3Clouds AI classifies, posts, and reconciles every routine transaction autonomously — directly to your general ledger, routing only genuine exceptions for human review. Your accountants review exceptions. Nothing else.
| Capability | Other AI Tools | 3Clouds AI |
|---|---|---|
| Transaction handling | Generates draft for human review | Posts directly to GL — exceptions only |
| Human involvement | Every transaction reviewed | Exceptions only (10–20% of volume) |
| VAT compliance | Generic rules, configured manually | Cyprus-specific, built into the core |
| ICPAC alignment | Not applicable or adapted | Built from the ground up for ICPAC |
| Review Queue purpose | Where work happens | Where exceptions get handled |
| Practice visibility | Per-accountant view only | Firm-wide supervisor dashboard |
| AI explainability | Black box decisions | Full audit trail, EU AI Act compliant |
AI agents identify the document type, extract all relevant fields, map them to your chart of accounts, and post directly. The first time your accountant sees the transaction, it’s already in the ledger — correctly classified, VAT coded, and ready for month-end.
3Clouds AI was designed from day one for the Cyprus regulatory environment. ICPAC standards, local VAT codes, VIES logic, and Tax Portal integration are core to the platform — not bolt-ons. Your compliance calendar runs itself.
The platform only flags transactions that fall outside your established patterns: new vendors, non-standard VAT treatments, unusually large amounts, or documents the AI couldn’t process with high confidence. Everything else is already posted.
Business owners see a real-time picture of P&L, cash position, and upcoming VAT and tax obligations — without chasing their accountant. Accountants see the same data with full posting history, compliance deadlines, and flagged exceptions. No more end-of-month surprises for either side.
Send invoices, bank statements, receipts, payroll files — including handwritten documents — in any format. From desktop, tablet, or anywhere you can access a web browser, or via direct ERP integration.
AI agents identify the document type, extract every relevant field, and map the transaction against your chart of accounts and Cyprus VAT rules automatically.
Routine transactions post directly to your general ledger. No draft stage. No approval step. The entry is live the moment the document is processed.
Your team sees only what needs them — genuine exceptions, flagged with a reason and a confidence score. Everything routine is already done.
Accounting firms across Cyprus are shifting from data entry to advisory. The firms that move first build the capacity advantage that’s hardest for competitors to close.
No setup fees · Cancel anytime · ICPAC-registered firms welcome
3Clouds AI gives your accountants back the hours spent on data entry — and gives you the oversight to run a larger, more consistent practice without proportional hiring.
Your accountants spend 60–70% of their day entering data — leaving almost nothing for the advisory work that differentiates your firm and justifies your fees.
You’ve looked at AI accounting tools, but they just move the work from data entry to reviewing AI-generated drafts. Same cognitive load. Different screen. Still a bottleneck.
At VAT quarter-end, quality inconsistencies between your accountants surface under deadline pressure — when there’s no time to fix them cleanly and the client is already waiting.
You have no single view of every client’s posting status, every open exception, and every upcoming compliance deadline — you find out what’s happening by asking each accountant individually.
Each pain point maps directly to a platform capability with a measurable outcome.
Data entry consuming 60–70% of working hours
Autonomous GL posting — routine transactions post directly, without a draft or approval step
Accountants spend their time on exceptions and advisory work. 40 hours recovered per accountant per month.
AI tools that replace data entry with draft review
Exceptions-only Review Queue — the platform only escalates what genuinely requires professional judgement
Your Review Queue contains 10–20% of transactions at most. The other 80–90% are already posted correctly.
Quality inconsistency across the team at quarter-end
AI-enforced classification rules applied consistently across every accountant and every client — the same VAT codes, the same mapping logic, every time
Compliance quality no longer depends on individual habits. The platform enforces the standard; your accountants apply their expertise.
No unified view of firm-wide status
Practice supervisor dashboard — real-time view of every client portfolio, every compliance deadline, and every open exception across all accountants
You know what’s happening before a client tells you. Exceptions get attention before they become problems.
We configure 3Clouds AI for your chart of accounts and client base before you go live — so the first week looks like the platform already knows your practice.
We’ll respond within 1 business day. No commitment required.
3Clouds AI gives you a live view of your cash position, P&L, and outstanding balances — in plain language, from your phone, tablet, or anywhere you can access a web browser, updated automatically as your transactions are processed.
And even then, the figure is a few days old. Cash decisions can’t wait that long.
Invoices come in through WhatsApp, email, and physical post. Getting them processed means chasing someone, scanning something, or waiting until your accountant’s next visit.
Every accounting tool you’ve tried assumes you know what “VAT output tax reconciliation” means. You don’t — and you shouldn’t have to.
When something needs your attention — an overdue invoice, a compliance deadline, a supplier payment — you find out late, because there’s no system proactively telling you.
Never knowing your live cash position
SME owner dashboard — live cash, P&L, and outstanding balances updated automatically as transactions post
Open your phone. See your numbers. No call required. No waiting for a human to compile the report.
Document submission friction across multiple channels
Mobile document capture — photograph an invoice or receipt and submit it in under 30 seconds from anywhere
Your documents are in the system the moment they’re in your hands. No scanning, no chasing, no waiting.
