Last updated: 28 April 2026

TANGENTLY PRIVACY POLICY

Register information:
Name of the register: Tangently.ai Customer Register (hereinafter the “Register”)
Data Controller: Tangently Oy (business ID 3544849-7)
Contact Person: Pekka Kinnunen
E-mail address: privacy@tangently.ai

Intro
This privacy policy ("Privacy Policy") is effective as of 18 January 2026 and describes how Tangently
Oy (hereinafter also referred to as “Tangently”, "we", “our”) collects and processes personal data of:
• the users of our website www.tangently.ai ("Sites"),
• our customers in connection with their purchase of or subscription to our products and
services (“Services”), as well as in connection with customer feedback and other contact
requests via our Sites
(hereinafter jointly referred to as "you", “your”, “customer”, “user”, “customers”, “data
subject").
We respect your privacy and are committed to process your personal data in accordance with this
Privacy Policy and applicable laws including the General Data Protection Regulation (2016/679; the
"GDPR"). As a data controller, we carry the ultimate responsibility for the processing of your
personal data.
In this Privacy Policy, we will tell you, how we collect and use your personal data and what rights you
have in relation to the processing of your personal data. We kindly ask you to read this Privacy Policy
carefully in order to understand how we process your personal data.

• 1. What personal data we process and where we collect it from?
We may collect your personal data whenever you interact with us or our Sites or when you use our
Services. The personal data we process is collected directly from you, the data subject. We enter the
data into the Register as we receive it from you and update it according to the information provided by
you to us.
The personal data we collect from you may include the following data:
• Contact and other general information: when you visit our Sites or use our Services, we
collect your personal data, primarily your name and email address in order to provide the
Service for you. In some cases, where it is necessary to provide our Services to you, we may
also collect your telephone number, postal address and date of birth.

• Information shared in customer relationship: to provide the subscribed Services to you, we
collect accounting and financial data such as information related to accounts, salaries,
vendors, employees and cost of data. We also collect information you share with us in
customer meetings or otherwise in communication relating to the subscribed Services.
• Billing and payment information: we collect your credit card or payment method
information and information of your orders with respect to our Services.
• Company information: If you act on behalf of a company, we may collect contact
information of the company such as a company address and your name and position in the
company.
• Customer feedback and other contact requests: when you interact with us by providing
customer feedback or requesting us to contact you by any means, we will process information
that you provide us with. If your request is made in connection with a particular transaction,
we may ask you to provide information about your credit card, or other payment method (if
applicable) to respond to your request. When you make an inquiry on our Sites, we use that
information to contact you so that we may respond to your inquiry.
• Customer order history information: when you place orders with respect to our Services,
we process information related to invoicing and debt collection.
• Information related to your marketing preferences: we process information such as data
related to your preferences to be contacted by us and your possible consent or prohibition to
receive any direct marketing material from us.

• 2. Cookies
When you visit our Sites, we may also collect personal data from you automatically using cookies or
similar technologies. We may automatically collect information such as information on your device
(e.g. device type, IP address, operating system) and your usage information (e.g. the time and date you
visited our Sites, the parts in our Sites you visited, the content you viewed, the website that referred
you to our Site) when you access our Sites. We use cookies to improve your user experience when
visiting our Sites and to target relevant content to the visitors of our Sites. You can learn more about
the cookies we use in our Cookie Policy.

