Effective: February 7, 2022
Your Stuff & Your Permissions
When you use our Services, you provide us with things like your files, content, messages, contacts, and so on ("Your Stuff"). Your Stuff is yours. These Terms don’t give us any rights to Your Stuff except for the limited rights that enable us to offer the Services.
We need your permission to do things like hosting Your Stuff, backing it up, and sharing it when you ask us to. Our Services also provide you with features like eSign, file sharing, email newsletters, appointment setting and more. These and other features may require our systems to access, store, and scan Your Stuff. You give us permission to do those things, and this permission extends to our affiliates and trusted third parties we work with.
Sharing Your Stuff
Our Services let you share Your Stuff with others, so please think carefully about what you share.
You’re responsible for your conduct. Your Stuff and you must comply with applicable laws. Content in the Services may be protected by others’ intellectual property rights. Please don’t copy, upload, download, or share content unless you have the right to do so. We may review your conduct and content for compliance with these Terms. With that said, we have no obligation to do so. We aren’t responsible for the content people post and share via the Services.
Help us keep you informed and Your Stuff protected. Safeguard your password to the Services, and keep your account information current. Don’t share your account credentials or give others access to your account.
You may use our Services only as permitted by applicable law, including export control laws and regulations. Finally, to use our Services, you must be at least 13, or in some cases, even older. If you live in France, Germany, or the Netherlands, you must be at least 16. Please check your local law for the age of digital consent. If you don’t meet these age requirements, you may not use the Services.
Some of our Services allow you to download client software (“Software”) which may update automatically. So long as you comply with these Terms, we give you a limited, nonexclusive, nontransferable, revocable license to use the Software, solely to access the Services. To the extent any component of the Software may be offered under an open source license, we’ll make that license available to you and the provisions of that license may expressly override some of these Terms. Unless the following restrictions are prohibited by law, you agree not to reverse engineer or decompile the Services, attempt to do so, or assist anyone in doing so.
We sometimes release products and features that we are still testing and evaluating. Those Services have been marked beta, preview, early access, or evaluation (or with words or phrases with similar meanings) and may not be as reliable as other non-beta services, so please keep that in mind.
The Services are protected by copyright, trademark, and other US and foreign laws. These Terms don’t grant you any right, title, or interest in the Services, others’ content in the Services, CountingWorks and our trademarks, logos and other brand features. We welcome feedback, but note that we may use comments or suggestions without any obligation to you.
We respect the intellectual property of others and ask that you do too. We respond to notices of alleged copyright infringement if they comply with the law, and such notices should be reported to legal@CountingWorks.com. We reserve the right to delete or disable content alleged to be infringing and terminate accounts of repeat infringers. Our designated agent for notice of alleged copyright infringement on the Services is:
You’re free to stop using our Services at any time. We reserve the right to suspend or terminate your access to the Services with notice to you if:
We won’t provide notice before termination where:
Discontinuation of Services
We may decide to discontinue the Services in response to unforeseen circumstances beyond CountingWorks control or to comply with a legal requirement. If we do so, we’ll give you reasonable prior notice so that you can export Your Stuff from our systems.
Services “AS IS”
We strive to provide great Services, but there are certain things that we can't guarantee. TO THE FULLEST EXTENT PERMITTED BY LAW, CountingWorks AND ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS MAKE NO WARRANTIES, EITHER EXPRESS OR IMPLIED, ABOUT THE SERVICES. THE SERVICES ARE PROVIDED "AS IS." WE ALSO DISCLAIM ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. Some places don’t allow the disclaimers in this paragraph, so they may not apply to you.
Limitation of Liability
WE DON’T EXCLUDE OR LIMIT OUR LIABILITY TO YOU WHERE IT WOULD BE ILLEGAL TO DO SO—THIS INCLUDES ANY LIABILITY FOR CountingWorks OR ITS AFFILIATES’ FRAUD OR FRAUDULENT MISREPRESENTATION IN PROVIDING THE SERVICES. IN COUNTRIES WHERE THE FOLLOWING TYPES OF EXCLUSIONS AREN’T ALLOWED, WE'RE RESPONSIBLE TO YOU ONLY FOR LOSSES AND DAMAGES THAT ARE A REASONABLY FORESEEABLE RESULT OF OUR FAILURE TO USE REASONABLE CARE AND SKILL OR OUR BREACH OF OUR CONTRACT WITH YOU. THIS PARAGRAPH DOESN’T AFFECT CONSUMER RIGHTS THAT CAN'T BE WAIVED OR LIMITED BY ANY CONTRACT OR AGREEMENT.
