Terms of Service

Effective from: 1 January 2026 · Last updated: 1 January 2026

1. General Provisions

These Terms of Service (hereinafter "Terms") govern the use of the SafeReport.ee platform (hereinafter "Service"). The Service is provided by LK Management OÜ (hereinafter "Service Provider").

By starting to use the Service, the Client agrees to these Terms. If the Client does not agree with the Terms, they are not entitled to use the Service.

The Service Provider has the right to unilaterally amend the Terms by notifying the Client of the changes via email at least 30 days in advance.

2. Definitions

• Service — SafeReport.ee cloud-based whistleblower reporting channel platform.
• Client — a legal entity that has registered as a user of the Service.
• User — a natural person authorised by the Client to use the Service admin panel.
• Reporter — a person who submits a report through the Client's reporting channel.
• Subscription — the service plan selected by the Client (monthly or annual plan).
• Trial period — a free 30-day period during which the Client can test the Service without restrictions.

3. Service Description

SafeReport.ee is a cloud-based software solution (SaaS) that enables companies to create an internal reporting channel in compliance with the European Union Whistleblower Protection Directive (EU) 2019/1937 and the Estonian Whistleblower Protection Act.

The Service includes the following:

• A separate, secure reporting environment (subdomain or custom domain)
• An anonymous report submission form for reporters
• An admin panel for reviewing and processing reports
• Email notifications for new reports and status changes
• An encrypted communication channel between the reporter and the processor
• Data export capability
• Multi-language support (Estonian, English, Latvian, Lithuanian, Finnish)

4. Registration and Account

To use the Service, the Client must register on the SafeReport.ee website. Truthful and complete information must be provided during registration.

The Client is responsible for the security of their user account, including maintaining the confidentiality of their password. The Client must immediately notify the Service Provider of any unauthorised access to their account.

Each Client has a separate, isolated environment (tenant) from other Clients.

5. Trial Period

New Clients are granted a free 30-day trial period during which the Service is available with full functionality.

At the end of the trial period, the Client must select a service plan and pay the invoice, otherwise the Service will be suspended. Data from a suspended Service is retained for 90 days, after which it may be deleted.

6. Prices and Payment

6.1 Service Plans

• Monthly plan: EUR 39.00/month (plus VAT)
• Annual plan: EUR 390.00/year (plus VAT) — includes 2 free months

6.2 Billing

The Service Provider issues invoices to the Client according to the selected plan. Invoices are issued electronically via email. The payment deadline is 14 calendar days from the invoice date.

For the monthly plan, an invoice is issued at the beginning of each month. For the annual plan, an invoice is issued for 12 months at once.

6.3 Price Changes

The Service Provider has the right to change prices by notifying the Client of the price change at least 60 days before the new price takes effect. The price for the current period does not change.

6.4 Late Payment

In case of failure to pay an invoice, the Service Provider has the right to suspend the Service 7 days after the payment deadline has been exceeded, having previously warned the Client.

7. Service Usage Rules

The Client undertakes to:

• Use the Service in accordance with applicable laws, including the General Data Protection Regulation (GDPR) and the Whistleblower Protection Directive
• Ensure that reports received through the Service are processed in accordance with applicable legislation
• Refrain from using the Service for illegal purposes
• Not attempt to access data belonging to other Clients
• Not overload the Service excessively (e.g., automated queries)
• Notify the Service Provider of any discovered security vulnerabilities

8. Data Protection and Privacy

8.1 Data Controller Role

The Client is the data controller for reports and related personal data. The Service Provider is a data processor who processes data only on behalf of the Client and for the purpose of providing the Service.

8.2 Data Processing Agreement

When using the Service, a data processing agreement applies between the Client and the Service Provider in accordance with GDPR Article 28. The terms of the data processing agreement are an integral part of these Terms.

8.3 Data Location

All data is stored in a data centre located in the European Union (Republic of Estonia). Data is not transferred to third countries outside the European Economic Area.

8.4 Security Measures

The Service Provider implements appropriate technical and organisational measures to protect data, including:

• Data transmission via encrypted connection (HTTPS/TLS)
• Secure password hashing (PBKDF2-SHA256)
• Environment isolation (each Client is separate)
• Regular backups
• Access logging and auditing

8.5 Data Deletion

The Client has the right to request data export and account deletion at any time. Upon account deletion, all Client data is removed within 30 days, unless the law requires longer retention of data.

9. Service Availability

The Service Provider aims to ensure Service availability of 99.5% per month. The following are excluded from the Service availability calculation:

• Planned maintenance (of which notification is given at least 24 hours in advance)
• Force majeure circumstances
• Interruptions caused by third parties (e.g., internet connection, DNS)

10. Intellectual Property

The Service software, design, trademarks and other intellectual property belong to the Service Provider. The Client is granted a limited, non-exclusive licence to use the Service in accordance with these Terms.

The Client retains ownership of all data entered into the Service.

11. Limitation of Liability

The Service Provider's liability is limited to the amount of service fees paid by the Client over the last 12 months.

The Service Provider is not liable for:

• Indirect damages, lost profits or data loss
• Damages resulting from improper use of the Service
• Damages resulting from disruptions in third-party services (e.g., email delivery)
• Damages resulting from force majeure circumstances

12. Term and Termination

12.1 Term

The agreement enters into force upon the Client's registration and is valid indefinitely until terminated by either party.

12.2 Termination by Client

The Client may terminate the agreement at any time by notifying the Service Provider via the admin panel or email. For the monthly plan, the Service ends at the end of the current month. For the annual plan, the Service ends at the end of the current year and no refund is given for the unused period.

12.3 Termination by Service Provider

The Service Provider has the right to terminate the agreement immediately if:

• The Client materially breaches these Terms
• The Client fails to pay an invoice within 30 days after the payment deadline
• The Client uses the Service for illegal purposes

12.4 Data upon Termination

Upon termination of the agreement, the Client's data is retained for 90 days, during which the Client can export their data. After 90 days, all data is permanently deleted.

13. Whistleblower Protection

The Service Provider is not responsible for the content of reports submitted by reporters. The Client is responsible for processing reports in accordance with applicable legislation, including:

• Directive (EU) 2019/1937 of the European Parliament and of the Council
• Estonian Whistleblower Protection Act

The Client undertakes to ensure the confidentiality and protection of reporters in accordance with the aforementioned legislation.

14. Dispute Resolution

The laws of the Republic of Estonia apply to these Terms. Disputes are resolved through negotiations. If an agreement cannot be reached, disputes are resolved in Harju County Court.

15. Contact

For questions related to the Service, please contact: