Privacy Policy

License Management Solutions, Inc. (“Company,” “we,” “our”) provides a B2B SaaS platform that delivers AI-powered CPA firm compliance insights, analytics, and data tools to help CPA firms manage compliance efforts. We are committed to protecting the privacy of individuals who visit our website (“Visitors”) and organizations and their authorized users who access or use our products and services (“you,” “your,” or “Customers”). This Privacy Policy describes how we collect, use, disclose, and otherwise process information when you or your organization’s authorized Users access or use our websites (including but not limited to https://cpaqualitypro.com/), our software application, which is known as CPA QualityPro, mobile applications, and other products and services that link to this Privacy Policy (collectively, the “Services”).

Please read this Privacy Policy carefully. By accessing or using any of the Services, you agree to this Privacy Policy and to the collection, use, and disclosure of your information as described herein. If you do not agree to such collection, use, and disclosure, then you may not and should not use any of our Services.

1. KEY DEFINITIONS

1.1 “AI” or “Artificial Intelligence” means computer systems, software, or algorithms, including machine learning models and large language models, that are designed to perform tasks that typically require human intelligence, such as understanding language, generating content, answering questions, analyzing data, or making predictions or recommendations. For purposes of this Privacy Policy, “AI” includes any automated tools or agents used to process, analyze, or generate information in connection with the Services.

1.2 “AI Input” means any prompt, query, instruction, tag, file, data set, parameter or other content that Customer (including its Users) submits to, or configures within, the Service for the purpose of generating, analyzing or otherwise processing information through our Models.

1.3 “AI Output” means any chart, insight, prediction, recommendation, text, image or other material generated autonomously or semi-autonomously by the Service.

1.4 “Biometric Information” means an individual’s physiological, biological, or behavioral characteristics, including information about an individual’s deoxyribonucleic acid (DNA), that is used or is intended to be used singly or with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

1.5 “Customer Data” means all electronic data or information submitted by Customer or its affiliates to and stored by the Service.

1.6 “Model” means any algorithmic architecture, machine-learning system (including weights, parameters and prompts) or ensemble thereof that powers generation of AI Output.

1.7 “Personal Information” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules or regulations.

1.8 “Sensitive Personal Information” means Personal Information revealing a consumer’s social security number, driver’s license and passport numbers, account numbers and credentials, precise geolocation, racial or ethnic origin, religious beliefs, or union membership, Personal Information concerning a consumer’s health, sex life, or sexual orientation, contents of a consumer’s mail, email and text messages where the business is not the intended recipient, genetic data, biometric information, or citizenship and immigration status.

1.9 “Special Category Personal Information” means Personal Information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership; genetic and biometric data; and data concerning health, sex life or sexual orientation.

1.10 “Training Data” means Customer Data, AI Inputs or subsets thereof that Company accesses to train, fine-tune or otherwise improve our Models.

Capitalized terms not defined here have the meanings given in the Terms of Service located at https://cpaqualitypro.com/terms/.

2. CHANGES TO THIS PRIVACY NOTICE

We may modify this Privacy Policy from time to time, in which case we will update the

“Last Updated” date at the top of this Privacy Policy. If we make material changes to the way in which we use or disclose information we collect, we will use reasonable efforts to notify you (such as by emailing you at the last email address you provided us, by posting notice of such changes on the Services, or by other means consistent with applicable law) and will take additional steps as required by applicable law. If you do not agree to any updates to this Privacy Policy, please do not continue using or accessing the Services.

**3. INFORMATION WE COLLECT **

We collect limited Personal Information from visitors to our website in the following ways:

• Contact Information: If you submit a form, we collect your name, email address, and any message you choose to send.

• Usage Data and Cookies: We automatically collect certain information through cookies and similar technologies, such as your IP address, browser type, operating system, and approximate location. This data helps us understand site traffic and improve performance. Please see Section 7 (Cookies & Other Tracking Technologies) for details.