• 3. What is the purpose and legal basis for the processing of your personal data?
We process your personal data only for the purposes described in this Privacy Policy. Our such
purposes, of which one or more may apply depending on the case at hand, are:
• To provide you with the Services you have requested: we process your personal data
primarily to offer you the opportunity to use our Services and to deliver your order. We
process your personal data to send you questionnaires to measure your satisfaction with our
Services. We also process your personal data for the purposes of managing the contractual
relationship between us. The legal basis for processing your personal data is the fulfilment of
an agreement between you and us.
• To maintain and develop our Sites and Services: we process your personal data to
continuously develop our Sites and Services to maintain our customer relationships and
ensure the high-quality of your customer experience by e.g. presenting content in the most

efficient and effective manner. The legal basis for processing your personal data is our
legitimate interests.
• To communicate with you regarding your requests and feedback: in the event you make
an inquiry, we will use the provided information to answer your questions or solve possible
issues. We also process your personal data to manage and reply to your feedback. The legal
basis for processing your personal data is our legitimate interests.
• For direct marketing: we process your personal data for marketing and advertising our
products and Services. We want to let you know about our new Services, products, special
offers, employment opportunities and any updates on our Services by for example sending
you direct marketing messages. The legal basis for processing your personal data is your
consent.
To be allowed to send electronic direct marketing (e.g. utilizing email or text messages), your
consent of the electronic direct marketing is collected (opt-in) where required by applicable
laws. Such consent request may take place in certain parts of our Services. You may withdraw
your consent (opt-out) at any time by contacting us.
• To fulfil our legal obligations: we process your personal data to fulfil our reporting,
accounting and other legal obligations towards authorities. The legal basis for processing your
personal data is to comply with our legal obligations.
• For potential claims handling and legal processes: we may process your personal data in
relation to claims handling, debt collection and legal processes. We may also process your
personal data for the prevention of misuse of our Services and for data, system and network
security. In these situations, the legal basis for processing your personal data is our legitimate
interests.
When choosing to process your personal data on the basis of our legitimate interests, we weigh our
own interests against your right to privacy. We also use pseudonymized or non-personally identifiable
data when possible.

• 4. Are your personal data disclosed or transferred to third parties?
We only share your personal data within our organization, if and as far as reasonably necessary, in
accordance with this Privacy Policy and applicable laws. We will not disclose your personal data with
third parties outside of our organization unless we are required to do so under applicable laws.
We primarily process personal data on servers located in the EU/EEA. However, in case we need to
transfer your personal data outside the EU/EEA, we take necessary steps to implement appropriate
technical and organizational measures under the GDPR to ensure that your personal data remains
always secure. Such transfers outside EU/EEA can be made on the basis of an adequacy decision or
with appropriate safeguards in accordance with GDPR. We will provide you with further information
about such international transfers upon your request.

• 5. What are the principles of data security?
We will only process your personal data for the purposes of this Privacy Policy as set out above.
Processing of your personal data in a secure way is important to us and we have implemented
appropriate technical and organizational measures to keep your personal data secure. We maintain a
report of the personal data on a separate, limited-access server and access to such personal data is
limited to only those employees for whom they are necessary to perform their work. Viewing of

personal data requires an individual, protected user ID and password. We will keep your personal data
confidential and not disclose it to any other entities than those set out in this Privacy Policy unless you
clearly authorize us to do so or such an authorization results from applicable laws.

• 6. For how long we store your personal data?
We store your personal data only for as long as and in the extent that it is necessary for the purposes
for which the personal data was collected as set out in the Section 3 of this Privacy Policy unless a
longer retention period is required or permitted by the applicable laws, such as Accounting Act
(1336/1997).
We review and evaluate the need for retaining the personal data in the Register regularly, at
least once every two (2) years, and delete or anonymize personal data that is no longer needed
in the Register.
If the collection and use of personal data is based solely on your consent, the personal data will be
deleted at your request.

