CPA Toolkit – Data Processing Addendum (DPA)

Effective Date: January 02, 2026

This Data Processing Addendum (“DPA”) forms part of the CPA Toolkit Terms and Conditions and governs the processing of Personal Data by CPA Toolkit on behalf of its customers.

1. Parties & Roles
  • Customer / CPA Firm: Data Controller
  • CPA Toolkit: Data Processor / Service Provider

CPA Toolkit processes Personal Data solely on documented instructions from the Customer and only to provide the Service.

2. Definitions

Capitalized terms not defined herein have the meanings assigned in the Terms and Conditions or Privacy Policy.

  • Personal Data: Any information relating to an identified or identifiable individual.
  • Processing: Any operation performed on Personal Data.
  • Data Subject: The individual to whom Personal Data relates.
3. Scope of Processing

CPA Toolkit may process Personal Data solely to:

  • Provide, operate, and maintain the Service
  • Securely store and transmit Customer data
  • Authenticate users and manage access
  • Provide customer support
  • Ensure platform security and integrity

CPA Toolkit does not process Personal Data for its own purposes.

4. Categories of Data

Personal Data processed may include:

  • Names, addresses, contact information
  • Social Security Numbers (SSNs)
  • Dates of birth
  • Uploaded documents and files
  • Account credentials and audit logs
5. Customer Obligations

The Customer is solely responsible for:

  • Establishing a lawful basis for processing
  • Obtaining all required consents
  • Compliance with IRS rules, GLBA, and applicable privacy laws
  • Responding to Data Subject requests
  • Determining retention periods
6. CPA Toolkit Obligations

CPA Toolkit shall:

  • Process Personal Data only on documented instructions
  • Implement commercially reasonable security measures
  • Restrict access to authorized personnel only
  • Assist with compliance requests where legally required
CPA Toolkit does not guarantee compliance with any specific regulation or certification.
7. Security Measures

CPA Toolkit implements administrative, technical, and organizational safeguards appropriate to the nature of the data processed, including:

  • Encryption of designated sensitive fields at rest and in transit
  • Access controls and authentication
  • Logical separation of customer data

No method of transmission or storage is completely secure.

8. Subprocessors

CPA Toolkit may engage subprocessors (such as hosting providers) to assist in providing the Service.

CPA Toolkit remains responsible for subprocessors’ compliance with this DPA.

9. Personal Data Incidents

CPA Toolkit will notify the Customer of confirmed Personal Data incidents without undue delay after discovery.

The Customer is responsible for all legally required notifications to Data Subjects, regulators, and authorities unless otherwise required by law.

10. Data Subject Requests

CPA Toolkit shall reasonably assist the Customer in responding to verified Data Subject requests where required by law.

Requests received directly by CPA Toolkit will be redirected to the Customer.

11. Data Retention and Deletion

Personal Data will be retained only as long as necessary to provide the Service or as instructed by the Customer.

Upon termination, data may be deleted after a reasonable period unless legally required to retain it.

12. International Transfers

Data may be processed and stored in the United States. The Customer consents to such transfers where permitted by law.

13. Liability

Liability under this DPA is subject to the limitations set forth in the CPA Toolkit Terms and Conditions.

14. Term and Precedence

This DPA remains in effect for the duration of the Service. In the event of conflict, this DPA controls solely with respect to data protection obligations.

15. Contact Information

For data protection inquiries:
Email: [email protected]