Effective: February 7, 2022
Your Stuff & Your Permissions
When you use our Services, you provide us with things like your files, content, messages, contacts, and so on ("Your Stuff"). Your Stuff is yours. These Terms don’t give us any rights to Your Stuff except for the limited rights that enable us to offer the Services.
We need your permission to do things like hosting Your Stuff, backing it up, and sharing it when you ask us to. Our Services also provide you with features like eSign, file sharing, email newsletters, appointment setting and more. These and other features may require our systems to access, store, and scan Your Stuff. You give us permission to do those things, and this permission extends to our affiliates and trusted third parties we work with.
Sharing Your Stuff
Our Services let you share Your Stuff with others, so please think carefully about what you share.
You’re responsible for your conduct. Your Stuff and you must comply with applicable laws. Content in the Services may be protected by others’ intellectual property rights. Please don’t copy, upload, download, or share content unless you have the right to do so. We may review your conduct and content for compliance with these Terms. With that said, we have no obligation to do so. We aren’t responsible for the content people post and share via the Services.
Help us keep you informed and Your Stuff protected. Safeguard your password to the Services, and keep your account information current. Don’t share your account credentials or give others access to your account.
You may use our Services only as permitted by applicable law, including export control laws and regulations. Finally, to use our Services, you must be at least 13, or in some cases, even older. If you live in France, Germany, or the Netherlands, you must be at least 16. Please check your local law for the age of digital consent. If you don’t meet these age requirements, you may not use the Services.
Some of our Services allow you to download client software (“Software”) which may update automatically. So long as you comply with these Terms, we give you a limited, nonexclusive, nontransferable, revocable license to use the Software, solely to access the Services. To the extent any component of the Software may be offered under an open source license, we’ll make that license available to you and the provisions of that license may expressly override some of these Terms. Unless the following restrictions are prohibited by law, you agree not to reverse engineer or decompile the Services, attempt to do so, or assist anyone in doing so.
We sometimes release products and features that we are still testing and evaluating. Those Services have been marked beta, preview, early access, or evaluation (or with words or phrases with similar meanings) and may not be as reliable as other non-beta services, so please keep that in mind.
The Services are protected by copyright, trademark, and other US and foreign laws. These Terms don’t grant you any right, title, or interest in the Services, others’ content in the Services, CountingWorks and our trademarks, logos and other brand features. We welcome feedback, but note that we may use comments or suggestions without any obligation to you.
We respect the intellectual property of others and ask that you do too. We respond to notices of alleged copyright infringement if they comply with the law, and such notices should be reported to legal@CountingWorks.com. We reserve the right to delete or disable content alleged to be infringing and terminate accounts of repeat infringers. Our designated agent for notice of alleged copyright infringement on the Services is:
You’re free to stop using our Services at any time. We reserve the right to suspend or terminate your access to the Services with notice to you if:
We won’t provide notice before termination where:
Discontinuation of Services
We may decide to discontinue the Services in response to unforeseen circumstances beyond CountingWorks control or to comply with a legal requirement. If we do so, we’ll give you reasonable prior notice so that you can export Your Stuff from our systems.
Services “AS IS”
We strive to provide great Services, but there are certain things that we can't guarantee. TO THE FULLEST EXTENT PERMITTED BY LAW, CountingWorks AND ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS MAKE NO WARRANTIES, EITHER EXPRESS OR IMPLIED, ABOUT THE SERVICES. THE SERVICES ARE PROVIDED "AS IS." WE ALSO DISCLAIM ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. Some places don’t allow the disclaimers in this paragraph, so they may not apply to you.
Limitation of Liability
WE DON’T EXCLUDE OR LIMIT OUR LIABILITY TO YOU WHERE IT WOULD BE ILLEGAL TO DO SO—THIS INCLUDES ANY LIABILITY FOR CountingWorks OR ITS AFFILIATES’ FRAUD OR FRAUDULENT MISREPRESENTATION IN PROVIDING THE SERVICES. IN COUNTRIES WHERE THE FOLLOWING TYPES OF EXCLUSIONS AREN’T ALLOWED, WE'RE RESPONSIBLE TO YOU ONLY FOR LOSSES AND DAMAGES THAT ARE A REASONABLY FORESEEABLE RESULT OF OUR FAILURE TO USE REASONABLE CARE AND SKILL OR OUR BREACH OF OUR CONTRACT WITH YOU. THIS PARAGRAPH DOESN’T AFFECT CONSUMER RIGHTS THAT CAN'T BE WAIVED OR LIMITED BY ANY CONTRACT OR AGREEMENT.