IN COUNTRIES WHERE EXCLUSIONS OR LIMITATIONS OF LIABILITY ARE ALLOWED, CountingWorks, ITS AFFILIATES, SUPPLIERS OR DISTRIBUTORS WON’T BE LIABLE FOR:
THESE EXCLUSIONS OR LIMITATIONS WILL APPLY REGARDLESS OF WHETHER OR NOT CountingWorks OR ANY OF ITS AFFILIATES HAS BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES.
IF YOU USE THE SERVICES FOR ANY COMMERCIAL, BUSINESS, OR RE-SALE PURPOSE, CountingWorks, ITS AFFILIATES, SUPPLIERS OR DISTRIBUTORS WILL HAVE NO LIABILITY TO YOU FOR ANY LOSS OF PROFIT, LOSS OF BUSINESS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS OPPORTUNITY. CountingWorks AND ITS AFFILIATES AREN’T RESPONSIBLE FOR THE CONDUCT, WHETHER ONLINE OR OFFLINE, OF ANY USER OF THE SERVICES.
Let’s Try To Sort Things Out First. We want to address your concerns without needing a formal legal case. Before filing a claim against CountingWorks or our affiliates, you agree to try to resolve the dispute informally by contacting legal@CountingWorks.com. We’ll try to resolve the dispute informally by contacting you via email.
Judicial forum for disputes. You and CountingWorks agree that any judicial proceeding to resolve claims relating to these Terms or the Services will be brought in the federal or state courts of Orange County, California, subject to the mandatory arbitration provisions below. Both you and CountingWorks consent to venue and personal jurisdiction in such courts. If you reside in a country (for example, European Union member states) with laws that give consumers the right to bring disputes in their local courts, this paragraph doesn’t affect those requirements.
IF YOU’RE A U.S. RESIDENT, YOU ALSO AGREE TO THE FOLLOWING MANDATORY ARBITRATION PROVISIONS:
These Terms will be governed by California law except for its conflicts of laws principles. However, some countries (including those in the European Union) have laws that require agreements to be governed by the local laws of the consumer's country. This paragraph doesn’t override those laws.
These Terms constitute the entire agreement between you and CountingWorks with respect to the subject matter of these Terms, and supersede and replace any other prior or contemporaneous agreements, or terms and conditions applicable to the subject matter of these Terms. These Terms create no third party beneficiary rights.
Waiver, Severability & Assignment
CountingWorks failure to enforce a provision is not a waiver of its right to do so later. If a provision is found unenforceable, the remaining provisions of the Terms will remain in full effect and an enforceable term will be substituted reflecting our intent as closely as possible. You may not assign any of your rights under these Terms, and any such attempt will be void. CountingWorks may assign its rights to any of its affiliates or subsidiaries, or to any successor in interest of any business associated with the Services.
We may revise these Terms from time to time to better reflect:
If an update affects your use of the Services or your legal rights as a user of our Services, we’ll notify you prior to the update's effective date by sending an email to the email address associated with your account or via an in-product notification. These updated terms will be effective no less than 30 days from when we notify you.
If you don’t agree to the updates we make, please cancel your account before they become effective. By continuing to use or access the Services after the updates come into effect, you agree to be bound by the revised Terms.
Effective: February 7, 2022
Thanks for visiting our website. Our mission is to create a web based experience that makes it easier for us to work together. Here we describe how we collect, use, and handle your personal information when you use our websites, software, and services (“Services”).
What & Why
We collect and use the following information to provide, improve, and protect our Services:
Account information. We collect, and associate with your account, the information you provide to us when you do things such as sign up for your account, opt-in to our client newsletter or request an appointment (like your name, email address, phone number, and physical address). Some of our Services let you access your accounts and your information via other service providers.
Your Stuff. Our Services are designed to make it simple for you to store your files, documents, comments, messages, and so on (“Your Stuff”), collaborate with others, and work across multiple devices. To make that possible, we store, process, and transmit Your Stuff as well as information related to it. This related information includes your profile information that makes it easier to collaborate and share Your Stuff with others, as well as things like the size of the file, the time it was uploaded, collaborators, and usage activity. Our Services provide you with different options for sharing Your Stuff.
Contacts. You may choose to give us access to your contacts (spouse or other company staff) to make it easy for you to do things like share and collaborate on Your Stuff, send messages, and invite others to use the Services. If you do, we’ll store those contacts on our servers for you to use.
Usage information. We collect information related to how you use the Services, including actions you take in your account (like sharing, viewing, and moving files or folders). We use this information to improve our Services, develop new services and features, and protect our users.
Cookies and other technologies. We use technologies like cookies to provide, improve, protect, and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services.
Marketing. We give users the option to use some of our Services free of charge. These free Services are made possible by the fact that some users upgrade to one of our paid Services. If you register for our free Services, we will, from time to time, send you information about the firm or tax and accounting tips when permissible. Users who receive these marketing materials can opt out at any time. If you do not want to receive marketing materials from us, simply click the ‘unsubscribe’ link in any email.