• 7. What are your rights as the data subject?
You may at any time exercise your legal rights as a data subject in relation to your personal data that
we process. Your rights include the following:
• Right to access and rectification (Article 15 & Article 16 of the GDPR): You have the
right to request access to your personal data we process. This includes e.g. the right to be
informed whether or not we process personal data relating to you, what personal data is being
processed and the purpose for the processing. You also have the right to request inaccurate or
incomplete personal data about you to be corrected.
• Right to object and withdraw your consent (Article 21 of the GDPR): You have the right
to object to certain processing of your personal data including e.g. processing of your personal
data for direct marketing purposes or when we otherwise base our processing of your personal
data on a legitimate interest of ours or a third party. In cases where the processing is based on
your consent, e.g. for direct marketing purposes, you have the right to withdraw your consent
to such processing at any time. After such withdraw, we will no longer use your personal data
for marketing purposes. When you request the deletion of your personal data that is processed
on the basis of our legitimate interest, we may no longer process your personal data unless we
can demonstrate compelling legitimate grounds for continuing the processing of your personal
data.
• Right to erasure (Article 17 of the GDPR): You have the right to request your personal data
be erased if, for example, the personal data is no longer necessary for the purposes for which
it was collected, the processing is unlawful, or the personal data has to be erased to enable us
to comply with our statutory obligations.
• Right to data portability (Article 20 of the GDPR): If your personal data that you yourself
have provided is being processed automatically with your consent or in accordance with a
contract between you and us, you may request the personal data to be provided to you in a
structured, commonly used and machine-readable format and the personal data to be
transmitted to another controller, if this is technically possible.
You may exercise any of the above-mentioned rights by contacting us by email at

privacy@tangently.ai.

• 8. Lodging a complaint
Our aim is always to solve disagreements relating to the processing of your personal data directly with
you. However, if you wish to file a complaint with a competent data protection authority regarding our
processing of your personal data, you may do so by contacting the Data Protection Ombudsman
(tietosuoja@om.fi, 029 566 6768, www.tietosuoja.fi).

9. Changes to Privacy Policy
   We are constantly improving our services and privacy measures, and we therefore reserve the right to
   modify this Privacy Policy by notifying about it on our website or via email. Changes in this Privacy
   Policy may also be based on changes in the applicable laws. Thus, we kindly recommend you to read
   this Privacy Policy regularly.

Tangently.ai (“Tangently”, “we”, “us”, or “our”) is committed to protecting privacy and personal data.

This Privacy Policy explains how we collect, process, store, and protect personal data when you

use Tangently.ai’s website, applications, integrations, and services.

Tangently.ai operates in Finland and complies with the EU General Data Protection Regulation

(GDPR).

Data Controller: Tangently.ai Lahnatie 9, 01490 Vantaa, Finland Email: privacy@tangently.ai

Tangently.ai processes accounting and financial data such as accounts, salaries, vendors,

employees, and cost data solely to provide the Service. All data is stored and processed within the

European Union.

TANGENTLY SAAS AGREEMENT  (GENERAL TERMS AND CONDITIONS) 

1. Parties 

1.1 Service Provider 

Company name: Tangently Oy 

Business ID: 3544849-7 

Registered address: 01490 Vantaa 

Country of incorporation: Finland 

1.2 Customer 

The legal entity or individual accepting these terms by subscribing to or using the Service. 

1.3 The Service Provider and the Customer are hereinafter jointly referred to as the “Parties”  and individually as a “Party”. 

2. Acceptance and Purpose of the Agreement 

2.1 By accessing, subscribing to or using the Service, the Customer confirms that it has read,  understood and accepted these General Terms and Conditions (“Agreement”). The  Agreement governs the Customer’s use of the Service and includes all additional terms and  documents incorporated herein by reference including the following: 

• Appendix 1: Data Processing Agreement (”DPA”) 

• Appendix 2: Non-disclosure Agreement (”NDA”) 

2.2 The purpose of this Agreement is to define the terms and conditions under which the  Service Provider supplies the Customer with a software service delivered via a data network  under a Software-as-a-Service (”SaaS”) model (“Service”). 

3. Description of the Service 

3.1 The Service is an AI-native financial planning, forecasting and reporting software  platform provided under a SaaS model.

3.2 The Service enables Customers to consolidate and analyze financial data by integrating  with third-party accounting, human resources (HR), customer relationship management  (CRM) and other supported systems. The Service harmonizes such data into a centralized  view and provides tools for financial planning, forecasting, scenario modeling, runway  analysis and reporting. 

