Terms of Service

Please contact us if you do not speak Finnish and are interested in our service.

Last updated 22.4.2026

Note, that each customer shall agree to Carbonlink Terms of Service when signing a contract and will be notified of any changes. This document is only for reference.

This document contains the normative service terms that bind the contract provider regarding the CarbonLink service (further known as Service) and its production. The description of the Service can be found in the document “CarbonLink Service Description”.

The document also contains descriptive parts regarding the state of the Service currently, which do not bind the service provider.

Changes to the Terms of Service

The Service Provider will inform of changes to the binding terms of the terms of service 28 days before the changes take place. If the customer does not want to accept the new terms, they have the right to end their subscription before the changes take place.

The results given by the Service are evaluations and forecasts, and the Service Provider is not liable for their factuality or possible financial detriment caused by them.

Scope of the calculations

The carbon footprint calculation covers the GHG protocol scopes 1, 2 and 3.

Due to the nature of the calculation and the data, calculation results for the manufacturing sector, for example construction or raw material processing are not comprehensive, and do not contain e.g. the life-cycle analysis of construction or the manufacturing of a specific product.

Bringing Data Into the Service

The Service offers a mechanical user interface for data entry, reached via the internet. The Service also fetches data from other systems through their own interfaces.

The CarbonLink interface is initialized by requesting for a new API key from CarbonLink’s technical support (Application Programming Interface) which will be taken to the system that is responsible for the interface.

Fetching data from an external system is initialized according to the instructions specific to the external system, which is most commonly done by creating a new API key with the requisite rights and delivering it to CarbonLink.

Some financial control systems are added to the Service directly with user access rights without keys. In these cases, it is highly recommended to create a separate specific user account for this, which is not personally used by a member of staff.

Changes to the CarbonLink interface that are not reverse-compatible that also require changes to the service providing the interface will be informed of 28 days before changes take place.

In most cases the newer version of the interface is usable in tandem with the old one during the transition period. The new version is also testable in developer environments.

Using the Service

Logging in is done through existing accounts the user has with Google (Sign in with Google) or Microsoft O365 logins (Azure AD).

Both methods provide multi-factor authentication (MFA) and access control for the Customer.

The Customer has the right to add the required amount of user accounts as users in CarbonLink and define their access control level. The Customer is responsible for who are added as users in the Service and who have access to the information of the Customer.

Updates and Maintenance to the Service

The Service is actively developed. New updates to the Service can be made daily. The updates may cause small breaks in availability of the Service, no longer than a few minutes. Larger breaks, such as database updates, will take place outside business hours.

Storing of Information in the Service and Data Protection

The Service will operate from one or several data centers residing in the EU/ETA area.

We have chosen the Google Hamina data center for hosting the Service (europe-north1, https://www.google.com/about/datacenters/locations/hamina/), which offers fast Nordic connections and is one of the most environmentally friendly data centers offered by Google (https://cloud.google.com/sustainability/region-carbon). Google data centers also fulfill all standards concerning data protection and security (https://cloud.google.com/security).

The user interfaces and programs behind the Service (like databases) are automatically updated. Environments in the Service (like the developer environment) and their parts are separated from one another, and cannot for example read information from one another.

Administrator rights of the Service (inc. viewing Customer data) are only added to necessary employees.

The Admin staff of CarbonLink sign in to the systems with multi-factor authentication and physical security tokens (FIDO2). Staff workstations are encrypted.

The Service Provider is not responsible for persistence of information in the system, since the Service does not store original financial data.

The format of stored and processed data may change as the system develops. The system relies on the storage of original financial data, and fetching of data and recalculation can be done again several times if needed.

The internal data and calculation results in the Service are always backed up. The data is stored as long as it is pertinent for data-analysis, scientific research and development of the Service.

The algorithms that form the base of the calculation do not need nor do they understand personal data. Personal data in electronic invoice material (for example contact information of the buyer or seller) is removed as a part of processing and calculation, and the data does not create an identity register.

In addition to financial data, the Service has necessary information on e.g. users. These details are subject to common data protection and security requirements and processes as specified by legislation.

Right to Use the Results

The Service Provider has a non-exclusive permanent right to handle and use the financial data and the calculation results derived from it in the capacity in which it is needed to do so to provide the Service and develop, improve, test and market the Service. Use of data in the Service for the aforementioned purposes cannot be prohibited.

All rights to results or products such as service analyses, statistical data and other anonymised information belong to the Service Provider.

The Customer has the right to use the results, reports and visualizations of the calculation in the manner of their choosing. The Customer will receive the user rights to results and products derived from their data.

The Service Provider will retain the permanent right to use the data generated by the Service for scientific purposes, anonymized.

The information in the Service can be used for third party audits.

Excessive Use of the Service

If the Customer uses the service in a way that makes it difficult, hinders or prevents the provision of the Service to other Customers or impairs the availability or continuity of the service, intentionally or unintentionally, the Service Provider has the right to restrict the use of the service, provided that CarbonLink has instructed the Customer about the methods of use that may be disruptive in the above-mentioned way and the Customer has not changed his/her behavior despite CarbonLink’s warning.

In cases of serious and repeated misuse, the Service Provider has the right to terminate the agreement immediately. In these situations, service fees already paid will not be refunded to the Customer.