Effective: February 7, 2022
Your Stuff & Your Permissions
When you use our Services, you provide us with things like your files, content, messages, contacts, and so on ("Your Stuff"). Your Stuff is yours. These Terms don’t give us any rights to Your Stuff except for the limited rights that enable us to offer the Services.
We need your permission to do things like hosting Your Stuff, backing it up, and sharing it when you ask us to. Our Services also provide you with features like eSign, file sharing, email newsletters, appointment setting and more. These and other features may require our systems to access, store, and scan Your Stuff. You give us permission to do those things, and this permission extends to our affiliates and trusted third parties we work with.
Sharing Your Stuff
Our Services let you share Your Stuff with others, so please think carefully about what you share.
You’re responsible for your conduct. Your Stuff and you must comply with applicable laws. Content in the Services may be protected by others’ intellectual property rights. Please don’t copy, upload, download, or share content unless you have the right to do so. We may review your conduct and content for compliance with these Terms. With that said, we have no obligation to do so. We aren’t responsible for the content people post and share via the Services.
Help us keep you informed and Your Stuff protected. Safeguard your password to the Services, and keep your account information current. Don’t share your account credentials or give others access to your account.
You may use our Services only as permitted by applicable law, including export control laws and regulations. Finally, to use our Services, you must be at least 13, or in some cases, even older. If you live in France, Germany, or the Netherlands, you must be at least 16. Please check your local law for the age of digital consent. If you don’t meet these age requirements, you may not use the Services.
Some of our Services allow you to download client software (“Software”) which may update automatically. So long as you comply with these Terms, we give you a limited, nonexclusive, nontransferable, revocable license to use the Software, solely to access the Services. To the extent any component of the Software may be offered under an open source license, we’ll make that license available to you and the provisions of that license may expressly override some of these Terms. Unless the following restrictions are prohibited by law, you agree not to reverse engineer or decompile the Services, attempt to do so, or assist anyone in doing so.
We sometimes release products and features that we are still testing and evaluating. Those Services have been marked beta, preview, early access, or evaluation (or with words or phrases with similar meanings) and may not be as reliable as other non-beta services, so please keep that in mind.
The Services are protected by copyright, trademark, and other US and foreign laws. These Terms don’t grant you any right, title, or interest in the Services, others’ content in the Services, CountingWorks and our trademarks, logos and other brand features. We welcome feedback, but note that we may use comments or suggestions without any obligation to you.
We respect the intellectual property of others and ask that you do too. We respond to notices of alleged copyright infringement if they comply with the law, and such notices should be reported to legal@CountingWorks.com. We reserve the right to delete or disable content alleged to be infringing and terminate accounts of repeat infringers. Our designated agent for notice of alleged copyright infringement on the Services is:
You’re free to stop using our Services at any time. We reserve the right to suspend or terminate your access to the Services with notice to you if:
We won’t provide notice before termination where:
Discontinuation of Services
We may decide to discontinue the Services in response to unforeseen circumstances beyond CountingWorks control or to comply with a legal requirement. If we do so, we’ll give you reasonable prior notice so that you can export Your Stuff from our systems.
Services “AS IS”
We strive to provide great Services, but there are certain things that we can't guarantee. TO THE FULLEST EXTENT PERMITTED BY LAW, CountingWorks AND ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS MAKE NO WARRANTIES, EITHER EXPRESS OR IMPLIED, ABOUT THE SERVICES. THE SERVICES ARE PROVIDED "AS IS." WE ALSO DISCLAIM ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. Some places don’t allow the disclaimers in this paragraph, so they may not apply to you.
