Assurance Prep Services Inc.
Assurance Prep Services Inc.
Privacy Policy Statement
Last Updated: March 2024
1. Introduction
Assurance Prep Services Inc. ("Assurance Prep Services," "APS," "we," "us," or "our")provides cloud-based technology solutions designed to support, streamline, and enhance financial statement audit work and related assurance, accounting, and compliance activities performed by public accounting firms and their clients (collectively, the "Services" or "Platform").
This Privacy Policy Statement explains how APS collects, uses, discloses, and protects Personal Data in connection with the operation of our Platform, websites, customer support activities, and business operations. This Privacy Policy Statement applies when APS acts as a data processor or service provider on behalf of its customers.
This Privacy Policy Statement should be read together with any applicable customer agreements, including master service agreements, data processing addenda, and security documentation.
2. Definitions
Services / Platform: APS’s cloud-based software, digital tools, websites, portals, and related systems used to support audit and assurance engagements.
Personal Data: Any information relating to an identified or identifiable individual.
Audit Data / Customer Data: Data, documents, workpapers, confirmations, financial records, and other materials uploaded to or generated within the Platform by or on behalf of customers.
Usage Data: Information collected automatically through the Platform, including log data, access records, timestamps, IP addresses, and device information.
Controller: The entity that determines the purposes and means of processing Personal Data.
Processor / Service Provider: The entity that processes Personal Data on behalf of a Controller. We may use the services of various Service Providers to process your data more effectively.
Data Subject: The individual to whom Personal Data relates.
3. Information We Collect and Process
APS collects and processes the following categories of information depending on how the Services are used
a. Customer and User Account Information
Information provided to create and manage accounts, such as name, business email address, firm name, job title or role, authentication credentials, and administrative contact information.
b. Audit and Engagement Data
Documents, workpapers, financial information, correspondence, confirmations, and other materials uploaded to or generated within the Platform in connection with audit and assurance engagements. APS does not access the content of Audit Data except as necessary to provide the Services, provide support at a customer’s request, or comply with legal obligations.
c. Usage and Log Data
Information collected automatically when users interact with the Platform, including login activity, audit trails, system events, access logs, IP addresses, and device or browser information. This data is used for security, monitoring, compliance, and service improvement purposes.
d. Website and Communications Data
Information submitted through our websites, contact forms, emails, webinars, or other communications, including inquiries, support requests, and marketing communications.
e. Cookies and Similar Technologies
APS uses cookies and similar technologies to support functionality, security, analytics, and user preferences. You may control cookies through your browser settings; however, some features of the Services may not function properly without them.
4. Purposes of Processing
APS processes Personal Data for the following purposes:
- To provide, operate, maintain, and improve the Platform;
- To enable secure collaboration, documentation, and workflow management for financial statement audits and related engagements;
- To authenticate users and administer customer accounts;
- To provide technical support, training, and customer assistance;
- To monitor, protect, and maintain the security, availability, and integrity of the Platform;
- To comply with applicable legal, regulatory, contractual, and professional obligations; and
- To conduct internal business operations such as billing, analytics, and service improvement.
When APS processes Audit Data on behalf of a customer, APS acts as a Processor or Service Provider, and the customer acts as the Controller.
5. Legal Bases for Processing
Where required by applicable law, APS relies on one or more of the following legal bases:
​
- Performance of a contract;
- Compliance with legal obligations;
- Legitimate business interests, including security, fraud prevention, and service improvements.
6. Sharing and Disclosure of Information
APS does not sell Personal Data. We may disclose information in the following circumstances:
Service Providers and Sub-processors: To third-party providers that support hosting, security, analytics, communications, and operational needs, subject to contractual confidentiality and data protection obligations. Clients of APS who use the Platform and are engaged by their clients, such as an accountant, or an accounting software solution.
Legal and Regulatory Requirements: Where required to comply with applicable laws, regulations, subpoenas, or lawful requests from authorities.
Protection of Rights and Security: To protect the rights, property, or safety of APS, our customers, users, or others, including to investigate or prevent fraud, security incidents, or misuse of the Services.
Business Transactions: In connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.
7. Data Security
APS maintains administrative, technical, and organizational safeguards designed to protect Personal Data and Audit Data against unauthorized access, disclosure, alteration, or destruction. Our security controls are designed to address the sensitive nature of financial and audit-related information and include access controls, encryption, monitoring, logging, and incident response procedures. We also take reasonable measures to deal with any suspected data security breach and will notify you and any applicable regulator ofa suspected breach where we are legally required to do so.
While we strive to protect Personal Data, no system can be guaranteed to be 100% secure.
8. Data Retention
APS retains Personal Data only for as long as necessary to fulfill the purposes described in this Privacy Policy Statement, including legal, regulatory, contractual, and professional obligations. Audit Data is retained in accordance with customer instructions and applicable agreements.
9. International Data Transfers
Personal Data may be processed and stored in your country or other jurisdictions where APS or its service providers operate. Where required by law, APS implements appropriate safeguards for international data transfers.
10. Individual Rights
Subject to applicable law, individuals may have the right to:
- Access Personal Data;
- Request correction or deletion of Personal Data;
- Object to or restrict processing;
- Request data portability; and
- Withdraw consent where processing is based on consent.
Where APS acts as a Processor, requests should be directed to the applicable customer.
11. Children’s Privacy
The Services are not intended for use by children under the age of 13. APS does not knowingly collect Personal Data from children under 13.
11. Changes to This Privacy Policy Statement
APS may update this Privacy Policy Statement from time to time. Updates will be posted with a revised effective date. Continued use of the Services after an update constitutes acceptance of the revised Privacy Policy Statement.
​
12. Contact Us
​
If you have questions about this Privacy Policy Statement or wish to exercise your rights, please contact:
Assurance Prep Services, Inc.