CPA Toolkit – Privacy Policy

Last Updated: January 02, 2026

This Privacy Policy explains how CPA Toolkit (“we”, “us”, “our”) collects, uses, processes, and protects information when you access or use the CPA Toolkit platform (the “Service”).

1. Overview

CPA Toolkit is a software platform designed for use by Certified Public Accountants (CPAs) and CPA firms. We provide workflow management, encrypted document storage, and related operational tools.

CPA Toolkit is not a tax preparation service and does not provide accounting, legal, or compliance advice.

2. Data Roles and Responsibilities

For purposes of applicable data protection laws:

  • You (the CPA firm) are the data controller
  • CPA Toolkit acts solely as a data processor / service provider

This means you determine what data is collected, how it is used, and how long it is retained. CPA Toolkit processes data only on your instructions and to provide the Service.

3. Information We Process

Information provided by CPA firms:

  • Name, email address, firm details
  • User account credentials
  • Configuration and workflow settings

Client and taxpayer information uploaded by users:

  • Names, addresses, contact details
  • Social Security Numbers (SSNs)
  • Dates of birth
  • Uploaded documents and files
CPA Toolkit does not collect or store credit card information. Payments are handled by third-party payment processors.
4. How Information Is Used

We process information solely to:

  • Provide and operate the Service
  • Securely store and transmit user data
  • Authenticate users and manage access
  • Provide technical support
  • Maintain platform security and integrity

We do not use User Content for advertising, data mining, or analytics unrelated to providing the Service.

5. Data Security

CPA Toolkit implements commercially reasonable administrative, technical, and organizational safeguards designed to protect data.

  • Encryption of designated sensitive fields at rest and in transit
  • Access controls and authentication mechanisms
  • Restricted internal access to production systems
No system can be guaranteed to be completely secure. Encryption reduces risk but does not eliminate all potential threats.
6. Security Incidents

In the event of a confirmed security incident affecting the Service, CPA Toolkit will notify the affected CPA firm within a commercially reasonable timeframe.

The CPA firm is solely responsible for evaluating notification obligations to individuals, regulators, taxing authorities, or professional bodies, unless otherwise required by law.

7. Data Sharing

We do not sell personal data. Data may be shared only:

  • With infrastructure providers (hosting, email, monitoring)
  • With payment processors (billing only)
  • When required by law or legal process

All service providers are authorized solely to perform services on our behalf.

8. Data Retention

CPA Toolkit retains User Content only for as long as necessary to provide the Service or as instructed by the CPA firm.

Upon account termination, data may be deleted after a reasonable period unless legally required to retain it.

9. Individual Rights

Because CPA Toolkit acts as a data processor, requests to access, correct, or delete personal data must be directed to the CPA firm that controls the data.

CPA Toolkit will reasonably assist firms in responding to verified requests where required by law.

10. International Data Transfers

The Service is hosted in the United States. By using the Service, you acknowledge that data may be processed and stored in the United States.

11. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data directly from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email.

13. Contact Information

If you have questions about this Privacy Policy or our data practices, contact:

Email: [email protected]