Legal documents

Terms of Service

Version 2.2

These Terms of Service set out the rules under which the Service Provider supplies electronic services through the online platform available at biurko.io, and have been prepared in accordance with the obligation arising from Article 8 of ustawa z dnia 18 lipca 2002 r. o świadczeniu usług drogą elektroniczną (Dz.U. 2024 poz. 1513 z późn. zm.).

The Terms additionally take into account:

  • Rozporządzenie Parlamentu Europejskiego i Rady (UE) 2022/2065 (Akt o usługach cyfrowych — DSA) — with respect to the obligations of providers of intermediary services,
  • Dyrektywa Parlamentu Europejskiego i Rady (UE) 2019/770 w sprawie umów o dostarczanie treści cyfrowych i usług cyfrowych — with respect to contracts for the supply of digital content and digital services,
  • Dyrektywa Parlamentu Europejskiego i Rady (UE) 2019/2161 (dyrektywa Omnibus) and ustawa z dnia 30 maja 2014 r. o prawach konsumenta (Dz.U. 2025 z późn. zm.) — with respect to consumer protection,
  • ustawa z dnia 5 sierpnia 2025 r. o zmianie ustawy o podatku od towarów i usług oraz ustawy o zmianie ustawy o podatku od towarów i usług oraz niektórych innych ustaw (Dz.U. 2025 poz. 1203) — with respect to integration with the National e-Invoicing System (KSeF), including offline24 mode (Art. 106nda of the Polish VAT Act), emergency mode (Art. 106nf), and the penalties set out in Art. 106ni of the Polish VAT Act,
  • Rozporządzenie Parlamentu Europejskiego i Rady (UE) 2024/1689 (AI Act) — with respect to any future AI-based features, including the transparency obligations under Art. 50 which become applicable on 2 sierpnia 2026 r.,
  • Dyrektywa Parlamentu Europejskiego i Rady (UE) 2022/2555 (NIS2) wdrożona ustawą o krajowym systemie cyberbezpieczeństwa (KSC 2.0) and the Polish Act on the National Cybersecurity System (KSC), in force since 3 kwietnia 2026 r., with respect to information security.

Table of Contents

§ 1. Definitions

The terms used in these Terms have the following meanings:

  1. Service Provider — ITCompass - ARTEM SHEVCHENKO, conducting business activity in the form of działalność jednoosobowa at Zawiszy Czarnego 6, 40-872 Katowice, Polska, NIP: 6343060594, REGON: 542705577, e-mail: contact@itcompass.io, tel.: +48 732 959 892.
  2. Service — the online platform provided by the Service Provider at biurko.io (also: „Biurko"), through which the Service Provider supplies the Services.
  3. Service Recipient (User) — a natural person with full legal capacity, a legal person, or an organisational unit without legal personality, who uses the Services or has entered into the Agreement with the Service Provider.
  4. Consumer — a Service Recipient who is a consumer within the meaning of Art. 22¹ of the Polish Civil Code.
  5. Entrepreneur on consumer rights — a natural person entering into an agreement directly related to their business activity, where the content of the agreement shows that it is not of a professional nature for that person (Art. 38a of the Polish Consumer Rights Act and Art. 385⁵ of the Polish Civil Code).
  6. Account — an individual, separate set of IT resources enabling the Service Recipient to use the Services.
  7. Agreement — the agreement for the provision of electronic services and the agreement for the supply of digital content or digital services within the meaning of Art. 43a et seq. of the Consumer Rights Act, concluded between the Service Provider and the Service Recipient on the conditions set out in the Terms.
  8. Subscription — a periodic fee for using the chosen Plan.
  9. Plan — a variant of the Services differing in scope of functionality, limits and Subscription fee. The current list of Plans together with prices is published in the pricing section of the Service. As at the effective date of these Terms, the following Plans are available: FREE, SOLO, TEAM and SCALE.
  10. KSeF — Krajowy System e-Faktur (KSeF), operated by Minister Finansów Rzeczypospolitej Polskiej (Ministerstwo Finansów, ul. Świętokrzyska 12, 00-916 Warszawa) — operacyjnie: Szef Krajowej Administracji Skarbowej, referred to in ustawa z dnia 11 marca 2004 r. o podatku od towarów i usług (Dz.U. 2025 poz. 775 z późn. zm.) and ustawa z dnia 5 sierpnia 2025 r. o zmianie ustawy o podatku od towarów i usług oraz ustawy o zmianie ustawy o podatku od towarów i usług oraz niektórych innych ustaw (Dz.U. 2025 poz. 1203).
  11. Invoice — an accounting document (including a structured invoice within the meaning of the VAT Act) issued by the Service Recipient via the Service.
  12. Counterparty — a natural person or entity whose data the Service Recipient enters into the Service for the purpose of issuing an Invoice (in particular the buyer).
  13. GDPR — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
  14. DSA — Rozporządzenie Parlamentu Europejskiego i Rady (UE) 2022/2065 (Akt o usługach cyfrowych — DSA).
  15. AI Act — Rozporządzenie Parlamentu Europejskiego i Rady (UE) 2024/1689 (AI Act).
  16. AI System — a system referred to in Art. 3(1) of the AI Act.
  17. NIS2 / KSC — Dyrektywa Parlamentu Europejskiego i Rady (UE) 2022/2555 (NIS2) wdrożona ustawą o krajowym systemie cyberbezpieczeństwa (KSC 2.0) together with the Polish Act on the National Cybersecurity System, in force since 3 kwietnia 2026 r..
  18. DSA Point of Contact — the single point of contact of the Service Provider within the meaning of Art. 11 and 12 DSA, referred to in § 15.
  19. Privacy Policy — the informational document available at biurko.io/polityka-prywatnosci.
  20. Cookies Policy — the document available at biurko.io/polityka-cookies.

