Caseware Legal

1. Introduction

Caseware provides application programming interfaces ("APIs") as part of certain Products and Services (collectively, the "Caseware Offerings" as defined in the MPSA) that enable customers to integrate and automate certain functionality within the Caseware environment. This API Usage Policy explains permitted and prohibited uses of the APIs to help protect security, platform stability, brand integrity, and clear role alignment.

This policy supplements the Caseware Master Product and Services Agreement ("MPSA") and any applicable order forms. If there is any conflict between this policy and the MPSA, the MPSA controls.

2. Scope

This policy applies to all access to and use of Caseware APIs by Customer and its Permitted Users, including any API documentation portals, SDK environments, developer portals, preview or beta programs, and any credentials, keys, secrets, or tokens used to access the APIs.

3. Permitted Use (Customer-Led Integrations)

Customers may use the APIs to extend and enhance their Caseware environment for the customer's internal business purposes, subject to the MPSA, this policy, and applicable security requirements.

Customers may engage third-party developers to build integrations using customer-issued API credentials, provided that: (a) the work is performed solely on the customer's behalf and for the customer's internal business purposes; and (b) the customer remains responsible for all access granted and all activity conducted using the customer's API credentials.

4. Credentials, Security, and Customer Responsibility

API credentials are issued to customers and remain the customer's responsibility. Customers must protect credentials from unauthorized use and must not share or permit use of API credentials outside the customer's authorized environment (i.e., systems and administrators under the customer's control). Customers must promptly notify Caseware if API credentials are lost, stolen, or compromised.

API credentials must not be used to provide services to other organizations or to support any multi-tenant deployment, unless Caseware expressly authorizes otherwise in writing. This restriction is consistent with the MPSA prohibition on selling, reselling, or sublicensing the Caseware Offerings without authorization.

Customers are responsible for ensuring appropriate handling of customer data used in any integration, including by any third-party developer acting on the customer's behalf. This includes compliance with applicable data protection laws and regulations, and any cross-border or cross-jurisdiction data transfer requirements.

5. Platform Stability, Rate Limits, and Monitoring

API usage is subject to Caseware's standard security controls, monitoring practices, and rate limits. Caseware may throttle, suspend, or restrict API access where necessary to protect platform integrity for all customers.

Customers and integrators must implement responsible technical practices, including: respecting rate-limit responses, avoiding unbounded retries, and using session/token lifetimes appropriately. Rate limit configurations may change and should not be hard-coded. Caseware does not guarantee backward compatibility across API versions.

6. Third Parties Are Not Caseware Agents; Support Limitations

Third parties engaged by a customer act solely as the customer's service providers and are not Caseware agents, subcontractors, or representatives.

Caseware does not provide support or warranty for third-party-developed code or non-certified integrations beyond the support services described in the MPSA and applicable Schedules. Support responsibilities for third-party integrations remain between the customer and the third party, unless Caseware has formally certified or approved the integration in writing.

7. Commercialization, Broad Promotion, and Partner Intake

If a third party intends to commercialize, broadly promote, or offer an integration to multiple firms or other organizations (i.e., acting as an ecosystem partner rather than solely as the customer's service provider), Caseware requires completion of a formal partner review and written approval prior to any commercialization or broad promotion.

Third parties that have not completed the applicable Caseware partner intake and evaluation process will not receive dedicated partner resources (such as partner-specific documentation, sandbox environments, or other partner materials), unless Caseware decides otherwise in writing.

8. Public Communications and Brand Use

Third parties may not use Caseware logos or imply partnership, certification, endorsement, exclusivity, or alignment without prior written authorization from Caseware.

Any public references to Caseware must be limited to accurate, descriptive statements and must not imply endorsement. Additional restrictions may apply for "core" use cases, including AI-native or agentic AI scenarios, as communicated by Caseware in applicable program terms or written approvals.

9. Data Use; No Unauthorized Retention or AI/ML Training

Customer and third party are responsible for ensuring appropriate handling of customer data used in the integration, consistent with Customer's obligations under the MPSA regarding customer data and privacy.

Caseware-derived data must not be retained, reused, or used to train AI/ML models except as authorized by the customer and permitted by applicable agreements and law. For clarity: aggregated, anonymized usage data or technical metadata (such as API call volumes, error rates, or performance metrics) may be used by Caseware for platform improvement and analytics purposes, consistent with the MPSA.

10. Prohibited Uses

In addition to the restrictions set forth in the MPSA, you must not use the APIs to: (a) engage in unlawful activity; (b) perform scraping for commercial purposes, redistribute data inappropriately, or place undue stress on the services; (c) bypass security controls, rate limits, monitoring, or audit logging; (d) conduct stress testing, vulnerability probing, or similar disruptive testing without Caseware's prior written consent; or (e) use customer-issued API credentials to provide services to other organizations or in a multi-tenant model without authorization.