Accounting tools built for accountants, not owners
Plain-language interface — every number and every alert explained without accounting terminology
You understand your financial position at a glance. The platform translates accounting into business language — not the other way around.
Finding out about problems too late
Proactive alerts — the platform flags overdue invoices, approaching compliance deadlines, and documents that need your attention
You act early instead of reacting late. Surprises stop being surprises.
Managing two or three businesses means three sets of documents, three compliance calendars, and three financial positions to track — all while making decisions that affect each one differently. The SME dashboard shows all your entities side by side: one login, one view, no switching between systems.
Multi-entity support is included in all plans.
3Clouds AI works alongside your existing accountant or fiduciary firm — it makes their work faster and gives you the visibility you’ve been missing. If your accountant is already on the platform, ask them to get you set up. If not, contact us directly and we’ll make the introduction.
No accounting knowledge required to use the platform. That’s the point.
3Clouds AI doesn’t tier its features. Every subscription includes autonomous posting, Cyprus compliance, our Review Queue, and the full platform. You pay for transaction volume — nothing else.
Billed monthly per client · No setup fees · Prices exclude VAT · Cancel anytime
Pricing is being finalised — contact us for early access rates and to discuss your firm’s requirements.
No setup fee · Cancel anytime
No setup fee · Cancel anytime
No setup fee · Cancel anytime
We’ll respond within 1 business day.
Tokens are the computational fuel that powers every AI action on the platform — document classification, field extraction, VAT mapping, report generation, and query responses. Each plan includes a monthly token allowance sized to match its transaction volume. For most clients on the right plan, the included allowance is more than sufficient.
What counts as a transaction? A transaction is a single accounting line (debit or credit) generated from a document. Because 3Clouds AI uses double-entry bookkeeping, each document produces at least two transactions. A simple invoice with one line item generates 2 transactions. A bank statement covering multiple payments generates 2 transactions per payment processed.
If your usage exceeds your plan’s allowance, additional tokens are recharged at cost — transparently, with no markup. You’ll see usage in your dashboard before you hit the ceiling.
Token usage is visible in your account dashboard at all times. No surprise charges.
All plans include the full platform. The difference is transaction volume, token allowance, and support tier.
| Feature | Small | Medium | Large | Enterprise |
|---|---|---|---|---|
| Autonomous GL posting | ✓ | ✓ | ✓ | ✓ |
| Exceptions-only Review Queue | ✓ | ✓ | ✓ | ✓ |
| Cyprus VAT classification engine | ✓ | ✓ | ✓ | ✓ |
| VIES & Annual Return preparation | ✓ | ✓ | ✓ | ✓ |
| Tax Portal submission workflows | ✓ | ✓ | ✓ | ✓ |
| Full audit trail per transaction | ✓ | ✓ | ✓ | ✓ |
| Mobile document submission | ✓ | ✓ | ✓ | ✓ |
| SME owner dashboard | ✓ | ✓ | ✓ | ✓ |
| Multi-entity support | ✓ | ✓ | ✓ | ✓ |
| Practice supervisor dashboard | ✓ | ✓ | ✓ | ✓ |
| Advanced reporting | — | — | ✓ | ✓ |
| Single sign-on (SSO) | ✓ | ✓ | ✓ | ✓ |
| Dedicated account manager | — | — | — | ✓ |
| Defined SLA / uptime commitment | — | — | — | ✓ |
All plans billed monthly per client. Prices exclude VAT.
If you manage a large number of clients, need SSO and role-based access, require a defined SLA, or want a dedicated account manager and custom onboarding programme — talk to us.
We respond within one business day. No obligation.
3Clouds AI is built on EU-hosted infrastructure, with encryption at rest and in transit, role-based access control, and an audit trail on every transaction. Security is not a feature layer — it is the foundation the platform runs on.
All primary Customer Data is stored and processed on EU-hosted cloud infrastructure. Your financial documents, ledger entries, and user data do not leave the European Economic Area for storage or primary processing. For firms operating under GDPR, your data residency obligations are met from day one — no configuration required.
All data stored on the platform is encrypted using AES-256. All data in transit between your browser, the platform, and our sub-processors is encrypted using TLS 1.2 or higher. There is no unencrypted path into or out of the system.
Every user on the platform is assigned a role — and sees only what that role permits. No user can access data belonging to a different client or a different firm. Multi-factor authentication is required for all Admin Users.
Every transaction processed by the platform generates an audit log — ie the original document, the AI’s classification decision, the confidence score, and the GL entry posted. Full audit trail capabilities are being developed as part of our ISO 27001 certification programme.
The platform is built with strict logical separation between customer tenants. No data from one accounting firm or business is accessible to another — not through the interface, not through the API, not through the database layer. Each tenant’s data exists in an isolated environment.
In the event of a personal data breach, we notify you within 48 hours of becoming aware — giving you the time to meet your own 72-hour obligation to the Cyprus Commissioner for Personal Data Protection under GDPR Article 33. Every security incident is handled through a documented incident response procedure.
