.g. providing customer support). The Supplier shall not log data in the Customer messages, nor gather any statistics of the internals of Customer Data.

The Supplier, however, will monitor the API-usage (quantity of calls, response times, message sizes) in order to guarantee the quality of service for the Customer, as well as to improve the service for the future.

The Customer shall be responsible for Customer Data and for ensuring that the Customer Data does not infringe third party Intellectual Property Rights or violate any legislation in force from time to time. In case of breach of the aforementioned, the Customer will be responsible for, and will indemnify and hold the Supplier harmless from all claims, suits, proceedings, losses, liabilities, damages, costs and expenses (including reasonable attorneys’ fees) made against or incurred by the Supplier.

The Supplier’s responsibility to retain the Customer Data terminates 60 days from termination or expiration of the Agreement, after which the Supplier shall at its own expense destroy the Customer Data unless the Customer has requested delivery of the Customer Data. However, the Supplier shall be entitled to destroy or retain the Customer Data to the extent required by law or regulation by a competent authority.

20. Term and Termination

These Terms shall become effective on the Effective Date and shall stay in effect until further notice.

Either Party may terminate the Agreement in writing taking effect immediately (or a certain date indicated in the notice of termination, that must not be later than three (3) months from the notice of termination) if the other Party

a) commits a material breach of its obligations under the Agreement and does not remedy such breach within thirty (30) days of receiving notice of breach from the non-breaching party; or

b) enters into bankruptcy, becomes insolvent or makes an assignment for the benefit of creditors.

Upon the termination or expiration of the Agreement, You must immediately stop using the Service.

21. Warranties



22. Limitation of Liability

The aggregate total liability of a Party towards the other Party in respect of any cause of action relating to or arising out of these Terms shall not exceed the amount paid by the Customer under these Terms during the last 6 months prior to the cause for the claim has arisen.


Both Parties shall be responsible for taking back-up copies of data and data files and for verifying the functionality of such back-up copies. Neither Party shall be liable for the loss of, damage to, nor alteration of data or data files of the other Party due to any cause and the resulting damages and expenses incurred, such as expenses based on the re-creation of data files. However, in the case of the loss of Customer’s data or data files, the Supplier will give all reasonable support to the Customer restoring the data loss. The Supplier will provide this support without any additional fees or charges.

The limitations of liability shall not apply to:

a) damages caused by willful misconduct or gross negligence; or

b) breach of confidentiality provisions in Section 14; or

c) claims and costs covered by Section 16.

d) damages caused by breach of other Party’s intellectual property rights.

23. Assignment

Neither Party shall have the right to assign the Agreement or any of its rights or obligations hereunder to any third party without the prior written consent of the other Party. Notwithstanding the foregoing, each Party may transfer its receivables under these Terms to a third party.

The Supplier may transfer the Agreement and the rights and obligations hereunder to such a third party to which the business activities related to the Agreement has been transferred.

24. Applicable Law; Dispute Resolution

These Terms and all matters arising out of or in connection with these Terms shall be interpreted, construed and governed exclusively in accordance with the laws of Finland without reference to its choice of law rules. The United Nations Convention on Contracts for the International Sale of Goods done at Vienna April 11, 1980 is excluded.

In the event no settlement can be reached by means of negotiations, any dispute, controversy or claim arising out of or relating to these Terms, or the breach, termination or validity thereof shall be finally settled by arbitration in accordance with the Rules for Expedited Arbitration of the Finnish Central Chamber of Commerce. The arbitration shall take place in Helsinki, Finland. The arbitration shall be conducted, and the arbitration award shall be given in the English language. The Parties agree that the arbitration procedure and all thereto related material and information shall be treated as Confidential Information in accordance with section 14 of these Terms.

The Parties have nevertheless right to claim for outstanding receivables under these Terms at the courts of the other Party’s registered domicile.

25. Other Provisions

Both Parties act in their own name and on their own behalf. Neither Party has a right to enter into any agreements or other commitments on behalf of the other Party.

A failure of a Party to insist upon the performance of any or more of the terms or conditions of these Terms or a waiver of any term or condition of these Terms will not be deemed to be a waiver of any rights or remedies the Party may have in subsequent similar situations.

If any provision in these Terms is found or becomes invalid, unlawful, or unenforceable to any extent, the provision in question will be severed from the remaining provisions of these Terms, which will continue to be valid and enforceable to the fullest extent permitted by law.