§ 2. General provisions

  1. The Terms set out:
    • the type and scope of electronic Services,
    • the conditions for concluding and terminating the Agreement,
    • the conditions for providing the Services, including technical requirements, compatibility and interoperability (Art. 43b(2) of the Consumer Rights Act),
    • the complaint handling procedure and out-of-court dispute resolution,
    • the Service Provider's obligations under the DSA,
    • the principles of personal data protection and the parties' obligations.
  2. The Service Recipient is obliged to read these Terms before concluding the Agreement and to comply with them throughout the period of using the Services.
  3. The Terms are made available to the Service Recipient free of charge in a manner that enables their acquisition, reproduction and recording in the Service Recipient's IT system (Art. 8(1)(2) of the Act on the provision of electronic services).
  4. The authentic text of the Terms is the Polish version. In the event of a discrepancy between the Polish text and a translation into another language, the Polish version shall prevail.

§ 3. Type and scope of Services

  1. Within the Service, the Service Provider supplies, in particular, the following Services:
    • keeping the Service Recipient's Account,
    • enabling the issuance, editing, storage and archiving of Invoices in the formats provided for by Polish law (VAT, KOR, ZAL, ROZ, UPR, RR, PROFORMA and others),
    • KSeF integration for the sending and receipt of structured invoices, support of offline24 mode and emergency mode, attaching of invoice attachments, and obtaining UPO,
    • management of Counterparties, products and bank account data,
    • generating Invoices in PDF format,
    • sending Invoices and reminders by electronic means,
    • e-mail and push notifications about Account- and Invoice-related events,
    • making available data exports in a structured format (CSV, JSON, XML), in accordance with Art. 20 GDPR,
    • an optional, Service-Recipient-enabled integration with a third-party AI assistant (client) via the Model Context Protocol (MCP) protocol (see § 13).
  2. The detailed scope of Services available within a given Plan is set out in the current pricing published in the Service.
  3. The Service Provider may introduce new features, modify existing ones and remove those no longer maintained. Modifications that do not materially worsen the conditions of Service provision do not constitute a change to the Terms. Modifications introducing a material change of digital services are announced in accordance with § 20 and Art. 43k of the Consumer Rights Act.

§ 4. BETA status (Early Access)

  1. Until 2026-07-01 the Service is provided in a test version (closed beta, Early Access).
  2. During the beta period:
    • Services are provided „as-is", without warranty of availability, continuity of operation, or completeness of features,
    • the Service Provider does not grant any SLA and does not undertake to compensate for downtime,
    • some features may be marked „Coming Soon" and rolled out gradually,
    • the limitations of liability set out in § 17 apply to the maximum extent permitted by law.
  3. This paragraph does not exclude or limit the rights of Consumers or Entrepreneurs on consumer rights arising from mandatory provisions of law, in particular Art. 43h–43m of the Consumer Rights Act (conformity of digital content / service with the contract).

§ 5. Technical requirements, compatibility and interoperability

  1. Using the Service requires:
    • a device with Internet access,
    • a web browser supporting current HTML5, CSS3 and JavaScript standards (latest versions of Chrome, Firefox, Safari, Edge),
    • enabled cookies and JavaScript,
    • an active e-mail address,
    • for KSeF integration — meeting the requirements set by the Minister of Finance and possessing the appropriate authorisations or certificate.
  2. Functionality of the Service includes the features described in § 3 and in the pricing as well as in the Service documentation.
  3. Compatibility — the Service operates on web browsers meeting the technical requirements, on desktop and mobile operating systems supporting current browsers. The Service does not require the installation of any additional software on the Service Recipient's side beyond a browser.
  4. Interoperability — the Service provides REST APIs, an integration interface based on the Model Context Protocol (MCP) protocol (enabled by the Service Recipient — see § 13), and CSV/JSON/XML exports allowing data exchange with external systems (accounting software, ERP, AI assistants). Structured invoices are transmitted to KSeF in XML format compliant with the FA(3) schema published by the Minister of Finance.
  5. The Service Provider does not guarantee correct operation of the Service when using outdated browsers or devices that do not meet the technical requirements.
  6. The Service Recipient is prohibited from providing unlawful content, in particular content infringing third-party rights, good morals or the security of the Service (Art. 8(3)(2)(b) of the Act on the provision of electronic services).