Limitation of Liability
WE DON’T EXCLUDE OR LIMIT OUR LIABILITY TO YOU WHERE IT WOULD BE ILLEGAL TO DO SO—THIS INCLUDES ANY LIABILITY FOR CountingWorks OR ITS AFFILIATES’ FRAUD OR FRAUDULENT MISREPRESENTATION IN PROVIDING THE SERVICES. IN COUNTRIES WHERE THE FOLLOWING TYPES OF EXCLUSIONS AREN’T ALLOWED, WE'RE RESPONSIBLE TO YOU ONLY FOR LOSSES AND DAMAGES THAT ARE A REASONABLY FORESEEABLE RESULT OF OUR FAILURE TO USE REASONABLE CARE AND SKILL OR OUR BREACH OF OUR CONTRACT WITH YOU. THIS PARAGRAPH DOESN’T AFFECT CONSUMER RIGHTS THAT CAN'T BE WAIVED OR LIMITED BY ANY CONTRACT OR AGREEMENT.
IN COUNTRIES WHERE EXCLUSIONS OR LIMITATIONS OF LIABILITY ARE ALLOWED, CountingWorks, ITS AFFILIATES, SUPPLIERS OR DISTRIBUTORS WON’T BE LIABLE FOR:
THESE EXCLUSIONS OR LIMITATIONS WILL APPLY REGARDLESS OF WHETHER OR NOT CountingWorks OR ANY OF ITS AFFILIATES HAS BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES.
IF YOU USE THE SERVICES FOR ANY COMMERCIAL, BUSINESS, OR RE-SALE PURPOSE, CountingWorks, ITS AFFILIATES, SUPPLIERS OR DISTRIBUTORS WILL HAVE NO LIABILITY TO YOU FOR ANY LOSS OF PROFIT, LOSS OF BUSINESS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS OPPORTUNITY. CountingWorks AND ITS AFFILIATES AREN’T RESPONSIBLE FOR THE CONDUCT, WHETHER ONLINE OR OFFLINE, OF ANY USER OF THE SERVICES.
Let’s Try To Sort Things Out First. We want to address your concerns without needing a formal legal case. Before filing a claim against CountingWorks or our affiliates, you agree to try to resolve the dispute informally by contacting legal@CountingWorks.com. We’ll try to resolve the dispute informally by contacting you via email.
Judicial forum for disputes. You and CountingWorks agree that any judicial proceeding to resolve claims relating to these Terms or the Services will be brought in the federal or state courts of Orange County, California, subject to the mandatory arbitration provisions below. Both you and CountingWorks consent to venue and personal jurisdiction in such courts. If you reside in a country (for example, European Union member states) with laws that give consumers the right to bring disputes in their local courts, this paragraph doesn’t affect those requirements.
IF YOU’RE A U.S. RESIDENT, YOU ALSO AGREE TO THE FOLLOWING MANDATORY ARBITRATION PROVISIONS:
These Terms will be governed by California law except for its conflicts of laws principles. However, some countries (including those in the European Union) have laws that require agreements to be governed by the local laws of the consumer's country. This paragraph doesn’t override those laws.
These Terms constitute the entire agreement between you and CountingWorks with respect to the subject matter of these Terms, and supersede and replace any other prior or contemporaneous agreements, or terms and conditions applicable to the subject matter of these Terms. These Terms create no third party beneficiary rights.
Waiver, Severability & Assignment
CountingWorks failure to enforce a provision is not a waiver of its right to do so later. If a provision is found unenforceable, the remaining provisions of the Terms will remain in full effect and an enforceable term will be substituted reflecting our intent as closely as possible. You may not assign any of your rights under these Terms, and any such attempt will be void. CountingWorks may assign its rights to any of its affiliates or subsidiaries, or to any successor in interest of any business associated with the Services.
We may revise these Terms from time to time to better reflect:
If an update affects your use of the Services or your legal rights as a user of our Services, we’ll notify you prior to the update's effective date by sending an email to the email address associated with your account or via an in-product notification. These updated terms will be effective no less than 30 days from when we notify you.
If you don’t agree to the updates we make, please cancel your account before they become effective. By continuing to use or access the Services after the updates come into effect, you agree to be bound by the revised Terms.
Effective: February 7, 2022
Thanks for visiting our website. Our mission is to create a web based experience that makes it easier for us to work together. Here we describe how we collect, use, and handle your personal information when you use our websites, software, and services (“Services”).