3Clouds AI is operated by ASK Business Solutions Ltd, incorporated in the Republic of Cyprus. We act as data controller for website and onboarding data, and as data processor for all financial data processed on the platform on your behalf. Our Data Processing Agreement is incorporated into the Platform Service Agreement.
The platform’s AI systems are assessed as limited-risk under the EU AI Act. We comply with the transparency obligations set out in Article 13 — every AI-generated entry includes a confidence score, a classification rationale, and a full audit trail. No AI decision on the platform is a black box.
The platform is operated in compliance with Cyprus Data Protection Law 125(I)/2018 and supervised by the Cyprus Commissioner for Personal Data Protection. Data subject rights requests are handled within 30 days.
We commenced our ISO 27001 gap analysis in May 2026. Our target certification date is Q1 2027. We will publish our certification on this page when it is awarded.
We use a limited set of approved sub-processors. Each is bound by data protection obligations equivalent to those in our DPA. We notify customers at least 30 days before adding any new sub-processor.
| Sub-processor | Role | Location | Transfer Mechanism |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure; primary data storage, compute, and LLM inference (Amazon Bedrock EU) | EU (Frankfurt / Ireland) | EU data residency — no EEA transfer |
| ERP (Odoo) | ERP hosting and GL posting | Belgium (EEA) | EU data residency |
| SaltEdge | Open banking / bank statement feeds (PSD2) | EU | EU data residency |
| Langfuse | AI pipeline observability and logging | EU (AWS EU-hosted) | EU data residency |
| Railway | Backend service hosting | EU | EU data residency |
| Vercel | Frontend deployment | EU | EU data residency |
| Veriff | Identity verification (KYC/KYB) | EU | EU data residency |
3Clouds AI exists to remove routine accounting work from the hands of professionals who were trained to do far more than process documents. We believe fully autonomous accounting is not a future ambition. It is an engineering problem. And it is solvable now.
3Clouds AI was built in Cyprus, for Cyprus — and that specificity is intentional. Cyprus’s accounting profession operates under a regulatory environment that is genuinely distinct: ICPAC standards, local VAT codes, VIES obligations, Tax Portal requirements. Every “global” accounting platform we looked at treated these as edge cases to configure around. We decided to build them as the foundation.
The idea started with a simple observation: accounting firms and their SME clients were using AI tools that promised to save time but still required a human to review every single entry. The bottleneck had moved from data entry to draft approval — same cognitive load, different screen. That is not progress. That is the same problem repackaged.
We built 3Clouds AI to post autonomously. To remove the approval step for routine transactions. To give accountants their time back for the work that actually requires them — and to give business owners financial visibility they have never had before.
Metrics reflect platform performance during our testing phase. We will update these with live production figures as we scale.
We measure every product decision against one question: does this move us closer to full accounting autonomy, or does it recreate manual work in digital form? Features that shift the bottleneck instead of removing it don’t ship.
A VAT coding error isn’t a UX issue — it’s a professional liability for the accountant who trusts our platform. We hold ourselves to the highest standards of classification accuracy because our users’ reputations depend on it.
We don’t believe in black-box AI. Every posting decision is logged, traceable, and explainable — not because regulators require it (though they do!), but because accountants need to understand and trust the platform before they can rely on it.
We started with the most specific regulatory environment we know — and built compliance into the foundation, not the configuration layer. That specificity is what makes us trustworthy in our market. It’s also what makes us scalable across the EU.
Accountants are trained professionals. We refuse to build software that treats them as a fallback for AI that isn’t confident enough to act. The platform should handle what it can handle — completely — and escalate everything else with full context.
If you run an accounting firm or a business in Cyprus and want to see what fully autonomous accounting looks like in practice, let’s talk.
The demo isn’t a product tour. It’s a working session configured for your firm or business. You’ll see 3Clouds AI process documents against your actual account structure and VAT setup — not a generic sample dataset.
Fill in your details and we’ll confirm your session within one business day.
We’ll confirm your session within one business day. Check your inbox for our response.
3 Clouds AI is an accounting automation platform operated by ASK Business Solutions Ltd, a company incorporated in the Republic of Cyprus (HE 488671), with registered offices at 10 Iasonos Street, Jason Building, CY-1082 Nicosia.
For the purposes of EU data protection law, ASK Business Solutions Ltd is the data controller in respect of personal data collected directly from visitors to our website and prospective customers. In respect of personal data uploaded to the Platform by our customers for processing, we act as a data processor on the customer’s behalf.
This Privacy Policy applies to personal data we collect and process as a controller. If you are a customer of 3 Clouds AI and your data is processed on the Platform, the relevant document is the Data Processing Agreement executed between you and ASK Business Solutions Ltd.
When you visit our website, we may collect IP address, browser type, and device information (for security and analytics, on the basis of our legitimate interests) and cookie data (subject to your consent, as described in our Cookie Policy).
When you enquire about 3 Clouds AI or begin the onboarding process, we collect name, email address, company name, and phone number (to respond to your enquiry, on the basis of pre-contractual necessity — GDPR Article 6(1)(b)) and company registration number and VAT number (for KYC/KYB verification, on the basis of legal obligation and legitimate interests).