3.1 Information You Provide to Us

You may choose to provide us with the following types of information when interacting with the Services:

• Contact Information: Such as your name, email address, and phone number.

• Account Information: Including username, email address, and password.

• Payment Information: Payment data necessary to complete transactions is collected and processed securely by our third-party payment providers, such as Stripe, via API. We do not have access to your full payment details. For more information on how your payment information is handled, please refer to Stripe’s privacy policy.

• Applicant Information: If you apply for a role with us, we may collect your resume, references, work history, and related details.

• Service Interaction Information: AI Inputs, documents, forms, or files you upload to the platform.

• Sensitive Personal Information: We may collect Sensitive Personal Information such as Social Security numbers, government-issued identification, financial account information, and health-related data as required to provide our services, verify your identity, comply with legal obligations, or as otherwise described in this Privacy Policy.

• Other Information You Provide: Such as details shared through email, contact forms, surveys, or in-product messaging.

In addition to information you provide directly, we may collect personal and sensitive personal information that is included in documents, forms, or files you upload to the platform. This may include, but is not limited to, Social Security numbers, financial account information, health data, or government-issued identification numbers. We treat all such information with the same level of protection as information you provide directly and use it solely to provide and support our services. You are responsible for ensuring that you have the right to upload any documents or forms containing personal or sensitive information. Please avoid uploading unnecessary sensitive data.

HIPAA. Customer may not use the Services to create, receive, maintain, transmit, or otherwise process any information that includes or constitutes “Protected Health Information”, as defined under the HIPAA Privacy Rule (45 C.F.R. Section 160.103).

Please do not submit any Biometric Information, or Special Category Personal Information through the Services, as we do not require or intend to process such information.

3.2 Information Collected Automatically

We and our third-party service providers may automatically collect certain technical and usage-related information from your browser or device (“Usage Data”), including:

• Device type, operating system, browser type, and unique device identifiers

• IP address and approximate geolocation

• Interaction data (e.g., clickstream, log files, time-stamps, browsing behavior, interactions with emails and in-product messages)

Please refer to Section 7 (Cookies & Other Tracking Technologies) for more information about how this data is collected and your choices.

3.3 Information Collected from Third Parties

We may obtain Personal Information about you from a variety of third-party sources in order to operate, improve, and personalize the Services we offer. These sources may include government databases and sources, third party websites, business partners, advertising networks, API integrations (such as OpenAI, Google or Meta), data enrichment services, and publicly available sources.

Any information we receive from outside sources will be treated in accordance with this Privacy Policy. We are not responsible for the accuracy of the information provided to us by third parties and are not responsible for any third party’s policies or practices. To the extent the laws in your jurisdiction do not recognize the legal basis of legitimate interest or another legal basis specified above for a particular purpose, you consent to the processing of your personal data for that purpose through using the Services.

Service Providers and Business Data Vendors. We may receive professional or business contact information such as your name, job title, company, email address, phone number, and LinkedIn profile URL, from service providers that lawfully source such data. We use this information to deliver relevant product updates, service communications, and marketing tailored to business professionals who may benefit from our Services. All providers we engage are required to confirm they have obtained such data legally and, where applicable, with appropriate consent.

Advertising and Marketing Partners. We work with marketing and advertising partners who may collect or share information about how you interact with our website, communications, advertisements, or event pages. This data helps us understand engagement, measure campaign effectiveness, and deliver relevant promotional content. Where required by law, we will obtain consent or honor opt-out preferences for such activities.

Public Sources. We may supplement information we collect with publicly available sources, such as government databases, government and corporate websites, news articles, or public directories, to provide the Service, support business contact validation, lead enrichment, or produce relevant analysis.

3.4 Customer End User Data

This Privacy Policy does not apply to data that our Customers upload to the Services about their own end users (“Customer End User Data”). In such cases, we process that information solely on behalf of the Customer, and the Customer’s own privacy policy governs its collection and use.