The section headings and titles in these Terms are for convenience only and have no legal or contractual effect. Any provision in these Terms that by its nature should survive the termination of Your license to access the Service or any termination of these Terms (including, without limitation, provisions governing, limitations on liability, disclaimers of warranty, and ownership of intellectual property) will continue to remain in full force and effect after any such termination.

No modification of this Agreement will be valid unless in writing.

Annex 3: Pricing

1. General

Aito’s pricing is based on two parameters:

1) the capacity being used by your environment and

2) the number of API-requests you perform.

The invoiced cost of the service is the sum of these two separate parts.

The pricing is calculated with an SLA-guarantee, so if we fail to meet the SLA during a given day, we charge neither infrastructure cost nor API-requests for that day.

2. Price calculator

The price for an environment is calculated with the pricing tool, which is available on the website and also as a public NPM-module and in Github.

A few pricing examples can be found below.

3. Reserved capacity

Since we guarantee the responsiveness and stability of your environment, we keep capacity reserved for it throughout the subscription. The reserved capacity is based on the amount of data you store in the database, and it is calculated and recorded daily. This amount is calculated based on the actual size of the JSON data you have stored in the database. This translates to the cumulative size for each row of (unformatted JSON) data in every table in the database. We will report this to you with the invoices, so you can see the basis for the cost calculation.

We charge you for the max amount of data stored per day. The minimum reservation is 1GB, corresponding to 6€/day. The following limits are stacked, so storing 3GB costs 6€ for the first gigabyte, and 3€ for the second, and 2€ for the third, leading to a total of 11€/day.

Amount of data (max within a day)Daily price
- 1GB6€/GB
1 - 2GB3€/GB
2 - 4GB2€/GB
4 - 8GB0.75€/GB
8 - 16GB0.375€/GB

4. API-requests

We will calculate the number of individual API-requests per month, and invoice you based on the total number. The infrastructure cost includes 1000 API-requests, which will be free of charge.

The maximum price per API-requests is 1 (euro-) cent (¢), but the volume discounts apply.

If you plan to use the API with over 10M calls per month, you should contact us at support@aito.ai to discuss individual rates.

The prices are calculated per bracket, so 10001 API requests will be priced, with 1000 0¢ + 9000 1¢ + 1*0.6556¢ = 9000.6556¢ = 90.01€.

# API-requestsPrice per request
0 - 10000¢/req
1000 - 100001 ¢ /req
10k - 100k0.6556 ¢/req
100k - 1M0.11 ¢/req
1M - 10M0.0211 ¢/req

Annex 4: Personal Data Processing Agreement

1. Introduction

This Personal Data Processing Agreement (”DPA”) is an inseparable part of the Agreement between Aito Intelligence Oy (”Aito”) and the Customer.

The agreed Service delivery may include processing of personal data by Aito and its subcontractors, on behalf of the Customer, within the scope described in the Agreement. The purpose of this DPA is to set the terms and conditions governing such processing by Aito on behalf of the Customer in compliance with the requirements set by the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection legislation.

Aito may process personal data solely to the extent necessary for the provision of the Services set forth in the Agreement, and may not otherwise process or use personal data for purposes other than those set forth in this DPA or as reasonably instructed by the Customer in writing where such instructions are consistent with the terms of the Agreement. This DPA shall take precedence over conflicting provisions relating to processing of personal data in the Agreement, unless otherwise expressly stated in this DPA.

By accepting the Agreement, Customer enters into this DPA on its own behalf and on behalf of those of the Customer’s group companies that function as a controller with respect to personal data being processed by Aito under this DPA and the Agreement between Aito and the Customer. The Customer and Affiliates are jointly referred to as the “Customer”.

In the event that under the Agreement it is agreed that a cloud based service shall be delivered by a third-party provider (Amazon Web Services, Microsoft, Google or other) the parties acknowledge that any personal data processed within the cloud service shall be exclusively governed by the terms and conditions for the cloud service as stipulated and amended from time to time by the cloud service provider.

The parties shall agree on all additions and amendments to this DPA writing.

2. Definitions

All references to "personal data", "processing", "data subject", “processor”, “controller”, “personal data breach”, “supervisory authority” and other terms defined in the GDPR and not expressly defined herein shall have the same meaning in this DPA as in Article 4 of the GDPR.