3.3 Core functionalities of the Service may include, among others: 

• AI-assisted financial planning and forecasting 

• Scenario modeling and runway analysis 

• Automated dashboards and financial reports 

• Natural-language interaction with financial data 

• Portfolio-level and multi-entity reporting 

• Support for multiple end clients or entities within the same account 

3.4 The Service is intended to support financial analysis, planning and reporting activities.  The Service does not replace professional accounting, financial, legal or tax advice and the  Customer remains solely responsible for the accuracy of its data, assumptions and decisions  made based on the Service. 

3.5 The Service uses artificial intelligence to generate forecasts, analyses and reports. Such  outputs may contain errors or inaccuracies and are provided for informational purposes only.  The Customer is responsible for validating all outputs independently. The Service Provider  does not guarantee the accuracy or completeness of AI-generated outputs. 

3.6 The exact features, integrations and functionalities available to the Customer may vary  depending on the selected service plan and may be updated or modified by the Service  Provider from time to time. 

3.7 The Service is provided as described in the Service Provider’s documentation, product  descriptions and service specifications valid from time to time. 

3.8 The Service Provider may update or modify such documentation and the Service from  time to time in the ordinary course of development. Material changes that significantly affect 

the Service shall be communicated to the Customer within a reasonable time. 

4. Right of Use 

4.1 The Service Provider grants the Customer a non-exclusive, non-transferable, non sublicensable and limited right to access and use the Service during the term of this  Agreement for the Customer’s internal business purposes. 

4.2 The Customer shall not: 

• copy, modify, distribute, sell, lease or resell the Service 

• reverse engineer, decompile or attempt to extract source code 

• circumvent technical limitations or security measures 

• use the Service unlawfully, abusively or contrary to good business practice 

5. Availability, Maintenance and Development 5.1 The Service is provided on an “as is” and “as available” basis. 

5.2 The Service Provider has the right to: 

• develop, modify and update the Service 

• change technical solutions or features 

• perform maintenance that may temporarily affect availability 

5.3 The Service Provider shall use commercially reasonable efforts to maintain the  availability of the Service. However, the Service Provider does not guarantee uninterrupted  or error-free operation of the Service. 

5.4 The Service Provider’s target service availability is 99.9% per calendar month, calculated  on a monthly basis, excluding scheduled maintenance, Force Majeure events as defined in  section 16 and interruptions caused by the Third-Party Services or circumstances outside the  Service Provider’s reasonable control. 

5.5 Scheduled maintenance that may temporarily affect the availability of the Service shall, 

where reasonably practicable, be communicated to the Customer in advance. 

5.6 The Customer shall promptly notify the Service Provider of any material interruptions or  degradation in the availability of the Service. 

5.7 If the monthly service availability falls below 98%, the Customer shall be entitled, as its  sole and exclusive remedy, to a service credit corresponding to one (1) month’s Service fee,  to be applied to the next billing period. No cash refunds shall be provided. 

6. Disaster Recovery and Business Continuity 

6.1 The Service Provider shall maintain reasonable technical and organizational measures  designed to support the recovery of the Service in the event of a significant disruption, data  loss incident or system failure (“Disaster”). 

6.2 The Service Provider shall: 

• maintain regular data backups in accordance with its internal backup policies; 

• use commercially reasonable efforts to restore the Service and affected data within a  reasonable timeframe following a Disaster. 

6.3 The Service Provider does not guarantee specific recovery time objectives (RTO) or  recovery point objectives (RPO), unless otherwise expressly agreed in writing. 

6.4 The Service Provider shall not be responsible for delays or failures in recovery caused by  Force Majeure events, Third-Party Services or circumstances outside its reasonable control. 

7. Third-Party Services and Integrations 

7.1 The Service may integrates or retrieves data from third-party systems, including but not  limited to accounting software, customer relationship management (”CRM”) systems or  other external services (“Third-Party Services”). 