What & Why
We collect and use the following information to provide, improve, and protect our Services:
Account information. We collect, and associate with your account, the information you provide to us when you do things such as sign up for your account, opt-in to our client newsletter or request an appointment (like your name, email address, phone number, and physical address). Some of our Services let you access your accounts and your information via other service providers.
Your Stuff. Our Services are designed to make it simple for you to store your files, documents, comments, messages, and so on (“Your Stuff”), collaborate with others, and work across multiple devices. To make that possible, we store, process, and transmit Your Stuff as well as information related to it. This related information includes your profile information that makes it easier to collaborate and share Your Stuff with others, as well as things like the size of the file, the time it was uploaded, collaborators, and usage activity. Our Services provide you with different options for sharing Your Stuff.
Contacts. You may choose to give us access to your contacts (spouse or other company staff) to make it easy for you to do things like share and collaborate on Your Stuff, send messages, and invite others to use the Services. If you do, we’ll store those contacts on our servers for you to use.
Usage information. We collect information related to how you use the Services, including actions you take in your account (like sharing, viewing, and moving files or folders). We use this information to improve our Services, develop new services and features, and protect our users.
Cookies and other technologies. We use technologies like cookies to provide, improve, protect, and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services.
Marketing. We give users the option to use some of our Services free of charge. These free Services are made possible by the fact that some users upgrade to one of our paid Services. If you register for our free Services, we will, from time to time, send you information about the firm or tax and accounting tips when permissible. Users who receive these marketing materials can opt out at any time. If you do not want to receive marketing materials from us, simply click the ‘unsubscribe’ link in any email.
We sometimes contact people who do not have an account. For recipients in the EU, we or a third party will obtain consent before contacting you. If you receive an email and no longer wish to be contacted by us, you can unsubscribe and remove yourself from our contact list via the message itself.
Bases for processing your data. We collect and use the personal data described above in order to provide you with the Services in a reliable and secure manner. We also collect and use personal data for our legitimate business needs. To the extent we process your personal data for other purposes, we ask for your consent in advance or require that our partners obtain such consent.
We may share information as discussed below, but we won’t sell it to advertisers or other third parties.
Other users. Our Services display information like your name, profile picture, device, and email address to other users in places like your user profile and sharing notifications. You can also share Your Stuff with other users if you choose. When you register your account with an email address on a domain owned by your employer or organization, we may help collaborators and administrators find you and your workspace by making some of your basic information—like your name, workspace name, profile picture, and email address—visible to other users on the same domain. This helps you sync up with workspaces you can join and helps other users share files and folders with you. Certain features let you make additional information available to others.
Workspace Admins. If you are a user of a workspace, your administrator may have the ability to access and control your workspace account. Please refer to your organization’s internal policies if you have questions about this. If you are not a workspace user but interact with a workspace user (by, for example, joining a shared folder or accessing stuff shared by that user), members of that organization may be able to view the name, email address, profile picture, and IP address that was associated with your account at the time of that interaction.
Law & Order and the Public Interest. We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to: (a) comply with any applicable law, regulation, legal process, or appropriate government request; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of our platform or our users; (d) protect our rights, property, safety, or interest; or (e) perform a task carried out in the public interest.
Stewardship of your data is critical to us and a responsibility that we embrace. We believe that your data should receive the same legal protections regardless of whether it’s stored on our Services or on your home computer’s hard drive. We’ll abide by Government Request Policies when receiving, scrutinizing, and responding to government requests (including national security requests) for your data:
Security. We have a team dedicated to keeping your information secure and testing for vulnerabilities. We also continue to work on features to keep your information safe in addition to things like blocking repeated login attempts, encryption of files at rest, and alerts when new devices and apps are linked to your account. We deploy automated technologies to detect abusive behavior and content that may harm our Services, you, or other users.
User Controls. You can access, amend, download, and delete your personal information by logging into your account.