IN COUNTRIES WHERE EXCLUSIONS OR LIMITATIONS OF LIABILITY ARE ALLOWED, CountingWorks, ITS AFFILIATES, SUPPLIERS OR DISTRIBUTORS WON’T BE LIABLE FOR:
THESE EXCLUSIONS OR LIMITATIONS WILL APPLY REGARDLESS OF WHETHER OR NOT CountingWorks OR ANY OF ITS AFFILIATES HAS BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES.
IF YOU USE THE SERVICES FOR ANY COMMERCIAL, BUSINESS, OR RE-SALE PURPOSE, CountingWorks, ITS AFFILIATES, SUPPLIERS OR DISTRIBUTORS WILL HAVE NO LIABILITY TO YOU FOR ANY LOSS OF PROFIT, LOSS OF BUSINESS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS OPPORTUNITY. CountingWorks AND ITS AFFILIATES AREN’T RESPONSIBLE FOR THE CONDUCT, WHETHER ONLINE OR OFFLINE, OF ANY USER OF THE SERVICES.
Let’s Try To Sort Things Out First. We want to address your concerns without needing a formal legal case. Before filing a claim against CountingWorks or our affiliates, you agree to try to resolve the dispute informally by contacting legal@CountingWorks.com. We’ll try to resolve the dispute informally by contacting you via email.
Judicial forum for disputes. You and CountingWorks agree that any judicial proceeding to resolve claims relating to these Terms or the Services will be brought in the federal or state courts of Orange County, California, subject to the mandatory arbitration provisions below. Both you and CountingWorks consent to venue and personal jurisdiction in such courts. If you reside in a country (for example, European Union member states) with laws that give consumers the right to bring disputes in their local courts, this paragraph doesn’t affect those requirements.
IF YOU’RE A U.S. RESIDENT, YOU ALSO AGREE TO THE FOLLOWING MANDATORY ARBITRATION PROVISIONS:
These Terms will be governed by California law except for its conflicts of laws principles. However, some countries (including those in the European Union) have laws that require agreements to be governed by the local laws of the consumer's country. This paragraph doesn’t override those laws.
These Terms constitute the entire agreement between you and CountingWorks with respect to the subject matter of these Terms, and supersede and replace any other prior or contemporaneous agreements, or terms and conditions applicable to the subject matter of these Terms. These Terms create no third party beneficiary rights.
Waiver, Severability & Assignment
CountingWorks failure to enforce a provision is not a waiver of its right to do so later. If a provision is found unenforceable, the remaining provisions of the Terms will remain in full effect and an enforceable term will be substituted reflecting our intent as closely as possible. You may not assign any of your rights under these Terms, and any such attempt will be void. CountingWorks may assign its rights to any of its affiliates or subsidiaries, or to any successor in interest of any business associated with the Services.
We may revise these Terms from time to time to better reflect:
If an update affects your use of the Services or your legal rights as a user of our Services, we’ll notify you prior to the update's effective date by sending an email to the email address associated with your account or via an in-product notification. These updated terms will be effective no less than 30 days from when we notify you.
If you don’t agree to the updates we make, please cancel your account before they become effective. By continuing to use or access the Services after the updates come into effect, you agree to be bound by the revised Terms.
Effective: February 7, 2022
Thanks for visiting our website. Our mission is to create a web based experience that makes it easier for us to work together. Here we describe how we collect, use, and handle your personal information when you use our websites, software, and services (“Services”).
What & Why
We collect and use the following information to provide, improve, and protect our Services:
Account information. We collect, and associate with your account, the information you provide to us when you do things such as sign up for your account, opt-in to our client newsletter or request an appointment (like your name, email address, phone number, and physical address). Some of our Services let you access your accounts and your information via other service providers.
Your Stuff. Our Services are designed to make it simple for you to store your files, documents, comments, messages, and so on (“Your Stuff”), collaborate with others, and work across multiple devices. To make that possible, we store, process, and transmit Your Stuff as well as information related to it. This related information includes your profile information that makes it easier to collaborate and share Your Stuff with others, as well as things like the size of the file, the time it was uploaded, collaborators, and usage activity. Our Services provide you with different options for sharing Your Stuff.
Contacts. You may choose to give us access to your contacts (spouse or other company staff) to make it easy for you to do things like share and collaborate on Your Stuff, send messages, and invite others to use the Services. If you do, we’ll store those contacts on our servers for you to use.
Usage information. We collect information related to how you use the Services, including actions you take in your account (like sharing, viewing, and moving files or folders). We use this information to improve our Services, develop new services and features, and protect our users.
Cookies and other technologies. We use technologies like cookies to provide, improve, protect, and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services.