The below chart displays our data collection and disclosure practices as performed in a manner that satisfies the disclosure requirements of the California Consumer Privacy Act (as amended by the CPRA) and similar U.S. state privacy laws.

4. HOW WE USE YOUR INFORMATION

We use the information described above to:

• Respond to your inquiries submitted via the contact form;

• Monitor and improve the functionality and performance of our website;

• Operate, improve, and provide the Services and for other legitimate purposes, as described below; and

• Comply with legal obligations.

4.1 Contractual Necessity

We use your information where necessary to:

• Create, manage, and secure your account;

• Process your payment and deliver services;

• Generate and deliver AI Outputs; and

• Communicate with you and provide customer support.

4.2 Legitimate Interests

We use your information for our legitimate business purposes, including to:

• Personalize the Services (including AI Outputs) to your preferences;

• Understand how users engage with the Services and improve performance;

• Enhance security and prevent abuse;

• Provide usage analytics and reporting;

• Communicate with you regarding feature updates, usage guidance, or account status;

• Evaluate job candidates and administer recruiting;

• Offer you access to promotional offers via partners; and

• Market our services to business users (you may opt out of marketing communications at any time).

4.3 Legal Obligations

We use and disclose your Personal Information as needed to:

• Comply with applicable laws and regulations;

• Respond to legal process or law enforcement requests; - Enforce our Terms of Service and other legal agreements; and

• Protect our rights, users, and others.

**4.4 Use of Sensitive, Biometric, and Special Category Personal Information **

Our Services are not intended to collect or process Biometric Information or

Special Category Personal Information as defined in this Privacy Policy. We ask that Customers and users do not submit such information when using the Services. If we become aware that such data has been submitted, we will take reasonable steps to delete it, unless we are legally required to retain it. Any limited Sensitive Personal Information we process (e.g., account credentials, payment information, license information, social security numbers or anything Sensitive Personal Information provided by the user) is used solely for essential business operations such as regulatory compliance, authentication, transaction processing or providing the Services and is subject to heightened safeguards. We do not use such data for profiling, marketing, or AI model training.

4.5 Deidentified or Anonymized Data

We may deidentify or anonymize Personal Information so that it cannot reasonably be used to identify you. We may use such deidentified information for any lawful purpose and will not attempt to reidentify it except as required to verify the effectiveness of our deidentification processes.

5. DISCLOSURE OF YOUR INFORMATION

We may disclose your information to third parties subject to this Privacy Policy, including the following categories of third parties:

• Company Group: Our affiliates or others within our corporate group, in accordance with our contract with you, and for internal administration or support purposes, in our legitimate interest to run a successful business and in order to provide our Services.

• Service Providers: Vendors or other service providers who help us provide the Services, including for system administration, cloud storage, generative AI and content creation, security, customer transaction facilitation and relationship management, marketing communications, web analytics, payment networks, and payment processing.

• Business Partners: Third parties through whom you receive access to our Services, including via use of a promotion code or other method provided by such business partners, in our legitimate interest to provide you with free or discounted access to our Services.

• Other Third Parties, including other users: Third parties to whom you request or direct us to disclose information, such as through your use of social media widgets or login integrations, sending an email, or otherwise through choices to share or make output or other information visible to others, including other users. We do this as necessary for the performance of a contract, or in our legitimate interest to provide you with access to the Services and integrations with third parties, or with your consent.

• Advertising Partners: Third parties who display advertising information on our Services or otherwise assist with the delivery of ads.

• Professional Advisors: As necessary, we will share your Personal Information with professional advisors such as auditors, law firms, or accounting firms.

• Business Transactions: We will share Personal Information with a prospective buyer, seller, new owner, or other relevant third party as necessary while negotiating or in relation to a change of corporate control such as a restructuring, merger, asset sale or purchase, bankruptcy or other business transaction or re-organization. We do this in our legitimate interest to run a successful and compliant business, and as required by applicable law.