When you use the Platform as an authenticated User, we collect account information (name, email, role, employer, contact number), authentication data (login timestamps, IP address, session tokens, MFA records), usage data (actions performed on the Platform, documents processed, Review Queue decisions), and identity verification records (government-issued ID, liveness check data for Admin and Active Users).
Customer Data uploaded to the Platform (invoices, bank statements, payroll records, etc.) may contain personal data about third parties. We process this data as a data processor on the Customer’s instructions. Please refer to the Data Processing Agreement.
| Data Category | Retention Period | Basis |
|---|---|---|
| Website visitor logs | 90 days | Legitimate interests (security) |
| Enquiry and pre-contract data | 3 years from last contact | Legitimate interests |
| Account and User data | Duration of subscription + 1 year | Contractual necessity |
| KYC/KYB verification records | 7 years | Legal obligation (regulatory) |
| Platform audit logs | 7 years | Legal obligation (tax and accounting records) |
| Support communications | 3 years from resolution | Legitimate interests |
| Financial document data (as processor) | Per DPA / Customer instruction | Processing under DPA |
We do not sell personal data. We may share personal data with sub-processors engaged to deliver the Platform (as listed in the Data Processing Agreement Annex III), professional advisors under confidentiality obligations, law enforcement or regulatory bodies where required by law, and a successor entity in the event of a merger or acquisition — subject to the same privacy obligations.
Your personal data is primarily stored and processed within the European Economic Area (EEA) on EU-hosted infrastructure. Where data is transferred outside the EEA (for example, in connection with AI model processing), we ensure that appropriate safeguards are in place in accordance with GDPR Articles 45–49.
| Right | Description |
|---|---|
| Access (Art. 15) | Request a copy of the personal data we hold about you. |
| Rectification (Art. 16) | Request correction of inaccurate or incomplete personal data. |
| Erasure (Art. 17) | Request deletion of your personal data where there is no lawful basis for continued processing. |
| Restriction (Art. 18) | Request that we restrict processing in certain circumstances. |
| Data portability (Art. 20) | Receive your personal data in a structured, machine-readable format. |
| Objection (Art. 21) | Object to processing based on legitimate interests or for direct marketing. |
| Withdraw consent | Where processing is based on consent, withdraw at any time. |
To exercise any of these rights, contact us at dpo@askbusinesssolutions.com. We will respond within 30 days. You also have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. A detailed description of our security measures is set out in our Security Policy and in Annex II of the Data Processing Agreement.
In the event of a personal data breach, we will notify the Cyprus Commissioner for Personal Data Protection within 72 hours of becoming aware of the breach, and affected individuals where required.
The Platform is designed for use by businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we hold data about a minor, please contact us at dpo@askbusinesssolutions.com.
The 3 Clouds AI platform uses artificial intelligence systems to automate accounting processes. In accordance with our obligations under the EU AI Act (Regulation 2024/1689), we disclose: AI systems on the Platform classify documents, extract data, assign accounting codes, and post transactions to the General Ledger. AI outputs include a confidence score. Entries below configured confidence thresholds are flagged for human review. AI systems do not make autonomous legal decisions about individuals.
We use essential cookies to operate the Platform (session management, security). We may use analytics cookies with your consent. A full Cookie Policy is available at www.3cloudsai.com/cookie-policy.
We may update this Privacy Policy from time to time. Material changes will be notified to registered Users by email at least 30 days before they take effect. The current version is always published on our website.
ASK Business Solutions Ltd, 10 Iasonos Street, Jason Building, CY-1082 Nicosia, Republic of Cyprus
Email: dpo@askbusinesssolutions.com
Data Protection Supervisory Authority: Commissioner for Personal Data Protection, Cyprus
Version 1.0 — Effective date: [TBC upon launch]
These Terms govern your access to and use of the 3 Clouds AI platform operated by ASK Business Solutions Ltd.
1.1 These Terms of Service ("Terms") constitute a legally binding agreement between ASK Business Solutions Ltd, a company incorporated in Cyprus with registration number HE 488671, having its registered office at 10 Iasonos Street, Jason Building, CY-1082 Nicosia, Republic of Cyprus ("Company", "we", "us") and the entity or individual accepting these Terms ("Client", "you").
1.2 By clicking "I Agree", by signing an Order Form that references these Terms, or by accessing or using the Platform, you agree to be bound by these Terms. If you are accepting on behalf of an organisation, you represent that you have authority to bind that organisation.
1.3 If you do not agree to these Terms, you must not access or use the Platform.
In these Terms, unless the context otherwise requires:
"Authorised Users" means the employees, contractors or agents of the Client who are permitted to access the Platform under the Client's subscription.
"Client Data" means all data, documents, files and information uploaded to or processed by the Platform by or on behalf of the Client, including financial records, invoices, bank statements and transaction data.
"Documentation" means the user guides, help articles and technical specifications made available by the Company at the Platform or otherwise provided to the Client.
"Fees" means the subscription fees and any other charges payable by the Client as set out in the Order Form or pricing schedule.