Marketing. We give users the option to use some of our Services free of charge. These free Services are made possible by the fact that some users upgrade to one of our paid Services. If you register for our free Services, we will, from time to time, send you information about the firm or tax and accounting tips when permissible. Users who receive these marketing materials can opt out at any time. If you do not want to receive marketing materials from us, simply click the ‘unsubscribe’ link in any email.
We sometimes contact people who do not have an account. For recipients in the EU, we or a third party will obtain consent before contacting you. If you receive an email and no longer wish to be contacted by us, you can unsubscribe and remove yourself from our contact list via the message itself.
Bases for processing your data. We collect and use the personal data described above in order to provide you with the Services in a reliable and secure manner. We also collect and use personal data for our legitimate business needs. To the extent we process your personal data for other purposes, we ask for your consent in advance or require that our partners obtain such consent.
We may share information as discussed below, but we won’t sell it to advertisers or other third parties.
Other users. Our Services display information like your name, profile picture, device, and email address to other users in places like your user profile and sharing notifications. You can also share Your Stuff with other users if you choose. When you register your account with an email address on a domain owned by your employer or organization, we may help collaborators and administrators find you and your workspace by making some of your basic information—like your name, workspace name, profile picture, and email address—visible to other users on the same domain. This helps you sync up with workspaces you can join and helps other users share files and folders with you. Certain features let you make additional information available to others.
Workspace Admins. If you are a user of a workspace, your administrator may have the ability to access and control your workspace account. Please refer to your organization’s internal policies if you have questions about this. If you are not a workspace user but interact with a workspace user (by, for example, joining a shared folder or accessing stuff shared by that user), members of that organization may be able to view the name, email address, profile picture, and IP address that was associated with your account at the time of that interaction.
Law & Order and the Public Interest. We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to: (a) comply with any applicable law, regulation, legal process, or appropriate government request; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of our platform or our users; (d) protect our rights, property, safety, or interest; or (e) perform a task carried out in the public interest.
Stewardship of your data is critical to us and a responsibility that we embrace. We believe that your data should receive the same legal protections regardless of whether it’s stored on our Services or on your home computer’s hard drive. We’ll abide by Government Request Policies when receiving, scrutinizing, and responding to government requests (including national security requests) for your data:
Security. We have a team dedicated to keeping your information secure and testing for vulnerabilities. We also continue to work on features to keep your information safe in addition to things like blocking repeated login attempts, encryption of files at rest, and alerts when new devices and apps are linked to your account. We deploy automated technologies to detect abusive behavior and content that may harm our Services, you, or other users.
User Controls. You can access, amend, download, and delete your personal information by logging into your account.
Retention. When you sign up for an account with us, we’ll retain information you store on our Services for as long as your account is in existence or as long as we need it to provide you the Services. If you delete your account, we will initiate deletion of this information after 30 days. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
Around the world. To provide you with the Services, we may store, process, and transmit information in the United States and locations around the world—including those outside your country. Information may also be stored locally on the devices you use to access the Services.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. When transferring data from the European Union, the European Economic Area, and Switzerland, We rely upon a variety of legal mechanisms, including contracts with our customers and affiliates. We comply with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the European Economic Area, and Switzerland to the United States.
We are subject to oversight by the U.S. Federal Trade Commission. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance—free of charge to you. We ask that you first submit any such complaints directly to us via privacy@CountingWorks.com. If you aren’t satisfied with our response, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.
If we are involved in a reorganization, merger, acquisition, or sale of our assets, your information may be transferred as part of that deal.
Your Right to Control and Access Your Information
You have control over your personal information and how it is collected, used, and shared. For example, you have a right to:
Your personal information is controlled by CountingWorks, Inc. Have questions or concerns about CountingWorks, our Services, and privacy? Contact our Data Protection Officer at privacy@CountingWorks.com. If they can’t answer your question, you have the right to contact your local data protection supervisory authority.
Third Party Vendors
Amazon Web Services
Updated: June 2020.
strives to ensure that its services are accessible to people with disabilities. has invested a significant amount of resources to help ensure that its website is made easier to use and more accessible for people with disabilities, with the strong belief that every person has the right to live with dignity, equality, comfort and independence.
makes available the UserWay Website Accessibility Widget that is powered by a dedicated accessibility server. The software allows us to improve its compliance with the Web Content Accessibility Guidelines (WCAG 2.1).