We sometimes contact people who do not have an account. For recipients in the EU, we or a third party will obtain consent before contacting you. If you receive an email and no longer wish to be contacted by us, you can unsubscribe and remove yourself from our contact list via the message itself.
Bases for processing your data. We collect and use the personal data described above in order to provide you with the Services in a reliable and secure manner. We also collect and use personal data for our legitimate business needs. To the extent we process your personal data for other purposes, we ask for your consent in advance or require that our partners obtain such consent.
We may share information as discussed below, but we won’t sell it to advertisers or other third parties.
Other users. Our Services display information like your name, profile picture, device, and email address to other users in places like your user profile and sharing notifications. You can also share Your Stuff with other users if you choose. When you register your account with an email address on a domain owned by your employer or organization, we may help collaborators and administrators find you and your workspace by making some of your basic information—like your name, workspace name, profile picture, and email address—visible to other users on the same domain. This helps you sync up with workspaces you can join and helps other users share files and folders with you. Certain features let you make additional information available to others.
Workspace Admins. If you are a user of a workspace, your administrator may have the ability to access and control your workspace account. Please refer to your organization’s internal policies if you have questions about this. If you are not a workspace user but interact with a workspace user (by, for example, joining a shared folder or accessing stuff shared by that user), members of that organization may be able to view the name, email address, profile picture, and IP address that was associated with your account at the time of that interaction.
Law & Order and the Public Interest. We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to: (a) comply with any applicable law, regulation, legal process, or appropriate government request; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of our platform or our users; (d) protect our rights, property, safety, or interest; or (e) perform a task carried out in the public interest.
Stewardship of your data is critical to us and a responsibility that we embrace. We believe that your data should receive the same legal protections regardless of whether it’s stored on our Services or on your home computer’s hard drive. We’ll abide by Government Request Policies when receiving, scrutinizing, and responding to government requests (including national security requests) for your data:
Security. We have a team dedicated to keeping your information secure and testing for vulnerabilities. We also continue to work on features to keep your information safe in addition to things like blocking repeated login attempts, encryption of files at rest, and alerts when new devices and apps are linked to your account. We deploy automated technologies to detect abusive behavior and content that may harm our Services, you, or other users.
User Controls. You can access, amend, download, and delete your personal information by logging into your account.
Retention. When you sign up for an account with us, we’ll retain information you store on our Services for as long as your account is in existence or as long as we need it to provide you the Services. If you delete your account, we will initiate deletion of this information after 30 days. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
Around the world. To provide you with the Services, we may store, process, and transmit information in the United States and locations around the world—including those outside your country. Information may also be stored locally on the devices you use to access the Services.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. When transferring data from the European Union, the European Economic Area, and Switzerland, We rely upon a variety of legal mechanisms, including contracts with our customers and affiliates. We comply with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the European Economic Area, and Switzerland to the United States.
We are subject to oversight by the U.S. Federal Trade Commission. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance—free of charge to you. We ask that you first submit any such complaints directly to us via privacy@CountingWorks.com. If you aren’t satisfied with our response, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.
If we are involved in a reorganization, merger, acquisition, or sale of our assets, your information may be transferred as part of that deal.
Your Right to Control and Access Your Information
You have control over your personal information and how it is collected, used, and shared. For example, you have a right to:
Your personal information is controlled by CountingWorks, Inc. Have questions or concerns about CountingWorks, our Services, and privacy? Contact our Data Protection Officer at privacy@CountingWorks.com. If they can’t answer your question, you have the right to contact your local data protection supervisory authority.
Third Party Vendors
Amazon Web Services
Updated: June 2020.
strives to ensure that its services are accessible to people with disabilities. has invested a significant amount of resources to help ensure that its website is made easier to use and more accessible for people with disabilities, with the strong belief that every person has the right to live with dignity, equality, comfort and independence.
makes available the UserWay Website Accessibility Widget that is powered by a dedicated accessibility server. The software allows us to improve its compliance with the Web Content Accessibility Guidelines (WCAG 2.1).
Enabling the Accessibility Menu
The accessibility menu can be enabled either by hitting the tab key when the page first loads or by clicking the accessibility menu icon that appears on the corner of the page. After triggering the accessibility menu, please wait a moment for the accessibility menu to load in its entirety.
continues its efforts to constantly improve the accessibility of its site and services in the belief that it is our collective moral obligation to allow seamless, accessible and unhindered use also for those of us with disabilities.
In an ongoing effort to continually improve and remediate accessibility issues, we also regularly scan with UserWay's Accessibility Scanner to identify and fix every possible accessibility barrier on our site. Despite our efforts to make all pages and content on fully accessible, some content may not have yet been fully adapted to the strictest accessibility standards. This may be a result of not having found or identified the most appropriate technological solution.