7.2 The Service Provider does not control, maintain or assume responsibility for Third-Party 

Services, their availability, functionality, accuracy, security or content. 

7.3 Data retrieved from the Third-Party Services is provided to the Customer on an “as is”  and “as available” basis. The Service Provider does not verify, validate or guarantee the  completeness, accuracy or timeliness of such data. 

7.4 The Customer is solely responsible for: 

• ensuring it has the right to access and use data from the Third-Party Services, • maintaining valid credentials and permissions for Third-Party Services, and • verifying the accuracy and suitability of data imported into the Service. 

7.5 The Service retrieves data from the Third-Party Services at scheduled intervals, currently  no more than once per day, unless otherwise agreed. 

7.6 The Customer acknowledges that data displayed in the Service may not reflect real-time  information and may be subject to delays or discrepancies originating from the Third-Party  Services. 

7.7 The Service Provider shall not be responsible for decisions made by the Customer based  on data that is outdated, incomplete or inaccurate due to synchronization timing or Third Party Service limitations. 

8. Customer Obligations and Acceptable Use 8.1 The Customer is responsible for: 

• all activity occurring under its user accounts 

• safeguarding usernames, passwords and access credentials 

• ensuring its systems and internet connections function properly 

• compliance with applicable laws and regulations 

8.2 The Customer shall not use the Service to:

• transmit unlawful, harmful or infringing material 

• violate third-party rights 

• interfere with the integrity or security of the Service 

8.3 The Service Provider may suspend access if misuse or security risks are detected. 

9. Fees and Invoicing 

9.1 Fees 

The fees for the Service shall be agreed separately between the Service Provider and the  Customer (for example in an order form, subscription plan, service description, online  checkout or other written agreement) and shall be payable in accordance with the agreed  pricing. 

9.2 Billing and Payment Terms 

Unless otherwise agreed, fees are billed in advance for the applicable billing period. Payment  terms, billing frequency and accepted payment methods shall be as agreed with the Customer. 

9.3 Taxes 

All fees are exclusive of value added tax (VAT) and any other applicable taxes, duties or  charges, which shall be added in accordance with applicable law. 

9.4 Late Payments 

Late payments may accrue statutory interest and reasonable collection costs in accordance  with applicable law. 

9.5 Changes to Fees 

The Service Provider may adjust the fees applicable to the Service by giving at least thirty  (30) days’ prior notice. Continued use of the Service after the effective date of the change  constitutes acceptance of the revised fees. 

10. Intellectual Property Rights 

10.1 All intellectual property rights related to the Service, including patents (including utility  models), design patents and designs (whether or not capable of registration), chip topography  rights and other like protection, copyright, trademarks, trade names and any other form of 

statutory protection of any kind and applications for any of the foregoing respectively as well  as any trade secrets remain the exclusive property of the Service Provider or its licensors. 

10.2 The Customer retains ownership of its own data but grants the Service Provider a  limited right to process such data for the purpose of providing the Service. 

11. Intellectual Property Right Infringement  

11.1 The Service Provider shall defend the Customer against any third-party claim alleging  that the Service, as provided by the Service Provider and used in accordance with this  Agreement, infringes a valid intellectual property right within the European Union, and shall  indemnify the Customer for direct damages finally awarded by a competent court or agreed in  a settlement approved by the Service Provider. 

11.2 The Service Provider shall have no liability or obligation under this clause to the extent  the claim arises from: 

• use of the Service in violation of this Agreement or applicable law; • modifications made by the Customer or a third party; 

• combination of the Service with products, services, data or systems not provided by  the Service Provider; 

• Customer data or content provided by or on behalf of the Customer; or • third-party software, systems or integrations. 

11.3 If the Service becomes, or in the Service Provider’s opinion is likely to become, the  subject of an infringement claim, the Service Provider may at its own option: 

• procure the right for the Customer to continue using the Service; 

• modify or replace the Service so that it becomes non-infringing without materially  reducing its functionality; or 

• terminate the Agreement and refund any prepaid fees for the unused time of the  subscription term. 