§ 6. Conclusion of the Agreement and Account creation

  1. The Agreement is concluded upon the joint fulfilment of the following conditions:
    • completion of the registration form and provision of the required data,
    • acceptance of the Terms and the Privacy Policy,
    • confirmation of the e-mail address by clicking the activation link.
  2. Registration in the Service is free of charge; using Services beyond the FREE Plan requires the purchase of a Subscription.
  3. The Service Recipient is obliged to provide true, current and complete data, in particular the NIP and registration data of the Entrepreneur. The Service Provider reserves the right to verify the data (e.g. in the GUS/REGON register).
  4. Sharing the Account with third parties beyond the rights granted to team members (roles) within the Plan is prohibited.
  5. The Service Recipient is responsible for the confidentiality of their access data, including passwords and KSeF certificates.

§ 7. Service Recipient's Account and roles

  1. Within a single Account the Service Recipient may operate one or more entities (Companies), in accordance with the limits of the chosen Plan.
  2. For each Company, the Service Recipient may invite collaborators and assign them one of the following roles:
    • OWNER — full owner rights,
    • ADMIN — Company administrator,
    • ACCOUNTANT — bookkeeper (access to Invoices and finances),
    • MEMBER — team member with limited rights.
  3. The Account holder (OWNER) is responsible for the actions of the persons to whom they have granted access to the Company.

§ 8. Subscription, Plans, prices and payments

  1. The current list of Plans together with their limits and Subscription amount is published in the pricing in the Service. As at the effective date of these Terms the following are available:
    • FREE — a free starter Plan with basic limits,
    • SOLO — a Plan for single-person Companies,
    • TEAM — a Plan for teams of several people / several Companies,
    • SCALE — a Plan for larger organisations with extended limits.
  2. Prices are quoted in Polish zlotys (PLN) and include VAT at the statutory rate currently in force. At each price we indicate its nature (gross), in line with the Omnibus requirements.
  3. The Service Recipient may choose one of the available billing cycles: monthly or yearly. Current discounts for the yearly cycle are indicated in the pricing.
  4. Payments are processed exclusively through the payment operator Stripe Payments Europe, Limited (Dublin, Irlandia). The Service Provider does not store full payment card details.
  5. A VAT invoice for the Subscription is issued and delivered electronically, in accordance with the rules set out in the VAT Act.
  6. Failure to pay the Subscription results in:
    • the Account entering a grace period of 7 days,
    • after the grace period — limited access to paid Services with the option to return to the FREE Plan,
    • after 5 years (60 months) of inactivity — deletion of data in accordance with § 18.
  7. Reviews and opinions of other users published in the Service come exclusively from persons who have actually used the Services. The Service Provider verifies the authenticity of reviews in accordance with Art. 5a of the Act on counteracting unfair market practices.

§ 9. Right of withdrawal (Consumer and Entrepreneur on consumer rights)

  1. A Consumer and an Entrepreneur on consumer rights have the right to withdraw from the Agreement within 14 days from its conclusion, without giving any reason, by submitting a statement of withdrawal to the Service Provider (e.g. by electronic means to contact@itcompass.io).
  2. Activating a paid Plan (purchasing a Subscription) constitutes an order to perform digital Services before the lapse of the withdrawal period. In order for the Service Provider to be able to commence performance immediately upon payment of the Subscription, the Consumer (or Entrepreneur on consumer rights) submits an express request to commence performance before the lapse of the withdrawal period and a statement of awareness of the loss of the right of withdrawal upon full performance of the Service (Art. 38 points 1 and 13 of the Consumer Rights Act). These statements are submitted separately from acceptance of the Terms — by ticking two dedicated boxes on the Subscription purchase screen. Failure to tick them prevents commencement of performance before the lapse of the withdrawal period; the Service Provider will then activate the Plan on the day following the lapse of the 14-day withdrawal period.
  3. If performance of the Service has commenced at the Consumer's express request before the lapse of the withdrawal period, the Consumer loses the right of withdrawal in respect of the performance that has already been fully rendered (Art. 38 point 1 of the Consumer Rights Act). With respect to performance that has commenced but has not yet been fully rendered, the Consumer retains the right of withdrawal with an obligation to pay a proportional part of the Subscription (Art. 35(1) of the Consumer Rights Act).
  4. The model statement of withdrawal from the Agreement is set out in Annex 1 to the Terms.
  5. The refund of payment is made within 14 days of receipt of the statement — using the same payment method that the Consumer used.

§ 10. Subscription refunds

  1. Notwithstanding the rights referred to in § 9, the Service Provider enables refund of the Subscription fee within 14 days of its payment, provided that:
    • the payment has been successfully booked,
    • the Service Recipient has not significantly exceeded the limits of use of the Services.
  2. Refund requests should be sent to contact@itcompass.io.
  3. The refund is made by the same method as the payment.