"Order Form" means the written or electronic order document signed or accepted by the Client specifying the subscription tier, number of Authorised Users, payment terms and any additional services.
"Platform" means the 3 Clouds AI software-as-a-service platform, including all features, APIs, and associated services made available by the Company.
"Professional Services" means any implementation, training or consultancy services provided by the Company in addition to the Platform subscription.
"Subscription Term" means the period of the Client's subscription as set out in the Order Form.
3.1 Grant. Subject to payment of the Fees and compliance with these Terms, the Company grants the Client a limited, non-exclusive, non-transferable, revocable licence during the Subscription Term to access and use the Platform solely for the Client's internal business purposes and in accordance with the Documentation.
3.2 Authorised Users. The Client may permit Authorised Users to access the Platform up to the number specified in the Order Form. The Client is responsible for ensuring that Authorised Users comply with these Terms. The Client must promptly notify the Company if it becomes aware of any unauthorised access.
3.3 Restrictions. The Client must not, and must ensure that Authorised Users do not: (a) sublicence, sell, resell, transfer or assign the Platform or any rights under these Terms; (b) copy, modify, create derivative works of, or reverse-engineer the Platform or any part of it; (c) use the Platform to develop a competing product or service; (d) access the Platform by automated means (except through authorised APIs); (e) use the Platform to process data on behalf of third parties outside the scope of the Order Form; (f) remove or obscure any proprietary notices; or (g) use the Platform in a manner that violates applicable law.
3.4 Third-party Integrations. The Platform may integrate with third-party services (including accounting software, banking data providers and AI model providers). The Client's use of such third-party services is subject to the applicable third-party terms, and the Company is not responsible for the availability, accuracy or conduct of those services.
4.1 The Client must: (a) provide accurate registration information and keep it up to date; (b) maintain the security of account credentials and not share them between individuals; (c) ensure that all Client Data uploaded to the Platform does not infringe third-party rights and is lawfully obtained; (d) use the Platform only for lawful purposes; and (e) comply with applicable laws, including tax and accounting regulations in the Client's jurisdiction.
4.2 The Client acknowledges that the Platform provides AI-assisted analysis and automation tools that are intended to support, not replace, professional judgement. The Client remains solely responsible for: (a) reviewing all AI-generated outputs before relying on them; (b) the accuracy and completeness of all financial statements, tax returns and reports submitted to any authority; and (c) compliance with professional standards and regulatory obligations applicable to the Client or its accountants.
4.3 The Client must not upload to the Platform any data that is: (a) subject to export control or sanctions; (b) classified information; or (c) sensitive personal data except to the extent necessary and permitted under the Data Processing Agreement.
5.1 The Client must pay the Fees as specified in the Order Form. All Fees are stated exclusive of VAT or other applicable taxes, which will be added where required by law.
5.2 Subscriptions are billed in advance on a monthly basis. The Client may cancel at any time; access continues until the end of the billing period.
5.3 If payment is not received within 14 days of the due date, the Company may suspend access to the Platform on 7 days' written notice to the Client. Access will be restored upon payment of all outstanding amounts.
5.4 The Company may increase Fees at any time on 60 days' written notice to the Client. If the Client objects to a Fee increase, it may terminate the subscription at the end of the then-current Subscription Term by giving written notice within 30 days of receiving the increase notification.
5.5 All payments must be made in the currency specified in the Order Form. The Company may charge reasonable interest on overdue amounts at the rate of 2% per annum above the base rate of the European Central Bank.
6.1 Platform IP. The Platform, including all software, algorithms, models, interfaces, documentation and associated intellectual property rights, is and shall remain the exclusive property of the Company or its licensors. These Terms do not transfer any intellectual property rights to the Client.
6.2 Client Data. As between the parties, the Client owns all Client Data. The Client grants the Company a non-exclusive, worldwide licence to process Client Data solely to provide and improve the Platform during the Subscription Term.
6.3 Feedback. If the Client provides feedback, suggestions or ideas regarding the Platform, the Client grants the Company a perpetual, irrevocable, royalty-free licence to use such feedback for any purpose without obligation to the Client.
6.4 Aggregated Data. The Company may create anonymised and aggregated data derived from Client Data that does not identify the Client or any individual, and may use such data for product development, research and benchmarking purposes.
7.1 Each party ("Receiving Party") agrees to keep confidential all non-public information disclosed by the other party ("Disclosing Party") that is designated as confidential or that a reasonable person would understand to be confidential given the nature of the information and circumstances of disclosure ("Confidential Information").
7.2 Each Receiving Party must: (a) use Confidential Information only for the purposes of performing its obligations or exercising its rights under these Terms; (b) protect Confidential Information using at least the same degree of care it uses for its own confidential information, but in no event less than reasonable care; and (c) not disclose Confidential Information to any third party without the Disclosing Party's prior written consent, except to employees, contractors or advisers who have a need to know and are bound by confidentiality obligations no less protective than those in these Terms.