Retention. When you sign up for an account with us, we’ll retain information you store on our Services for as long as your account is in existence or as long as we need it to provide you the Services. If you delete your account, we will initiate deletion of this information after 30 days. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
Around the world. To provide you with the Services, we may store, process, and transmit information in the United States and locations around the world—including those outside your country. Information may also be stored locally on the devices you use to access the Services.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. When transferring data from the European Union, the European Economic Area, and Switzerland, We rely upon a variety of legal mechanisms, including contracts with our customers and affiliates. We comply with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the European Economic Area, and Switzerland to the United States.
We are subject to oversight by the U.S. Federal Trade Commission. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance—free of charge to you. We ask that you first submit any such complaints directly to us via privacy@CountingWorks.com. If you aren’t satisfied with our response, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.
If we are involved in a reorganization, merger, acquisition, or sale of our assets, your information may be transferred as part of that deal.
Your Right to Control and Access Your Information
You have control over your personal information and how it is collected, used, and shared. For example, you have a right to:
Your personal information is controlled by CountingWorks, Inc. Have questions or concerns about CountingWorks, our Services, and privacy? Contact our Data Protection Officer at privacy@CountingWorks.com. If they can’t answer your question, you have the right to contact your local data protection supervisory authority.
Third Party Vendors
Amazon Web Services
Updated: June 2020.
strives to ensure that its services are accessible to people with disabilities. has invested a significant amount of resources to help ensure that its website is made easier to use and more accessible for people with disabilities, with the strong belief that every person has the right to live with dignity, equality, comfort and independence.
makes available the UserWay Website Accessibility Widget that is powered by a dedicated accessibility server. The software allows us to improve its compliance with the Web Content Accessibility Guidelines (WCAG 2.1).
Enabling the Accessibility Menu
The accessibility menu can be enabled either by hitting the tab key when the page first loads or by clicking the accessibility menu icon that appears on the corner of the page. After triggering the accessibility menu, please wait a moment for the accessibility menu to load in its entirety.
continues its efforts to constantly improve the accessibility of its site and services in the belief that it is our collective moral obligation to allow seamless, accessible and unhindered use also for those of us with disabilities.
In an ongoing effort to continually improve and remediate accessibility issues, we also regularly scan with UserWay's Accessibility Scanner to identify and fix every possible accessibility barrier on our site. Despite our efforts to make all pages and content on fully accessible, some content may not have yet been fully adapted to the strictest accessibility standards. This may be a result of not having found or identified the most appropriate technological solution.
Here For You
If you are experiencing difficulty with any content on or require assistance with any part of our site, please contact us during normal business hours as detailed below and we will be happy to assist.
If you wish to report an accessibility issue, have any questions or need assistance, please contact customer support.
What is the purpose of SOC 2 audit?
System and Organization Controls (SOC 2) audit focuses on the controls at a Service Organization relevant to the Security, Availability, Processing Integrity, Confidentiality, and Privacy of both the system and information the Service Organization uses in the course of delivering services to its user entities. The primary purpose of the audit is to provide an independent third party evaluation of the entity’s description of its system, design adequacy (suitability) of related controls, and operating effectiveness (type 2 report) of those controls. Thereby providing a reasonable level of assurance in the fairness of what is contained in the report to the various stakeholders of the Service Organization (including current and potential user entities, regulators, etc.).
What are the scopes of the two types of SOC 2 audit report?
There are two types of SOC 2 audit report – type 1 and type 2. In a type 1 audit, the focus is on the fair presentation of a Service Organization’s description of its system, including the related controls relevant to the Trust Services Criteria (TSC) in scope of the audit, and the suitability of the design of those controls to meet the objectives of the TSC. The audit scope could cover one, more, or all the five Trust Services Categories (i.e., Security, Availability, Processing Integrity, Confidentiality, and Privacy), depending on the need of the Service Organization.