§ 11. Complaints and out-of-court dispute resolution

  1. The Service Recipient may submit complaints concerning the operation of the Service or of the electronic Services to contact@itcompass.io.
  2. The complaint should contain: identification of the Service Recipient (first name and surname / name, e-mail), description of the event and the expected manner of resolution.
  3. The Service Provider considers complaints within 14 days of receipt. The response is provided in the same manner in which the complaint was submitted.
  4. The Consumer is also entitled to the rights arising from Art. 43h–43m of the Consumer Rights Act (conformity of digital content/service with the contract), including requesting the bringing into conformity, reduction of the price or withdrawal from the Agreement.
  5. The Consumer has the right to out-of-court resolution of consumer disputes, in particular through the ODR platform available at: https://ec.europa.eu/consumers/odr.

§ 12. KSeF integration — detailed information

  1. The Service Provider makes available KSeF integration functionality, operated by Minister Finansów Rzeczypospolitej Polskiej (Ministerstwo Finansów, ul. Świętokrzyska 12, 00-916 Warszawa) — operacyjnie: Szef Krajowej Administracji Skarbowej.
  2. The obligation to issue structured invoices in KSeF is introduced by ustawa z dnia 5 sierpnia 2025 r. o zmianie ustawy o podatku od towarów i usług oraz ustawy o zmianie ustawy o podatku od towarów i usług oraz niektórych innych ustaw (Dz.U. 2025 poz. 1203) and covers:
    • from 1 lutego 2026 r. — active VAT taxpayers whose sales value (including the amount of tax) exceeded 200 mln zł in 2024,
    • from 1 kwietnia 2026 r. — the remaining active VAT taxpayers,
    • from 1 stycznia 2027 r. — full removal of exemptions, including for invoices below 10 000 zł and for invoices issued through cash registers.
  3. The Service supports the modes of operation set out in the VAT Act:
    • online mode — current invoice issuance in KSeF and retrieval of UPO,
    • offline24 mode (Art. 106nda of the VAT Act) — a permanent mode allowing issuance of invoices outside KSeF with the obligation to send them to KSeF najpóźniej w następnym dniu roboczym; the date of issue is the local date, the invoice receives an offline QR code,
    • emergency mode (Art. 106nf of the VAT Act) — activated upon a KSeF unavailability announced by the Minister of Finance; transmission of the invoice to KSeF takes place within 7 business days of the end of the failure. Unavailability notices are published in the Ministry of Finance BIP and in the Service,
    • invoice attachments — sent to KSeF in accordance with the guidelines of the Minister of Finance,
    • receiving e-invoices issued by the Service Recipient's Counterparties.
  4. Penalties for failure to issue an invoice in KSeF. Under Art. 106ni of the VAT Act, in the event of failure to issue a structured invoice via KSeF or in offline24 mode contrary to the obligation, the head of the tax office may impose a financial penalty on the taxpayer of up to 100% of the VAT amount shown on the invoice and, for VAT-free invoices, up to 18.7% of the total amount due. The application of financial penalties has been deferred until 1 stycznia 2027 r.; in the period from 1 lutego 2026 r. until that date, only registration and reporting obligations apply (the so-called „soft-landing"). Penalties are imposed by the competent head of the tax office by way of a decision; the information contained in this paragraph does not constitute tax advice.
  5. The Service Recipient bears sole responsibility for:
    • the correctness of data transmitted to KSeF (in particular the buyer's NIP and Invoice data),
    • the timeliness of sending invoices in offline24 mode and in emergency mode,
    • the effective protection of certificates and keys used for authentication in KSeF,
    • tax settlements arising from the Invoices issued, including any penalties referred to in paragraph 4.
  6. The Service Provider exercises due diligence in the integration; however, it is not liable for downtime or errors on the KSeF side, nor for changes to the FA(3) schema introduced by the Minister of Finance. In the event of such changes, the Service Provider adapts the Service without undue delay within the Service provided.