7.3 Confidentiality obligations do not apply to information that: (a) is or becomes publicly known through no fault of the Receiving Party; (b) was known to the Receiving Party before receipt from the Disclosing Party; (c) is received from a third party free from any confidentiality obligation; or (d) must be disclosed to comply with applicable law or a court order, provided the Receiving Party gives prompt notice where legally permitted.
7.4 These confidentiality obligations survive termination or expiry of these Terms for a period of five (5) years.
8.1 To the extent the Platform involves the processing of personal data, the parties' respective rights and obligations are set out in the Data Processing Agreement ("DPA"), which forms part of these Terms.
8.2 The Client represents and warrants that it has a lawful basis for processing and transferring Client Data to the Company and that it has provided all necessary notices to and obtained all necessary consents from data subjects where required.
9.1 Company Warranties. The Company warrants that: (a) it has the right to grant the licences in these Terms; (b) the Platform will perform materially in accordance with the Documentation during the Subscription Term; and (c) it will implement reasonable technical and organisational measures to protect Client Data.
9.2 Client Warranties. The Client warrants that: (a) it has the authority to enter into these Terms; (b) it will use the Platform in accordance with applicable law and these Terms; and (c) Client Data does not infringe third-party rights.
9.3 Disclaimer. Except as expressly stated in these Terms, the Platform is provided "as is" and the Company disclaims all implied warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement. The Company does not warrant that the Platform will be error-free, uninterrupted or that AI-generated outputs will be accurate, complete or suitable for regulatory submission.
10.1 Neither party excludes liability for: (a) death or personal injury caused by its negligence; (b) fraud or fraudulent misrepresentation; or (c) any liability that cannot be excluded by law.
10.2 Subject to clause 10.1, in no event shall either party be liable for: (a) loss of profits; (b) loss of business or revenue; (c) loss of or corruption of data; (d) loss of anticipated savings; (e) business interruption; or (f) any indirect, special, consequential, incidental or punitive loss or damage, whether arising in contract, tort (including negligence), breach of statutory duty or otherwise, even if advised of the possibility of such loss.
10.3 Subject to clauses 10.1 and 10.2, the Company's total aggregate liability to the Client in any 12-month period, whether in contract, tort or otherwise, shall not exceed the total Fees paid by the Client in that 12-month period.
10.4 The Client acknowledges that AI-generated outputs are advisory in nature and that the Company shall have no liability for any decisions made or actions taken by the Client in reliance on such outputs without independent professional review.
11.1 The Client shall indemnify, defend and hold harmless the Company and its officers, directors, employees and agents against any claims, damages, losses, costs and expenses (including reasonable legal fees) arising out of or relating to: (a) Client Data, including any claim that Client Data infringes a third party's rights; (b) the Client's use of the Platform in breach of these Terms or applicable law; or (c) any claim by an Authorised User or third party arising from the Client's use of the Platform.
11.2 The Company shall indemnify the Client against any third-party claim that the Platform, as used in accordance with these Terms, infringes that third party's intellectual property rights, provided the Client: (a) notifies the Company promptly in writing; (b) gives the Company sole control of the defence; and (c) provides reasonable assistance at the Company's expense.
12.1 These Terms commence on the date the Client first accepts them and continue for the Subscription Term specified in the Order Form. Unless either party gives written notice of non-renewal at least 30 days before the end of the then-current Subscription Term, the subscription will automatically renew for successive periods of the same duration.
12.2 Either party may terminate these Terms immediately by written notice if: (a) the other party commits a material breach that is not remedied within 30 days of written notice; (b) the other party becomes insolvent, makes a general assignment for the benefit of creditors, or has a receiver or liquidator appointed; or (c) the other party is subject to any action under applicable insolvency legislation.
12.3 The Company may terminate these Terms immediately if the Client: (a) fails to pay Fees after the cure period in clause 5.3; (b) uses the Platform in a manner that poses a security risk or legal liability to the Company; or (c) violates clause 3.3 (Restrictions).
12.4 Effect of Termination. On termination or expiry of these Terms: (a) the Client's licence to use the Platform immediately ceases; (b) the Client must cease all use and delete any downloaded materials; (c) each party must return or destroy the other's Confidential Information on request; (d) the Company will make Client Data available for export for 30 days following termination, after which it will be securely deleted; and (e) all accrued payment obligations survive.
12.5 Clauses 6, 7, 8, 10, 11, 12.4 and 14 survive termination or expiry of these Terms.
13.1 The Company will use commercially reasonable efforts to make the Platform available 99.5% of the time in any calendar month, excluding scheduled maintenance and circumstances beyond the Company's reasonable control.
13.2 Scheduled maintenance will be notified at least 48 hours in advance where practicable and carried out outside of peak business hours.
13.3 Support is provided by email and in-platform ticketing during business hours (Monday to Friday, 09:00–18:00 EET) with target response times as set out in the Documentation. Enterprise clients receive dedicated support as specified in their Order Form.
14.1 Governing Law. These Terms are governed by the laws of the Republic of Cyprus. The parties irrevocably submit to the exclusive jurisdiction of the courts of Nicosia, Cyprus.
14.2 Entire Agreement. These Terms, together with the Order Form, DPA and any other incorporated documents, constitute the entire agreement between the parties with respect to the subject matter and supersede all prior agreements, representations and understandings.
14.3 Amendments. The Company may update these Terms at any time. Material changes will be notified at least 30 days in advance. Continued use after the effective date constitutes acceptance. Non-material changes take effect immediately.
14.4 Assignment. The Client may not assign or transfer these Terms or any rights or obligations without the Company's prior written consent. The Company may assign these Terms in connection with a merger, acquisition or sale of all or substantially all of its assets.
14.5 Force Majeure. Neither party is liable for failure to perform its obligations if such failure is caused by events beyond its reasonable control, including natural disasters, war, pandemic, governmental action, or failure of third-party infrastructure providers, provided it gives prompt notice and uses reasonable efforts to overcome the delay.
14.6 Waiver and Severability. Failure to enforce any right under these Terms is not a waiver of that right. If any provision is found to be unenforceable, the remaining provisions continue in full force.
14.7 Notices. Legal notices must be in writing and sent by email with delivery confirmation or by registered post to the addresses in the Order Form or as updated in writing. Notices to the Company must be sent to legal@askbusinesssolutions.com.
14.8 Anti-Bribery. Each party will comply with all applicable anti-bribery and anti-corruption laws.
The specific features and usage limits included in each subscription tier are set out in the current pricing schedule published at 3cloudsai.com/pricing and incorporated into the Order Form.
You must not use the Platform to: (a) engage in any unlawful activity; (b) upload malicious code or attempt to gain unauthorised access to any system; (c) interfere with the integrity or availability of the Platform; (d) transmit spam or unsolicited communications; (e) impersonate any person or entity; (f) attempt to reverse-engineer or extract the underlying AI models; (g) circumvent any usage limits or access controls; or (h) use the Platform in a way that violates any applicable professional standards, including those set by ICPAC or equivalent regulatory bodies.
Where the Company agrees to provide Professional Services (e.g. onboarding, training, custom integrations), such services will be scoped in a separate statement of work. Professional Services Fees are invoiced separately and are non-refundable once delivered. The Company will perform Professional Services with reasonable skill and care. Time estimates are indicative only and the Company is not liable for delays caused by the Client's failure to provide timely access, information or approvals.
Version 1.0 — Effective date: [TBC upon launch]
This Data Processing Agreement ("DPA") forms part of the Terms of Service between ASK Business Solutions Ltd and the Client and governs the processing of personal data by the Company on behalf of the Client.
1.1 In providing the Platform, the Company may process personal data on behalf of the Client. This DPA sets out the terms on which such processing takes place, as required by Regulation (EU) 2016/679 ("GDPR") and the applicable data protection laws of the Republic of Cyprus.
1.2 In this DPA: the Client acts as Controller (or Processor where the Client itself processes personal data on behalf of its own clients); and ASK Business Solutions Ltd acts as Processor (or Sub-Processor). The roles of the parties and the nature of personal data processed are set out in Annex 1.
1.3 This DPA supplements and is incorporated into the Terms of Service. In the event of conflict between this DPA and the Terms of Service in relation to personal data processing, this DPA prevails.
2.1 The Controller warrants and undertakes that it: (a) has a valid lawful basis under GDPR Article 6 (and Article 9 where applicable) for transferring personal data to the Processor; (b) has provided all required privacy notices to data subjects; (c) will not instruct the Processor to process personal data in a way that would cause the Processor to violate applicable law; and (d) will promptly inform the Processor of any changes to applicable law that may affect the Processor's obligations under this DPA.
2.2 Where the Client is itself a Processor (e.g. an accounting firm processing the personal data of its clients' employees or directors), the Client represents that it has the authority of the relevant Controller(s) to appoint the Company as Sub-Processor on the terms of this DPA.
The Processor shall, with respect to personal data processed under this DPA:
3.1 Instructions. Process personal data only on the documented instructions of the Controller (including as set out in this DPA and the Terms of Service), unless required to do so by applicable law, in which case the Processor shall notify the Controller of that legal requirement before processing, unless prohibited from doing so by law.
3.2 Confidentiality. Ensure that persons authorised to process personal data have committed to confidentiality or are under a statutory obligation of confidentiality.
3.3 Security. Implement and maintain the technical and organisational security measures described in Annex 2, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing, as well as the risk to the rights and freedoms of natural persons.
3.4 Sub-Processing. Not engage any Sub-Processor without prior written authorisation from the Controller, except that the Controller hereby provides general authorisation for the Sub-Processors listed in Annex 3. The Processor will notify the Controller of any intended changes to Sub-Processors, giving the Controller the opportunity to object. The Processor shall impose on Sub-Processors data protection obligations equivalent to those in this DPA.
3.5 Data Subject Rights. Assist the Controller by implementing appropriate technical and organisational measures for the fulfilment of the Controller's obligations to respond to requests by data subjects to exercise rights under Chapter III of GDPR. The Processor will notify the Controller within 5 business days of receiving a data subject request and will not respond directly without the Controller's authorisation.