A current list of our subprocessors is available upon request. We will notify Customers of any material changes to our subprocessors in advance, as required by applicable law or contractual commitments.

We may also disclose your information as needed to comply with applicable law or any obligations thereunder or to cooperate with law enforcement, judicial orders, and regulatory inquiries, to enforce any applicable terms of service, and to ensure the safety and security of our business, employees, and users. We do this in our legitimate interest to protect our Service and business and to comply with applicable law.

6. USE OF ARTIFICIAL INTELLIGENCE AND AUTOMATED TOOLS

6.1 AI and Automated Processing. We use AI technologies, including multi-agent frameworks such as CrewAI and Serper.dev, to provide two main features: (1) a chatbot that answers questions about using our website and, in the future, about CPA licensing; and (2) automated summaries of regulatory statutes, government websites, and forms. Our AI systems may use a combination of large language models and retrieval-augmented generation techniques, which are regularly updated and tested for accuracy. These models may have knowledge cut-off dates and may not always reflect the most current information. To improve accuracy, we incorporate information from authoritative sources (such as .gov or .org websites and official PDFs) into our AI Outputs. All regulatory summaries generated by AI are subject to human review before being made available to users. AI-generated content is provided for informational purposes only and should not be relied upon as professional advice. To the extent CrewAI’s Model(s) or Serper.dev’s Model(s) are used in connection with a particular query, that model’s terms apply to you or your particular query (as applicable). CrewAI’s terms of use are located here:

https://www.crewai.com/terms-of-use and its privacy policy is located here: https://www.crewai.com/privacy-policy. Serper.dev’s terms of use are located here: https://serper.dev/terms and its privacy policy is located here: https://serper.dev/privacy.

6.2 Data Handling for AI Features. When you interact with our chatbot or use features that generate regulatory summaries, the information you provide (including queries and uploaded documents) may be processed by our AI systems. We implement commercially reasonable safeguards to protect your data during these processes. Some data may be used in a de-identified and aggregated form to improve our AI models; you may opt out of this use by contacting us.

6.3 Limitations and User Responsibilities. AI-generated responses and summaries are intended for reference only. Due to the nature of AI and the use of models with knowledge cut-off dates, AI Outputs may be incomplete, outdated, or inaccurate. Users should not rely solely on AI-generated content for compliance, legal, or regulatory decisions and should consult qualified professionals as appropriate.

7. THIRD PARTY WEBSITES AND SOCIAL FEATURES

Our Services may contain links to or integrations with third-party websites, applications, or platforms such as social media sites (e.g., Discord, LinkedIn, X/Twitter), embedded widgets, or promotional partners that are not owned or controlled by Company. These links are provided for your convenience only. Accessing those third-party properties is at your own risk, and your interactions with them are governed by their respective privacy policies and terms of service.

We are not responsible for the privacy, security, or data practices of any third party, including those operating websites or services linked to or from our Services. The inclusion of a link or integration does not constitute or imply endorsement of the linked site or service by Company.

If you post or share content on public or semi-public forums such as social media or community platforms through or in connection with our Services, that content may be visible to others without limitation and may be independently collected, copied, or used by the public or by users of those third-party platforms and we are not responsible for such uses. We recommend that you exercise caution and avoid submitting personal or sensitive information in such forums.

We encourage you to review the privacy policies of any third-party site or service before interacting with it or sharing any Personal Information.

8. COOKIES AND OTHER TRACKING TECHNOLOGIES

Company uses cookies, pixels, and similar tracking technologies to collect information about how you and your organization’s Users interact with our Services. This section explains what these technologies are, why we use them, the types we use, and how you can manage them.

What Are Cookies and Similar Technologies?