§ 13. Artificial intelligence (AI) features

  1. The Service makes available an optional integration with a third-party AI assistant (client) via the Model Context Protocol (MCP) protocol. The integration is voluntary and activated solely at the Service Recipient's initiative — by default no AI assistant is connected and no data is transmitted to AI systems.
  2. The Service Provider makes available on its side a secure interface (the MCP server). The Service Recipient may connect to it a third-party AI client/assistant of their choosing (e.g. Claude, Cursor, ChatGPT) and — through it — perform operations on their own data in the Service.
  3. The Service Provider is not a provider of an AI model nor a processor for the AI provider. The data the Service Recipient requests via the AI client is transmitted to the provider of that AI client chosen by the Service Recipient; the AI provider acts as a separate recipient on the Service Recipient's side and processes the data under its own rules. The choice of AI provider and acceptance of its terms rest with the Service Recipient. For this reason, the AI provider is not listed as a Sub-processor in Annex 3.
  4. To enable the Service Recipient to retain control over the scope of disclosed data, the integration provides: permissions (scope) granted per connection, an audit log of every tool invoked by the AI client, and instant disconnection (revoke) of the connection at any time. Details of data processing within the integration and the list of supported AI clients together with links to their privacy policies are set out in the Privacy Policy (section 12).
  5. Transparency (Art. 50 AI Act). The transparency obligations under Art. 50 of the AI Act apply from 2 sierpnia 2026 r.. With respect to any AI features surfaced on the Service side, the Service Provider clearly and visibly informs the Service Recipient of the interaction with an AI System (Art. 50(1) AI Act) and marks content generated or modified by AI (Art. 50(2) and (4) AI Act).
  6. Under no circumstances will the Service Provider use AI Systems in a manner constituting a prohibited practice within the meaning of Art. 5 of the AI Act, in force since 2 lutego 2025 r.. Before making available any own AI-based features, the Service Provider will inform Service Recipients of the change to the Terms at least 14 days before it enters into force and will update the Privacy Policy with respect to the categories of data, the legal basis of processing and the model providers.

§ 14. Information security and NIS2 / KSC

  1. The Service Provider applies technical and organisational security measures adequate to the threats and the nature of the data processed, in particular: encryption of transmission (TLS), encryption of sensitive data (AES-256), multi-factor authentication, role-based access control, backups, security monitoring, and audit logs.
  2. Status under NIS2 / KSC. The Polish Act on the National Cybersecurity System transposing Dyrektywa Parlamentu Europejskiego i Rady (UE) 2022/2555 (NIS2) wdrożona ustawą o krajowym systemie cyberbezpieczeństwa (KSC 2.0) has been in force since 3 kwietnia 2026 r.. The status of the entity (essential / important) is determined, inter alia, on the basis of the threshold of 50 employees or annual turnover / balance sheet total of 10 mln EUR. In view of the form of business activity (działalność jednoosobowa) and the size of the organisation, as at the effective date of these Terms the Service Provider does not qualify as an essential or important entity within the meaning of the said provisions. The Service Provider voluntarily applies selected standards from Annexes I and II to the NIS2 Directive.
  3. If the thresholds referred to in paragraph 2 are exceeded, the Service Provider will register in the list of essential / important entities within the time limit arising from the KSC Act and will implement the required measures within the time limits provided for in the regulations (including registration by 3 października 2026 r. and implementation of an Information Security Management System by 3 kwietnia 2027 r.).
  4. If a significant security incident is identified, the Service Provider:
    • immediately takes action to limit its consequences,
    • informs the affected Service Recipients by electronic means about the scope of the incident, its impact, and the remedial actions taken,
    • if the incident constitutes a personal data breach — proceeds in accordance with Art. 33 and 34 GDPR.
  5. Reports of security incidents may be submitted by Service Recipients and third parties to security@itcompass.io.

§ 15. DSA point of contact and notification of illegal content

  1. In accordance with Art. 11 and 12 DSA, the Service Provider designates a single point of contact for:
    • authorities of the Member States, the European Commission and the European Board for Digital Services,
    • Service Recipients and other natural or legal persons.
  2. DSA Point of Contact: e-mail dsa@itcompass.io. Communication is conducted in the following languages: polski, angielski.
  3. Notifications concerning:
    • content that may constitute illegal content within the meaning of Art. 3(h) DSA,
    • breaches of the Terms,
    • the Service Provider's moderation decisions, shall be sent to the DSA point of contact, together with an indication of:
    • the exact URL or content identifier,
    • the justification why the content is unlawful or contrary to the Terms,
    • the contact details of the notifier (unless the notification concerns infringements referred to in Art. 16(5) DSA — in which case the data may be omitted).
  4. The Service Provider considers notifications in a timely, non-discriminatory, objective and diligent manner. The Service Provider informs the notifier and the affected Service Recipient of the decision taken, together with reasoning (Art. 17 DSA).
  5. The Service Provider's moderation decision may be appealed under the internal complaint mechanism described in the decision communication, and — with respect to Service Recipients who are Consumers — before the out-of-court dispute settlement bodies indicated by the competent Digital Services Coordinator (in Poland: the President of UKE).
  6. Given the nature of the Service (B2B SaaS for issuing invoices, no publicly available user-generated content), the actual number of DSA notifications is minimal; this paragraph governs the procedure in the event they occur.

§ 16. Rules of using the Service

  1. The Service Recipient undertakes to:
    • use the Services in accordance with the law, the Terms and good morals,
    • provide true and current data,
    • secure access data, including passwords and certificates used for KSeF integration,
    • promptly report security incidents (e.g. suspected Account takeover) to security@itcompass.io or contact@itcompass.io.
  2. The Service Provider may block the Account or limit access to the Services in the event of:
    • breach of the Terms or provisions of law,
    • attempts to breach the security of the Service,
    • payment arrears exceeding the grace period,
    • a request by a public authority issued in accordance with the law.
  3. The Service Provider's moderation decisions are documented and communicated in accordance with Art. 17 DSA — with reasoning and information on the available means of appeal.