3.6 Data Protection Impact Assessments. Provide reasonable assistance to the Controller in carrying out data protection impact assessments and prior consultations with supervisory authorities where required.
3.7 Breach Notification. Notify the Controller without undue delay (and in any event within 48 hours of becoming aware) of any personal data breach. The notification will include, to the extent then known: (a) the nature of the breach, including the categories and approximate number of data subjects and records concerned; (b) the likely consequences of the breach; and (c) the measures taken or proposed to address the breach.
3.8 Deletion or Return. Upon termination of the Terms of Service, delete or return all personal data as directed by the Controller, unless retention is required by applicable law. The Processor will certify such deletion in writing on request.
3.9 Audit. Make available to the Controller all information necessary to demonstrate compliance with this DPA, and allow for and contribute to audits and inspections conducted by the Controller or an auditor mandated by the Controller, on reasonable notice and at the Controller's expense. The Processor may require that the auditor enters into a reasonable confidentiality agreement before proceeding.
4.1 The Processor processes personal data within the European Economic Area ("EEA") as its primary data region. Where personal data is transferred to Sub-Processors outside the EEA, the Processor shall ensure that an appropriate transfer mechanism is in place, such as: (a) the European Commission's Standard Contractual Clauses; (b) a transfer to a country benefiting from an adequacy decision; or (c) another mechanism permitted under GDPR Chapter V.
4.2 Details of Sub-Processors and their locations are set out in Annex 3. The Processor will update Annex 3 when Sub-Processors change, providing at least 14 days' advance notice.
5.1 Each party's liability under this DPA is subject to the limitations and exclusions set out in the Terms of Service, except to the extent that such limitations are prohibited by applicable law.
5.2 Where both parties are responsible for a GDPR breach, liability will be apportioned between them according to their respective contributions to the damage.
6.1 This DPA takes effect on the date the Client first accepts the Terms of Service and continues until termination of the Terms of Service and completion of all post-termination deletion obligations.
7.1 This DPA is governed by the laws of the Republic of Cyprus and the parties submit to the exclusive jurisdiction of the courts of Nicosia, Cyprus, without prejudice to the right of data subjects to bring claims before any competent supervisory authority.
| Element | Details |
|---|---|
| Subject matter | Provision of the 3 Clouds AI accounting automation platform |
| Duration | For the Subscription Term and post-termination deletion period |
| Nature of processing | Storage, retrieval, analysis, categorisation, transformation, AI-assisted review, and deletion of accounting and financial records |
| Purpose of processing | To provide the Platform services, including automated bookkeeping, bank reconciliation, financial reporting, tax preparation assistance, and audit support |
| Categories of data subjects | Employees, directors, shareholders, sole traders, and counterparties (suppliers/customers) whose personal data appears in financial documents processed through the Platform |
| Categories of personal data | Names, contact details (email, address, phone), national identification or tax reference numbers, financial account details, transaction data, payroll information |
| Special category data | Not anticipated; the Controller must not upload special category data unless a specific legal basis applies |
The Processor implements the following categories of security measures:
Access Controls: Role-based access control (RBAC); multi-factor authentication required for all Platform accounts; principle of least privilege applied to internal systems; separate credentials for production and development environments.
Encryption: All data encrypted at rest using AES-256. All data in transit encrypted using TLS 1.2 or higher. Encryption keys managed through AWS Key Management Service with annual rotation.
Network Security: Web application firewall (WAF); DDoS protection; network segmentation between application, database and AI processing tiers; continuous intrusion detection monitoring.
Availability: Multi-availability-zone deployment; automated daily backups with 30-day retention; regular disaster recovery testing; 99.5% monthly uptime target.
Vulnerability Management: Automated dependency scanning; regular penetration testing; security patch management policy with critical patches applied within 48 hours; responsible disclosure programme.
Personnel: Security awareness training for all staff on joining and annually; background checks for roles with access to production data; contractual confidentiality obligations for all personnel and contractors.
Incident Response: Documented incident response plan; designated security contact; 48-hour breach notification commitment; annual tabletop exercises.
Audit and Logging: Comprehensive audit logs for all access to and processing of personal data; log integrity protection; logs retained for a minimum of 12 months.
| Sub-Processor | Location | Purpose | Transfer Mechanism |
|---|---|---|---|
| Amazon Web Services (AWS) | EU (Ireland / Frankfurt) | Cloud infrastructure, storage, compute | EEA — No transfer |
| Odoo S.A. | Belgium (EEA) | ERP and accounting data model layer | EEA — No transfer |
| SaltEdge Inc. | EU / Canada | Open Banking / bank feed connectivity | EU SCCs |
| Langfuse GmbH | Germany (EEA) | AI model observability and tracing | EEA — No transfer |
| Railway Corp. | USA | Application hosting and deployment pipeline | EU SCCs |
| Vercel Inc. | USA | Front-end delivery and edge functions | EU SCCs |
| Veriff OÜ | Estonia (EEA) | Identity verification (KYC/onboarding) | EEA — No transfer |
The Processor will notify the Controller at least 14 days in advance of any addition or replacement of Sub-Processors by publishing an update to this Annex and emailing the Controller's registered address.