• Cookies are small text files placed on your browser or device when you visit a website. Some cookies are deleted once you close your browser (“session cookies”), while others remain on your device until they expire or you delete them (“persistent cookies”).

• Web beacons (also known as pixels or clear GIFs) are small graphic files that monitor user interactions with web content and emails to track user navigation, for example.

Why We Use These Technologies

We use cookies and related technologies to:

• Operate and secure our Website and Services;

• Enable basic Website functionality (e.g., login and navigation for our Website and Services);

• Understand usage patterns and performance;

• Personalize your experience and remember your preferences; and

• Support our marketing efforts, including analytics and campaign effectiveness.

Some cookies are set by us (first-party cookies), while others are set by third-party service providers we partner with (third-party cookies).

Types of Cookies We Use

We group the cookies and similar technologies we use into the following categories:

• Essential Cookies: Necessary for basic functionality of the Website and Services, such as secure logins and account management. These cannot be disabled.

• **Performance Cookies: **Help us understand how users interact with the Services by collecting information such as pages visited and error messages encountered.

• Functionality Cookies: Allow us to remember your preferences, such as login credentials, user settings, and region selection.

• Advertising & Analytics Cookies: Provided by third-party partners to help deliver relevant ads on other sites and measure engagement with our marketing content. These may also be used to track referral sources and conversion events.

How to Manage Cookies

You can control or delete cookies at any time through your browser settings. You may also opt out of certain third-party advertising cookies by visiting the Network Advertising Initiative (https://www.networkadvertising.org/choices) or the **Digital Advertising Alliance **(https://optout.aboutads.info).

To opt out of tracking by Google Analytics, click here.

Your browser settings may allow you to transmit a ‘do not track’ signal. Like many websites, our website is not designed to respond to such signals. To learn more about ‘do not track’ signals, you can visit http://www.allaboutdnt.com/.

9. CHILDREN’S PRIVACY

Children under the age of 13 are not permitted to use the Services, and we do not seek or knowingly collect any Personal Information about children, particularly those under 13 years of age or, in the case of a region where the minimum age for processing Personal Information differs, such different age. For users above the age of 13 but below the eligible age of consent to the processing of such user’s Personal Information, such user must obtain their parent or guardian’s consent prior to using the Services.

If we become aware that we have unknowingly collected information about a child under

13 years of age or the relevant minimum age in your jurisdiction, we will make commercially reasonable efforts to delete such information. If you are the parent or guardian of a child under the relevant minimum age who has provided us with their Personal Information, you may contact us using the below information to request that it be deleted.

10. DATA SECURITY AND RETENTION

We implement reasonable and appropriate administrative, technical, and physical safeguards designed to protect the Personal Information we collect and process and we use commercially reasonable efforts to comply with SOC 2. However, no system can be guaranteed to be completely secure, and we cannot ensure or warrant the absolute security of any information transmitted via the internet or stored on our systems. We recommend that you avoid transmitting sensitive or confidential information through unencrypted or unverified channels.

We retain Personal Information for as long as it is reasonably necessary to fulfill the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, enforce our agreements, maintain security, and protect our rights and the rights of others. In general, this means we may retain Personal Information indefinitely unless you request deletion, subject to applicable law and contractual commitments. However, where industry practice or customer expectations suggest periodic data minimization (such as a rolling 60-day deletion policy), we may choose to delete certain types of data earlier, particularly when it is no longer required for operational, legal, or business purposes.

Sensitive Personal Information is protected using reasonable security measures appropriate to the nature of the data and risks involved.

Data Retention Periods

We retain Personal Information for the following periods:

• Account Information: Retained for the earlier of (i) until deletion requested or no longer necessary for stated purposes, or (ii) 7 years.

• Payment Information: Retained for the earlier of (i) until deletion requested or no longer necessary for stated purposes, or (ii) 7 years.

• AI Inputs and Outputs: Retained for the earlier of (i) until deletion requested or no longer necessary for stated purposes, or (ii) 7 years.