§ 17. Limitation of liability

  1. The Service Provider undertakes to exercise due diligence in the provision of the Services; however — subject to mandatory provisions of law — it does not guarantee their uninterrupted, undisturbed or error-free availability. During the beta period (§ 4) and, after its end, with respect to new features marked as test features, the Services are provided „as-is"; the Service Provider grants no SLA, no availability and no continuity guarantee. In particular, the Service Provider is not liable for:
    • downtime caused by KSeF, Internet operators, hosting infrastructure providers, the payment operator, or the provider of the AI client chosen by the Service Recipient,
    • the consequences of the Service Recipient providing incorrect data, and the consequences of tax, accounting or business decisions taken by the Service Recipient on the basis of the Services,
    • the correctness and timeliness of issuance and transmission of Invoices to KSeF, for which — in accordance with § 12(5) — the Service Recipient bears sole responsibility,
    • the consequences of force majeure (an external event, impossible to foresee and prevent), including power grid failures, large-scale cyberattacks, decisions of public authorities, states of emergency.
  2. Towards Service Recipients who are not Consumers or Entrepreneurs on consumer rights (B2B relationship), the following limitations apply, to the maximum extent permitted by law:
    • the total liability of the Service Provider under and in connection with the Agreement (under all heads combined) is limited to the amount corresponding to the Subscription value paid by the Service Recipient for the 1 month directly preceding the event giving rise to the liability;
    • the Service Provider is not liable for indirect or consequential damage or for lost profits (lucrum cessans), loss of or damage to data, loss of revenue or anticipated savings, business interruption, and image (reputational) damage;
    • the Service Recipient bears sole responsibility for the correctness and completeness of the data they enter, for the tax and accounting decisions they make, and for the correctness and timeliness of settlements and submissions to KSeF.
  3. Towards Consumers and Entrepreneurs on consumer rights, the limitations in paragraphs 1 and 2 do not apply to the extent that they would infringe mandatory provisions of law. The liability of the Service Provider towards those entities is governed by the general provisions of the Polish Civil Code, the Consumer Rights Act and the provisions implementing Directive (EU) 2019/770 on the supply of digital content and services (including warranty / conformity of the supply with the contract — Art. 43h–43m of the Consumer Rights Act), without contractual monetary or subject-matter limitations. The provisions of paragraphs 1 and 2 do not limit or exclude any rights to which those entities are entitled by operation of law; any provision contrary to consumer law is deemed ineffective solely with respect to those entities, while the remaining provisions of the Terms remain in force.
  4. The limitations of liability referred to in paragraphs 1 and 2 also do not apply — towards any Service Recipient — to:
    • damage caused intentionally,
    • damage to a person (life, health),
    • claims arising from mandatory provisions of law that cannot be effectively excluded or limited by contract.
  5. The Service Provider is not liable for the compliance of Invoices issued by the Service Recipient with the applicable provisions of tax law, nor for the consequences of the Service Recipient's actions taken with tax authorities, including the penalties referred to in Art. 106ni of the VAT Act.

§ 18. Termination of the Agreement and data retention periods

  1. The Service Recipient may terminate the Agreement at any time by deleting the Account in the Service panel or by sending a request to contact@itcompass.io.
  2. After deletion of the Account, a grace period (30 days) begins, during which the Service Recipient may restore the Account upon request.
  3. Upon the lapse of the grace period, the Account together with the associated personal data is permanently deleted, subject to the following exceptions:
    • data contained in Invoices is stored for a period of 5 years (60 months) from Account deactivation, corresponding to the limitation period for tax liabilities set out in Art. 70 § 1 of the Tax Ordinance and the mandatory invoice storage period referred to in Art. 112 of the VAT Act and Art. 74(2)(8) of the Accounting Act,
    • copies of Invoices submitted to KSeF are stored by Minister Finansów Rzeczypospolitej Polskiej (Ministerstwo Finansów, ul. Świętokrzyska 12, 00-916 Warszawa) — operacyjnie: Szef Krajowej Administracji Skarbowej for 10 years and remain available via KSeF,
    • data necessary for asserting and defending claims — until the lapse of the limitation period,
    • settlement data (VAT invoices issued for the Subscription) — in accordance with tax law (Art. 70 of the Tax Ordinance and Art. 112 of the VAT Act).
  4. Security and audit logs are stored for 12 months, which constitutes a legitimate interest of the Service Provider (Art. 6(1)(f) GDPR).
  5. Notwithstanding retention on the Service Provider's side, the Service Recipient is entitled at any time to download a full copy of the Invoices in a structured format (XML compliant with FA(3), JSON, CSV) via the data export feature (Art. 20 GDPR).