11.4 This section 11 states the Service Provider’s sole and exclusive liability and the  Customer’s sole remedy for intellectual property infringement claims and is subject to the 

limitation of liability set out in section 14 of this Agreement. 

12. Customer Indemnification 

12.1 The Customer shall indemnify and hold harmless the Service Provider from and against  any claims, damages, losses, liabilities, costs and expenses arising out of or related to: 

• Customer data or content submitted, processed or stored through the Service; • the Customer’s unlawful, unauthorized or non-compliant use of the Service; 

• violation of applicable laws, including data protection, accounting or financial  reporting regulations; or 

• the Customer’s failure to obtain necessary rights, consents or authorizations for the  processing of Customer data. 

12.2 The Customer represents and warrants that it has all necessary rights and legal grounds  to provide Customer Data to the Service Provider and to permit its processing in accordance  with this Agreement. 

13. Data Protection and Information Security 

13.1 The Parties shall comply with applicable data protection legislation, including the EU  General Data Protection Regulation (”GDPR”). 

13.2 For the processing of personal data by the Service Provider on behalf of the Customer,  the Parties have entered into a separate DPA under this Agreement. 

13.3 The Service Provider may use subcontractors and cloud infrastructure providers,  including providers located outside Finland, provided that applicable data protection  requirements are met. 

14. Limitation of Liability 

14.1 To the maximum extent permitted by applicable law, the Service Provider’s total  aggregate liability under this Agreement shall be limited to the fees paid by the Customer  during the preceding twelve (12) months.

14.2 The Service Provider shall not be liable for: 

• indirect or consequential damages 

• loss of profit, revenue, business, or goodwill 

• loss or corruption of data 

• service interruptions or errors exceeding what has been agreed under section 5  (Availability, Maintenance and Development)  

15. Term and Termination 

15.1 This Agreement enters into force upon acceptance by the Customer and remains valid  until terminated. 

15.2 Either Party may terminate the Agreement with 30 days’ written notice. 

15.3 The Service Provider may terminate or suspend access immediately in case of material  breach, non-payment or misuse. 

16. Effect of Termination 

16.1 Upon termination: 

• the Customer’s right to use the Service ceases 

• access credentials are disabled 

• the Customer is responsible for exporting its data prior to termination 

16.2 Unless required by law, the Service Provider has no obligation to retain Customer data  after termination. 

17. Confidentiality 

17.1 Each Party undertakes to keep confidential all non-public business, technical and  commercial information received from the other Party and to use such information solely for  purposes of this Agreement. The Parties have entered into a separate NDA under this 

Agreement. 

18. Force Majeure 

18.1 Neither Party shall be liable for failure or delay caused by events beyond reasonable  control, including natural disasters, strikes, governmental actions, internet outages or failures  of third-party infrastructure (”Force Majeure”). 

19. Governing Law and Dispute Resolution 

19.1 This Agreement shall be governed by the laws of Finland, excluding its conflict of law  rules. 

19.2 Any disputes arising out of or relating to this Agreement shall be resolved primarily  through negotiations and, failing that, by the District Court of the Service Provider as the  court of first instance. 

20. Miscellaneous 

20.1 The Service Provider may amend these terms by publishing updated versions on its  website. Continued use constitutes acceptance. 

20.2 The Customer may not assign this Agreement without the prior written consent of the  Service Provider. 

20.3 The Service Provider may assign or transfer this Agreement, in whole or in part, to an  affiliate or to a third party in connection with a merger, acquisition, corporate restructuring,  sale of business, or sale of all or substantially all of its assets, without the Customer’s prior  consent. 

20.4 If any provision is held invalid, the remaining provisions shall remain in force. 

20.5 This Agreement constitutes the entire agreement between the Parties regarding the  Service.