• Marketing Data: Retained for the earlier of (i) until deletion requested or no longer necessary for stated purposes, or (ii) 7 years.

You may request deletion of your Personal Information at any time by contacting us at privacy@CPAQualityPro.com; we will respond in accordance with applicable data protection laws.

11. U.S. RESIDENTS

This section supplements the other sections of this Privacy Policy and applies to you only if you are a resident of California or another U.S. state that has passed a privacy law similar to the California Consumer Privacy Act (“CCPA”) that applies to us, and the law requires specific privacy notice disclosures. For purposes of this section, references to “personal information” shall include “sensitive personal information,” as these terms are defined under the CCPA.

Processing of Personal Information

In the preceding 12 months, we collected and disclosed for a business purpose the following categories of personal information and sensitive personal information about residents:

• Identifiers, such as name, e-mail address and IP address

• Personal information categories listed in the California Customer Records statute such as name, address and telephone number

• Commercial information such as records of products or services purchased

• Internet or other similar network activity such as Usage Data

• Geolocation data such as IP address

• Professional or employment-related information such as title of profession, employer, professional background and other information provided by you when you apply for a job with us

• Non-public education information collected by certain federally funded institutions such as education records that you provide when you apply for a job with us

• Account access credentials for the Services

• The contents of email messages in the email inboxes that you connect to your account, and the content of email messages you send through the Services

The specific business or commercial purposes for which we have collected and disclosed your personal information and the categories of sources from which we collect your personal information are described in the section above, titled Collection and Use Your Information. The third parties that we have disclosed your information to are described in Section 4 (Disclosure of Your Information) above. We only use and disclose sensitive personal information for the purposes specified in the CCPA or otherwise in line with your consent. The criteria we use to determine how long to retain your personal information are described in the section above, titled Data Security and Retention.

**Selling and/or Sharing of Personal Information **

We do not “sell” or “share” (as those terms are defined under the CCPA) personal information, nor have we done so in the preceding 12 months. Further, we do not have actual knowledge that we “sell” or “share” personal information of residents under 16 years of age.

California Account Holders Under 18

Any California residents under the age of eighteen (18) who have registered to use the

Services and who have posted content or information available to others on the Services can request that such information be removed from the Services by contacting us at the e-mail address set forth in the section below, How to Contact Us. Such request must state that they personally posted such content or information and detail where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the resident cannot be individually identified. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished the post, and archived copies of it may be stored by search engines and other parties that we do not control.

Additional California Resident Privacy Rights

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us once each calendar year to ask if you have shared Personal Information with third parties for their direct marketing purposes or may contact us at any time to prevent disclosure of Personal Information to third parties for such third parties’ direct marketing purposes. We do not currently disclose any of your Personal Information to third parties for their direct marketing purposes.

Nevada Residents

If you are a resident of the State of Nevada, you have the right to opt out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. Please note that we do not sell your Personal Information at all, including as defined in the Nevada Revised Statutes Chapter 603A.

Your Rights and Privacy Choices

Certain U.S. state laws provide residents with the right to opt out of the “sale” or “sharing” of their personal information, including through the use of third-party cookies and tracking technologies used for cross-site behavioral advertising or similar purposes.

If you are a resident of one of the following states, you have the right to opt out of such processing:

• California (California Consumer Privacy Act - CCPA / California Privacy Rights Act - CPRA)

• Colorado (Colorado Privacy Act - CPA)

• Connecticut (Connecticut Data Privacy Act - CTDPA)

• Delaware (Delaware Personal Data Privacy Act – DPDPA)

• Florida (Florida Digital Bill of Rights - FDBR)

• Montana (Montana Consumer Data Privacy Act - MTCDPA)

• New Jersey (New Jersey Data Privacy Act - NJDPA)

• Oregon (Oregon Consumer Privacy Act - OCPA)

• Texas (Texas Data Privacy and Security Act - TDPSA)

• Utah (Utah Consumer Privacy Act - UCPA)

• Virginia (Virginia Consumer Data Protection Act - VCDPA)

These laws define “sale” and “sharing” broadly, including certain data exchanges for targeted advertising.