§ 19. Personal data protection

  1. The administrator of the Service Recipients' personal data is the Service Provider.
  2. The detailed rules of data processing are set out in the Privacy Policy, available at biurko.io/polityka-prywatnosci.
  3. To the extent that the Service Recipient entrusts the Service Provider with personal data of Counterparties for the purpose of issuing and handling Invoices, Annex 2 — Data Processing Agreement (DPA) applies.

§ 20. Changes to the Terms

  1. The Service Provider reserves the right to amend the Terms for important reasons, in particular:
    • changes in the law (e.g. amendments to the KSeF Act, DSA, AI Act, NIS2/KSC),
    • introduction or modification of Services,
    • changes concerning sub-processors or payment operators,
    • improvements in security.
  2. The Service Provider shall inform Service Recipients of changes to the Terms via the e-mail address provided at Account registration, with at least 14 days notice, together with a list of the most important changes (changelog) — in accordance with Art. 43k of the Consumer Rights Act.
  3. A Service Recipient who does not accept the changes may terminate the Agreement with immediate effect within 14 days of the notification.
  4. Earlier versions of the Terms are available in the archive at biurko.io/legal/regulamin/archiwum.

§ 21. Final provisions

  1. Matters not regulated by the Terms shall be governed by Polish law, in particular the Civil Code, the Act on the provision of electronic services, the Consumer Rights Act, the VAT Act, the KSeF Act, GDPR, DSA, AI Act and the KSC Act.
  2. The court competent to resolve disputes between the Service Provider and Service Recipients who are not Consumers is the common court having jurisdiction over the city of Katowice.
  3. In the case of disputes with Consumers, the jurisdiction of the court shall be determined in accordance with the general provisions of the Code of Civil Procedure.
  4. If any provision of the Terms is found to be invalid or ineffective, the remaining provisions shall remain in force.

Annex 1 — Model withdrawal form

(This form should be completed and returned only if you wish to withdraw from the Agreement)

Addressee: ITCompass - ARTEM SHEVCHENKO, Zawiszy Czarnego 6, 40-872 Katowice, e-mail: contact@itcompass.io

I/we() hereby notify() of my/our(*) withdrawal from the Agreement for the provision of electronic Services in the Biurko service.

  • Date of conclusion of the Agreement: .........................
  • Consumer's name and surname: ..................
  • Consumer's address: ............................
  • E-mail address associated with the Account: ..............
  • Date: .........................................
  • Signature (only if the form is sent on paper): ........................

() Delete as appropriate.*

Annex 2 — Data Processing Agreement (DPA)

This Annex constitutes a data processing agreement within the meaning of Art. 28 GDPR and is accepted by the Service Recipient upon acceptance of the Terms.

1. Parties and roles

  • Controller (Entrusting Party) — the Service Recipient, as the controller of the personal data of Counterparties and other persons whose data they enter into the Service.
  • Processor — the Service Provider.

2. Subject and purpose

The Service Provider processes personal data solely for the purpose of providing the Services described in the Terms, in particular: issuing and archiving Invoices, KSeF integration (including offline24 mode, emergency mode and attachments), delivering notifications, generating PDFs, and keeping records of Counterparties.

3. Categories of persons and data

  • Counterparties of the Service Recipient: company name / first name and surname, NIP/PESEL, address, e-mail, telephone number, bank account number (optionally), Invoice data.
  • Other collaborators of the Service Recipient invited to the Service: first name and surname, e-mail, role.

4. Duration

The entrustment is in force for the duration of the Agreement. Upon its termination, the data is deleted or anonymised in accordance with § 18 of the Terms, unless the obligation to retain it arises from the law.

5. Obligations of the Service Provider as Processor

The Service Provider:

  • processes data only on the documented instructions of the Controller (expressed through the configuration and use of the Service),
  • applies technical and organisational measures providing an appropriate level of security, including encryption of sensitive data (e.g. KSeF certificates), access control, backups and security monitoring,
  • obliges its personnel to maintain confidentiality,
  • assists the Controller in fulfilling data subject rights and in performing the obligations arising from Art. 32–36 GDPR,
  • reports personal data breaches to the Controller without undue delay, no later than 48 hours after becoming aware of the breach,
  • makes available to the Controller the information necessary to demonstrate compliance with Art. 28 GDPR and allows audits (no more often than once per 12 months, except for audits required by a supervisory authority).

6. Sub-processing

The Controller gives general consent to the Service Provider's use of sub-processors for the provision of the Services. The current list of sub-processors is published in the Privacy Policy and in Annex 3 to the Terms. The Service Provider will notify of changes with at least 14 days' notice. The Controller may raise a reasoned objection to the addition of a particular sub-processor; if the grounds for the objection are not removed, the Controller is entitled to terminate the Agreement without bearing any costs. A third-party AI assistant (client) connected by the Service Recipient via the integration referred to in § 13 does not constitute sub-processing — the AI provider is a separate recipient on the Service Recipient's side, not a sub-processor of the Service Provider.