Enabling the Accessibility Menu
The accessibility menu can be enabled either by hitting the tab key when the page first loads or by clicking the accessibility menu icon that appears on the corner of the page. After triggering the accessibility menu, please wait a moment for the accessibility menu to load in its entirety.
continues its efforts to constantly improve the accessibility of its site and services in the belief that it is our collective moral obligation to allow seamless, accessible and unhindered use also for those of us with disabilities.
In an ongoing effort to continually improve and remediate accessibility issues, we also regularly scan with UserWay's Accessibility Scanner to identify and fix every possible accessibility barrier on our site. Despite our efforts to make all pages and content on fully accessible, some content may not have yet been fully adapted to the strictest accessibility standards. This may be a result of not having found or identified the most appropriate technological solution.
Here For You
If you are experiencing difficulty with any content on or require assistance with any part of our site, please contact us during normal business hours as detailed below and we will be happy to assist.
If you wish to report an accessibility issue, have any questions or need assistance, please contact customer support.
What is the CSA STAR Registry?
The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry maintained by CSA and it documents the security, privacy and compliance postures of the cloud services offered by the Cloud Service Providers (CSPs) listed in the Registry. Maintaining the Registry as an independent body, CSA provides a reasonable level of public trust in the reliability of information provided in the registry by Cloud Service Providers.
What purposes does the STAR Registry serve?
The Registry serves important purposes in the industry, both for CSPs and their customers (current and prospective).
The Registry provides transparent and easily accessible information on CSPs’ security commitments and security assurance capabilities for the services they offer.
It provides transparent, clarifying, and easily assessable information on the shared security responsibilities between the CSP and cloud service customers concerning the cloud services being offered.
The Registry provides a central platform maintained by an independent body (CSA) for CSPs to demonstrate the security capabilities of their cloud services, and for current and prospective cloud service customers to review those documented security capabilities and responsibilities.
Listing at Level 2 of the Registry provides access to information on third party independent attestation or certification of CSP’s security capabilities based on the globally acclaimed cloud focused CCM framework plus either the AICPA TSC for SOC 2 or the ISO/IEC 27001 management system standard.
How is listing in the STAR Registry achieved?
There are two levels of listing in the Registry – Level 1 and Level 2
Level 1. Achieving Level 1 listing is through a self-assessment process that requires the CSP to complete and submit the CSA Consensus Assessments Initiative Questionnaire (CAIQ). Completing the CAIQ documents the level to which a CSP security capabilities comply with the control specifications of the CSA Cloud Controls Matrix (CCM) Framework. The current version of the CAIQ that is acceptable for listing is version 4. The questions require Yes/No answers.
Level 1 Listing can also be achieved by a CSP to demonstrate their cloud services compliance with the GDPR requirements. The privacy self-assessment questionnaire is based on the CSA Code of Conduct for GDPR Compliance. A level 1 listing for both security and privacy is valid for a 12 month period.
Level 2. Achieving Level 2 listing requires a third party independent attestation or certification of the CSP’s security controls compliance with the CCM security control specifications plus either:
the requirements of the AICPA Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy (SOC 2 attestation), or
the requirements of ISO/IEC 27001:2013 management system standard (ISO27001 Certification),
There is also a level 2 listing specifically for the Greater China market, referred to as C-STAR. This also requires a third party independent assessment of the CSP’s security controls compliance with the requirements of the GB/T 22080-2008 management system standard and the CCM, plus additional related controls from GB/T 22239-2008 and GB/Z 28828-2012.
Level 2 Attestation and Certification are performed only by approved STAR auditors. A STAR Attestation based on SOC 2 type 2 report is valid for 12 months, while an attestation based on SOC 2 type 1 report is valid for only six months. A STAR certification (i.e., ISO27001 + CCM) is valid for a three year period, but requires surveillance visits within the three year cycle.
What are the benefits of listing in the STAR Registry?
There are obvious benefits of being listed in the Registry, both for you as CSP and for your cloud service customers. Here are a few of those benefits:
Listing in the Registry can serve as a big market differentiator, allowing a CSP to showcase their security capabilities and compliance posture to provide reasonable level of assurance and comfort to current and potential customers in a transparent manner.
It affords potential customers performing their due diligence on your cloud services an easy access to needed information related to your security and compliance capabilities.
It streamlines the process of providing security and compliance capabilities information to multiple prospective customers without having to complete multiple customers questionnaires.
It demonstrates to current and prospective customers your adherence to and value for best practices related to security and privacy.
How can we help?
CAS Assurance, LLC team provides necessary supports for organizations that need help to complete and submit their self-assessment for Level 1 listing. We also provide independent assessment for SOC 2 + CCM attestation as an approved STAR auditor. Contact us at 954-362-7113 or schedule a free initial consultation to get started.
Sign up for our newsletter.