The criteria in the Security category are often called the Common Criteria (CC). As a result, whenever the scope of a SOC 2 audit covers any or all of the other four categories, the Security category must be included in the scope. However, if the goal of the audit is focused on just the Security category, it is not required to include any of the remaining four categories in the scope.
In a SOC 2 type 2 audit report, the auditor examines and reports on the fair presentation of a Service Organization’s description of its system and related controls, suitability of the design of those controls to meet the relevant TSC objectives, and the operating effectiveness of the controls over a period of time covered by the audit (usually between 6 and 12 months). Unlike the type 2 report that covers a period of time, type 1 is a point-in-time report (e.g., as of June 30, 20XX).
What are the benefits of SOC 2 audit?
Let us answer this question by focusing separately on the two major categories of stakeholders in a SOC 2 audit – external stakeholders (including prospective and current user entities, regulators, business associates, and investors of the Service Organization); and internal stakeholders (the Service Organization’s management and their workforce)
Benefits to external stakeholders
The benefits of SOC 2 audit to external stakeholders include:
Better Assurance: An unqualified SOC 2 audit report provides reasonable assurance to the external stakeholders that the Service Organization's controls are in place, suitably designed to achieve the relevant objectives (type 2), and operated effectively during the period covered (type 2).
Cost Saving: Multiple user entities and their auditors can use the same SOC 2 audit report to perform their risk assessment of a Service Organization security posture, saving them the cost of sending their own separate auditors to audit the Service Organization’s system and controls.
Benefits to internal stakeholders
Benefits to internal stakeholders include, but are not limited to:
Enhanced Security: The process of preparing for and achieving a SOC 2 attestation often involves the identification and closing of security gaps. This would invariably result in an improved overall security posture of the Service Organization. Further, because a SOC 2 attestation requires a repeat audit at least every 12 months, it necessitates continuous monitoring of security controls to ensure on-going effectiveness.
Improved Reliability: The Service Organization earns better confidence of external stakeholders in its system and related controls for delivering its services.
Cost Saving: The framework (AICPA 2017 Trust Services Criteria) for performing SOC 2 audit is mapped to many leading security standards and regulatory frameworks, including NIST-CSF, ISO27001/2, COBIT5, CIS, HIPAA, PCI-DSS). As a result, achieving SOC 2 attestation would, depending on the scope of the audit, facilitate a Service Organization’s compliance with multiple frameworks and standards.
Market Differentiator: Achieving SOC 2 attestation demonstrates to current and prospective customers that the organization adheres to and values best practices related to security and privacy, which could serve as a great competitive advantage.
How do you maximize the benefits of your SOC 2 audit?
To maximize the benefits of SOC 2 audit, the audit project needs to be seen by the enterprise as a tool for enhancing security and compliance culture, promoting reliability and better results for the benefits of the organization and their external stakeholders. Therefore, the management must:
Involve Stakeholders: It is important to involve relevant stakeholders across the organization to ensure that they own the objectives and result of the audit, as well as their related responsibilities for continued effectiveness of controls.
Implement Recommended Improvement: In most cases, auditors would recommend some opportunities for improvement to the company’s management outside of the SOC 2 audit report. Implementing such recommended improvements would enhance the overall enterprise security and compliance posture.
Monitor Controls Continued Effectiveness: Integrate control monitoring into the business processes and test control effectiveness on an on-going basis, not just for SOC 2 audit purposes but as best practice.
Showcase Your Success: Achieving SOC 2 attestation is a big plus. Leverage the report as necessary to demonstrate your value for and investment in security to current and prospective customers.
How can we help?
CAS Assurance, LLC team provides necessary supports for organizations that need help with readiness assessment for SOC 2 audit, or assistance to complete and submit their self-assessment for Level 1 listing in the Cloud Security Alliance STAR Registry. We provide independent audit services for SOC 2, including SOC 2 + CCM attestation for level 2 listing in the CSA STAR Registry, and other security and privacy regulations, standards, and frameworks. For assistance, contact us at 954-362-7113 or schedule a free initial consultation to get started.
Sign up for our newsletter.