How to Opt-Out

These laws allow you to opt out of the sale or sharing of your personal information with third parties for purposes such as cross-context behavioral advertising. If you are accessing this website from one of the eligible states listed above, you may email us at privacy@CPAQualityPro.com with the subject line “Opt-Out” and direct us to stop the sale or sharing of your personal information, including for targeted advertising purposes, as defined by applicable state laws.

Important Note

• If you are not a resident of the states listed above, you may not be eligible to exercise these specific opt-out rights. However, we are committed to respecting your privacy preferences and encourage you to review the rest of this Privacy Policy for more information about your choices.

• This opt-out applies only to the browser and device you’re currently using. For broader coverage, you may also use a browser that supports Global Privacy Control (GPC), which we recognize where required.

12. DATA HOSTING AND TRANSFERS

We may host and process data using leading cloud infrastructure providers, such as Amazon Web Services (AWS) and/or Google Cloud Platform (GCP), with data centers primarily located in the United States. These providers are contractually obligated to implement appropriate technical and organizational safeguards and may only process Personal Information on our behalf and in accordance with policies consistent with this Privacy Policy.

We may transfer your Personal Information to countries outside of your jurisdiction of residence, including to the United States, for the purposes of operating and providing our Services. Where such transfers occur, we implement appropriate safeguards as required under applicable data protection laws.

If you would like more information about our data transfer practices or to request a copy of the relevant safeguards, please contact us at privacy@CPAQualityPro.com.

13. YOUR RIGHTS AND CHOICES

Depending on where you live, you may have some or all of the rights listed below in relation to Personal Information that we have collected about you. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

• Right to Access / Know. You may have the right to request access to Personal Information that we hold about you, or to request information about our collection, use and disclosure of your Personal Information, such as the categories of Personal Information we have collected or disclosed for a business purpose.

• Right to Delete. You may have the right to request that we delete Personal Information we maintain about you.

• Right to Correct. You may have the right to request that we correct inaccurate Personal Information we maintain about you.

• Right of Portability. You may have the right to receive a copy of the Personal

Information we hold about you and to request that we transfer it to a third party.

• Restriction of Processing. You may have the right to ask us to stop, suspend or restrict our processing of Personal Information.

• Objection. You may have the right to object to our processing of Personal Information.

• Withdrawal of Consent. Where we rely on consent to process your Personal Information, you may have the right to withdraw this consent at any time by contacting us at privacy@CPAQualityPro.com. Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal and that, depending on where you withdraw your consent, we may not be able to deliver the expected service to you.

You may choose to stop receiving personalized advertising or marketing promotions from us when using the Services by contacting us at our email address provided below.

You may exercise any of these rights by contacting us using the information provided below. We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address and government issued ID, before providing a substantive response to the request. You may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. If we deny your request, you may appeal our decision by contacting us using the information provided below. You may opt out of information collection for AI (which would prohibit us from using your search information to improve our AI models) in your settings page if you are logged into the Services. You may also request to delete your account by contacting us at privacy@CPAQualityPro.com. If you delete your account, we aim to delete your Personal Information from our servers within 30 days. Please contact us at privacy@CPAQualityPro.com to request deletion.

14. COMPLAINTS

If you have complaints about how we process your Personal Information, please contact us at privacy@CPAQualityPro.com and/or your local representative’s contact details as set out above, and we will respond to your request as soon as possible.

15. HOW TO CONTACT US

Should you have any questions about our privacy practices or this Privacy Policy, please email us at privacy@CPAQualityPro.com and/or your local representative’s contact details as set out above.

ACTIVE\13518\1\9683619.v3-8/19/25