7. Transfer outside the EEA

Personal data is processed within the European Union. Partial transfer of data to a third country takes place in the following cases:

  • Stripe, Inc. (USA, San Francisco) — global payment systems supporting Stripe Payments Europe, Limited;
  • Mailgun Technologies, Inc. (USA, San Antonio) — party to the contract and administrator of the infrastructure supporting Mailgun's European region in Frankfurt; the operational processing of messages and metadata of the Service Recipient remains in the EU, however the management layer, support, and system logs may be processed in the USA.

These transfers take place on the basis of the EU-US Data Privacy Framework (Commission Decision C(2023)4745 of 10 July 2023) and Standard Contractual Clauses (SCC 2021/914) — module 2 (controller → processor outside the EEA).

8. Separate liability for KSeF

The transfer of Invoice data to KSeF does not constitute sub-processing — Minister Finansów Rzeczypospolitej Polskiej (Ministerstwo Finansów, ul. Świętokrzyska 12, 00-916 Warszawa) — operacyjnie: Szef Krajowej Administracji Skarbowej is a separate data controller processing it on the basis of the provisions of ustawa z dnia 11 marca 2004 r. o podatku od towarów i usług (Dz.U. 2025 poz. 775 z późn. zm.) and ustawa z dnia 5 sierpnia 2025 r. o zmianie ustawy o podatku od towarów i usług oraz ustawy o zmianie ustawy o podatku od towarów i usług oraz niektórych innych ustaw (Dz.U. 2025 poz. 1203). The Service Recipient (as the controller of Counterparties' data) is obliged to fulfil the information obligation towards Counterparties, including informing them of the transmission of data to KSeF.

9. Separate DPA

At the Service Recipient's request (in particular corporate, on the SCALE Plan), the Service Provider will provide a separate, signed DPA document. Requests should be sent to contact@itcompass.io.

Annex 3 — List of Sub-processors

Current, named list of sub-processors used by the Service Provider in the provision of Services, as at the effective date of these Terms:

Sub-processor Role Purpose of processing Location Privacy policy
Stripe Payments Europe, Limited (CRO 513174) processor processing of subscription payments Ireland (EU) — 1 Grand Canal Street Lower, Grand Canal Dock, Dublin 2, D02 H210. Global systems of Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA) on the basis of the EU-US Data Privacy Framework (Commission Decision C(2023)4745) and SCC 2021/914. privacy: https://stripe.com/privacy · DPA: https://stripe.com/legal/dpa
Mailgun Technologies, Inc. (part of the Sinch AB group) processor delivery of e-mail messages (transactional and marketing) USA — 112 E Pecan St #1135, San Antonio, TX 78205 (party to the contract and administrator of the infrastructure). Operational processing of messages and metadata of the Service Recipient takes place in Mailgun's European region (AWS eu-central-1, Frankfurt, Germany). Transfer outside the EEA on the basis of the EU-US Data Privacy Framework and SCC 2021/914. privacy: https://www.mailgun.com/legal/privacy-policy/ · DPA: https://www.mailgun.com/legal/dpa/
HOSTINGER operations, UAB (LT 306308157) processor hosting of application servers, PostgreSQL databases and backups EU — Lithuania, Vilnius; Švitrigailos g. 34, LT-03230 Vilnius. Data centres in EU locations: Lithuania, Germany, the Netherlands. privacy: https://www.hostinger.com/legal/privacy-policy · DPA: https://www.hostinger.com/legal/dpa

A more comprehensive description of the scope of processing, legal bases, and retention periods is set out in the Privacy Policy — section „Data recipients".

A third-party AI assistant (client) that the Service Recipient may optionally connect to the Service via the integration based on the Model Context Protocol (MCP) protocol (§ 13) is not a Sub-processor of the Service Provider — the provider of such an AI client acts as a separate recipient of data on the Service Recipient's side, under a contract chosen by the Service Recipient with that provider.

Notwithstanding the sub-processors, Invoice data is transmitted to Krajowy System e-Faktur (KSeF) operated by Minister Finansów Rzeczypospolitej Polskiej (Ministerstwo Finansów, ul. Świętokrzyska 12, 00-916 Warszawa) — operacyjnie: Szef Krajowej Administracji Skarbowej as a separate data controller (Art. 6(1)(c) GDPR in conjunction with ustawa z dnia 11 marca 2004 r. o podatku od towarów i usług (Dz.U. 2025 poz. 775 z późn. zm.) and ustawa z dnia 5 sierpnia 2025 r. o zmianie ustawy o podatku od towarów i usług oraz ustawy o zmianie ustawy o podatku od towarów i usług oraz niektórych innych ustaw (Dz.U. 2025 poz. 1203)). This transmission does not constitute sub-processing within the meaning of Art. 28 GDPR.

Previous versions

ITCompass - ARTEM SHEVCHENKO · Katowice · contact@itcompass.io

Cookies

We use cookies to keep the service running and — with your consent — to improve it. You can accept all, reject the optional ones, or customize your choices. Cookie Policy