Here For You
If you are experiencing difficulty with any content on or require assistance with any part of our site, please contact us during normal business hours as detailed below and we will be happy to assist.
If you wish to report an accessibility issue, have any questions or need assistance, please contact customer support.
Cybersecurity and compliance are two interrelated subjects that are increasingly raising concerns for management and executive leadership of organizations across industries today. Cybersecurity simply means having adequate safeguarding measures (controls) to protect an organization’s resources and those resources entrusted to it by customers or partners (e.g. personal and proprietary information) against possible dangers or threats that could cause damage to those resources.
Compliance, on the other hand, refers to an organization having adequate controls or measures to meet the requirements of specific regulation, standard or framework (e.g. HIPAA, PCI DSS, CMMC, GDPR, CCM, ISO 27001 or NIST 800-53).
The links between security and compliance are the controls. However, while the controls and measures required for achieving security cover wider scope of possible threats to the organization resources and those entrusted to it, controls for achieving compliance may not address all the threats relevant to the organization resources and environment, depending on the target regulation, standard, or framework for which compliance is required. More about some of the frameworks, standards, and regulations…
Further, and more importantly, compliance does not always equal to security because of the inherent nature of compliance attestation and certification with respect to timing, compared with the mandatory continuous nature of security. Generally, as being done today, compliance attestation and certification are performed focusing on the adequacy and effectiveness of organization’s controls as of a point in time or over a period in the past. Even if your organization could be deemed secure as of the point or over the past period for which compliance attestation or certification was provided, achieving security on an ongoing basis is a function of the current state of security controls vis a vis the current risks and threats the organization is facing.
It seems obvious, therefore, that the key to closing the gap between compliance and cybersecurity is continuous monitoring and maintenance of adequate and effective relevant security controls to address changing business processes, technologies, and emerging risks. In addition, aligning compliance goal with cybersecurity objectives has become imperative in order to facilitate efficiency and effectiveness. The figure below depicts, as closely as possible, the relationships between cybersecurity and compliance efforts.
It is vitally important to strategically manage both cybersecurity and compliance efforts to maximize effectiveness and to optimize the use of limited cybersecurity and compliance resources.
Compelling demands for effective cybersecurity and compliance programs
Increasingly complex and demanding IT environments
Growing number and sophistication of control measures required for managing cybersecurity and compliance related risks
Resources constraints and shortage of cybersecurity talents
Customers and business partners expectations of compliance with regulatory requirements and best practice in cybersecurity
Necessity of time and resource efficiency for audit and assessment projects
The statistics from Compliance in the Era of Digital Transformation by Coalfire are telling:
Security and compliance obligations are now consuming 40% of organization IT security budget
The incredible resource load just to maintain status quo for larger organizations can exceed 10,000 hours for each compliance requirement they carry.
58% of companies now view compliance as a material barrier to entering new markets.
Many companies are beginning to view compliance as a key market differentiator for driving sales and revenue.
60% of companies struggle to manage compliance efforts within their organizations, and a majority have come to view compliance as a serious obstacle for their business.
The report also highlights some emerging best practices and trends in cybersecurity and compliance programs:
To address concerns about the effectiveness of cyber compliance, regulators are increasingly focusing on continuous monitoring
Better compliance coordination across frameworks helps organizations focus on alternative, lowest-impact assessment timelines and reduced cost and strain on internal teams.
As a first step, many companies focus their short-term efforts on compliance coordination across in-scope standards, systems, and their organizations.
Organizations are employing continuous testing schedules; ongoing, low-impact compliance activity management calendars; aggressive penetration testing programs; and proactive assessor reporting to reduce compliance impact as much as possible.
No need to panic! We are here to help you and your organization
Depending on your organization circumstances and priorities concerning cybersecurity and compliance, our team of experienced consultants will provide necessary assessments, invaluable insights and recommendations, support, and solutions you desire.
Give us a call at 954-362-7113 or schedule an appointment today for a free consultation to get started.
More about some of the frameworks and standards:
NIST Cybersecurity Framework (CSF)
CSA Cloud Controls Matrix (CCM)
Payment Cards Industry Data Security Standard (PCI DSS)
Cybersecurity Maturity Model Certification (CMMC) 2.0 Framework
SWIFT Customer Security Controls Framework
General Data Protection Regulation (GDPR)
Some helpful cybersecurity and compliance blogs:
Maximizing the benefits of your SOC 2 Audit
Why your cloud services need the CSA STAR Registry listing
Step up Your GDPR Compliance Program
Appraising Operating Effectiveness of Controls for Your SOC 1 or 2 Audit