3. Data Protection and Processing Personal Data

The Customer or the Customer’s client shall be the controller and the Supplier shall be the processor of the personal data processed in the Service.

The types of personal data and categories of data subjects may include the following:

Categories of Data Subjects

The Customer may submit personal data to the Service, the extent of which is determined and controlled by the Customer in its sole discretion, and which may include, but is not limited to personal data relating to the following categories of data subjects:

  • Prospects, customers, business partners and vendors of Customer (who are natural persons)

  • Employees, agents, advisors, freelancers of Customer (who are natural persons)

  • Customer’s Users authorized by Customer to use the Services

Type of Personal Data

The Customer may submit personal data to the Services, the extent of which is determined and controlled by the Customer in its sole discretion, and which may include, but is not limited to the following types of personal data:

  • Contact details such as name, title, telephone, business address and mobile numbers and email address

  • Employment and human resources details such as name, addresses, contact details, age, details relating to the employment of the data subject

  • Financial and transactional details

  • IT management details such as details of equipment data related to the services provided including technical identifiers, user name, location, contact details, communication data and metadata

  • Security details such as security log information

  • Connection data

  • Localization data

The subject, character and purpose of processing is defined in more detail in the Agreement.

This DPA with the Agreement constitutes the instructions in accordance with which any such data is processed as per the date of entering into this DPA.

The Supplier shall maintain the service description or other record of the processing activities of the service in cases where it is required to do so by the GDPR. The Supplier is entitled to collect anonymous and statistic data of the use of the services pursuant to the Agreement, that does not specify the Customer nor data subjects and uses it for analyzing and developing its services.

4. Responsibilities of the Customer

The Customer is the owner of its personal data and is responsible for the accuracy, legality, integrity and content reliability of such personal data and other controller’s responsibilities as described in the GDPR.

5. Deletion or Returning of Data

Aito has no obligation to store and Aito will not store any of the Customer’s data after the termination subscription of the Service. Aito will, at the Customer’s choice, promptly delete or return all personal data related to you after the end of the provision of the Services relating to processing and delete existing copies unless applicable legislation requires storage of the personal data.

6. Sub-processors

This DPA constitutes a general authorization by the Customer for Aito’s use of sub-processors. Aito shall ensure that sub-processors are bound by a written agreement that require them to provide at least the level of data protection required by Aito under this DPA. Aito shall inform the Customer of changes concerning its sub-processors, including the identity and location of new or replaced sub-processors. A list of sub-processors is available at Aito’s web pages or other location as designated by Aito from time to time.

Where a sub-processor fails to fulfil its data protection obligation, Aito shall remain fully liable to the Customer for the performance of that sub-processor’s obligations. The Customer is entitled to oppose the use of a new sub-processor on reasonable grounds. If the parties are unable to reach an agreement concerning the use of a new sub-processor, either party shall, for a justified reason and as a final remedy, to terminate the Agreement with thirty (30) days’ notice, in so far as the change of sub-processor affects the processing of personal data pursuant to the Agreement.

7. Supplier’s Obligation to Provide Assistance

The Supplier shall promptly forward all requests to inspect, rectify, erase or object to the processing of personal data or other requests received from the data subjects, to the Customer. If requested by the Customer, the Supplier shall support the Customer in fulfilling the requests of the data subjects.

The Supplier is obligated, taking into account the nature of the Processing of personal data and the data available, to assist the Customer in ensuring that the Customer complies with its legal obligations. These obligations may include requirements related to data security, notifying of data breaches, data protection impact assessments as well as obligations regarding prior consultations. The Supplier is obligated to assist the Customer only to the extent that applicable legislation obligates the processor of personal data. Unless otherwise agreed, the Supplier is entitled to invoice the expenses incurred from action pursuant to this section 7 according to the Supplier’s valid price list.

The Supplier shall forward all inquiries made by data protection authorities directly to the Customer and shall await further guidance from the Customer. Unless otherwise agreed, the Supplier is not authorized to represent the Customer or act on behalf of the Customer in relation to the authorities supervising the Customer.

8. Processing Taking Place Outside EU/EEA

The Supplier and its sub-processors may process personal data outside the EU/EEA area. When transfer of personal data by Aito to a sub-processor outside the EU/EEA, is permitted as stated in section 6 and this section 8, in case of any transfer Aito shall ensure that transfer is only made to (a) a country deemed by the Commission to have an adequate level of protection, (b) entities having committed to the EU-US Privacy Shield or having entered into the EU Commission standard contractual clauses approved by the European Union concerning the transfer of personal data to outside the EU/EEA or provided other appropriate safeguards as described in Article 46 of the GDPR.

Subject to the above and subject to Aito keeping the Customer informed of any transfer of personal data outside the EU/EEA, the Customer gives its consent to the transfers and authorizes Aito to agree on the use of privacy clauses on behalf of the Customer and to represent the Customer regarding those conditions of the standard contractual clauses that refer to the rights and liabilities of the Customer.

9. Auditing

The Customer or an auditor authorized by the Customer (however, not a competitor of the Supplier) is entitled to audit the activities pursuant to this DPA. The parties shall agree on the time of the auditing and other details ahead of time and at the latest 14 days before the inspection. The auditing shall be carried out in a way that does not impede the obligations of the Supplier or its subcontractors in regard to third parties. The representatives of the Customer and the auditor must sign conventional non-disclosure commitments.

The Customer shall be responsible for its own and the Supplier’s expenses caused by the auditing. If notable defects are perceived during auditing, the Supplier shall be liable for the costs incurred from the auditing.

The Supplier may also provide the Customer with an audit report by a third-party auditor (a separate charge may apply).

10. Data Security

The Supplier shall implement the appropriate technical and organizational measures to protect the personal data of the controller, taking into account all the risks of processing, especially the unintentional or illegal destruction, loss, alteration, unauthorized disclosures or access to personal data that has been transferred, saved or otherwise processed. When organizing the security measures, the technical options and their costs shall be assessed in relation to the special risks of the processing at hand and the sensitivity of the personal data processed.

The Customer shall be obligated to ensure that the Supplier is notified of all the circumstances concerning the personal data the Customer has delivered, such as risk assessments and the processing of special sets of data subjects that affect the technical and organizational measures pursuant to this DPA. The Supplier shall ensure that the personnel of the Supplier or a subcontractor of the Supplier shall abide by the appropriate non-disclosure commitments.

11. Data Breaches

The Supplier must notify the Customer of all personal data breaches without undue delay after receiving information of the breach or after a subcontractor of the Supplier has received information of the breach.

If requested by the Customer, the Supplier shall, without undue delay give the Customer all relevant information concerning the data breach. In so far as the information in question is available to the Supplier, the Supplier shall describe at least the following to the Customer:

(a) the occurred data breach,

(b) if possible, the sets of data subjects and the number thereof, as well as the sets of personal data types and estimated numbers,

(c) a description of the likely consequences caused by the data breach,


(d) a description of reparative measures, that the Supplier has implemented or shall implement in order to prevent data breaches in the future, and if necessary, the measures to minimize the harmful effects of the data breach.

The Supplier shall document and report the results of the inquiry and the implemented measures to the Customer.

The Customer shall be liable for the necessary notifications to the data protection authorities.

12. Damages

Aito shall compensate the Customer for damages incurred by the Customer as a result of fault or negligence by Aito, or by a sub-contractor to Aito, in the processing of personal data in breach of the Agreement or this DPA.

The parties’ (including their group companies) liability for damages under the DPA shall be limited in scope and to the double of maximum amounts set out in the respective Agreement, except when limitations of liability are expressly prohibited under the applicable legislation or are otherwise legally invalid or unenforceable. To clarify, indirect damages are excluded.

Both parties are obligated to pay only the part of the administrative fine that corresponds to the liability for damage confirmed in the final decision of a data protection authority or a court of law.

13. Applicable law and dispute resolution

This DPA is interpreted, construed and governed in accordance with the applicable law set out in the Agreement.

Any disputes concerning the interpretation or application of this DPA shall be settled in accordance with the provisions on dispute resolution included in the Agreement.

14. Terms and Termination

This DPA shall become effective simultaneously with the Agreement and shall remain in force during the validity of the Agreement and thereafter for as long as necessary for the finalization of the agreed processing of personal data.


Kaivokatu 10 A, 8th floor

00100 Helsinki


See map

470 Ramona St.

Palo Alto

CA 94301, USA

See map


COVID-19 situation has driven us all to work from homes, please connect with us online. Stay safe & play with data!

Join our public Slack workspace

Follow us