11. Preview / Beta Programs (If Applicable)

Certain APIs may be offered under preview or beta program terms as Beta Services (as defined in the MPSA). Such APIs may be subject to additional notices, restrictions, or separate program terms, and may be modified, throttled, suspended, or discontinued at any time. All APIs, including generally available APIs, may be versioned, modified, deprecated, or discontinued by Caseware upon reasonable notice in accordance with the MPSA, except as otherwise specified in an applicable Order Form.

12. Enforcement

Caseware may investigate suspected violations and may throttle, suspend, or terminate API access in accordance with Sections 11.2 and 11.3 of the MPSA where necessary to protect security, stability, or integrity of the platform, including for any breach of this policy or the MPSA. Caseware reserves the right to audit API usage in accordance with Section 2.6 of the MPSA to verify compliance with this policy and applicable agreements.

13. Updates to This Policy

Caseware may update this policy from time to time by posting the revised version at www.caseware.com/legal/caseware-api-use-policy with a revised "Last Updated" date. Material changes will be communicated to Customer in accordance with the notice provisions of the MPSA. Continued use of the APIs after such notice constitutes acceptance of the revised policy, provided that any changes that would materially alter Customer's rights or obligations under the MPSA require a written amendment in accordance with Section 12.12 of the MPSA.

14. Questions

For questions about acceptable API usage or third-party integrations, contact: legalreview@caseware.com.

‍

INTRODUCTION

Caseware uses artificial intelligence (AI) and machine learning technologies to enhance our products and services. This AI Use Policy provides transparency about how we use AI in the Caseware Offerings.

This policy supplements our Master Product and Services Agreement ("MPSA"), available at https://www.caseware.com/nl/master-product-service-agreement/. In the event of any conflict between this policy and the MPSA, the terms of the MPSA will control.

HOW WE USE YOUR DATA WITH AI

Our use of data in connection with AI features is governed by the MPSA. In plain language:

Your Content (Customer Data & Subscriber Data)

We use your content, such as the documents, files, and information you upload or create, only to provide the AI features you've requested. We do not use your content to train AI models that benefit other customers.

Technical Usage Information (Customer Metadata)

We collect technical information about how you use our products, such as which features you access, usage patterns, and performance metrics. This technical information does not include the substance of your work. We use this information to improve our products and to develop and train AI models.

Anonymized Information (Aggregated Data)

We create anonymized, aggregated data that cannot identify you or your organization. We use this aggregated data to develop, train, and improve AI models, optimize our products and services, and conduct research and analytics.

The terms above use simplified descriptions for clarity. For precise legal definitions, complete details about data ownership, licenses, and usage rights, please see the MPSA. In case of any conflict, the MPSA definitions control.

AI MODELS AND PROVIDERS

Caseware uses a combination of proprietary AI models and third-party AI technologies to deliver AI features. When we use third-party AI providers:

·      We select providers with appropriate security and privacy practices

·      We enter into data protection agreements with these providers

·      We limit data sharing to what is necessary to provide the requested features

Information about our service providers and data security practices is available at https://trust.caseware.com.

SECURITY AND PRIVACY

AI processing is subject to the same security and privacy protections as all Caseware Offerings, including:

·      Encryption of data in transit and at rest

·      Access controls and authentication mechanisms

·      Regular security monitoring and assessments

·      Compliance with applicable data protection laws

For detailed information about our security practices, please visit https://trust.caseware.com.

For information about personal data processing, please see our Data Processing Agreement at https://www.caseware.com/dpa/.

AI LIMITATIONS AND YOUR RESPONSIBILITIES

AI technologies have limitations. AI-generated outputs may contain errors, inaccuracies, or "hallucinations" (plausible-sounding but incorrect information). AI models may also reflect biases present in their training data.

You are responsible for:

·      Reviewing and verifying all AI-generated outputs before use

·      Exercising professional judgment in all decisions and advice

·      Ensuring compliance with applicable laws and professional standards

·      Not relying solely on AI outputs for critical decisions

AI features are tools to assist you, not replacements for your professional expertise. You remain solely responsible for all work product, decisions, and advice you provide.

As stated in the MPSA, AI features and outputs are provided "as is" without warranties regarding accuracy, completeness, or fitness for a particular purpose.

OWNERSHIP OF AI OUTPUTS

Content generated by AI features using your data ("Customer Outputs") is owned by you, subject to the terms of the MPSA. During the term of your agreement, Caseware has a limited license to use Customer Outputs to provide services to you. Caseware does not use Customer Outputs to train or improve AI models. We do use Customer Metadata (technical usage information) and Aggregated Data to develop and improve our AI models, as described above.

UPDATES TO THIS POLICY

We may update this AI Use Policy from time to time to reflect new features, technologies, or practices. When we make material changes, we will post the updated policy at www.caseware.com/legal/caseware-ai-use-policy and update the "Last Updated" date above.

The current version of this policy is always available at www.caseware.com/legal/caseware-ai-use-policy. Your continued use of AI features after updates constitutes acceptance of the revised policy.

QUESTIONS?

For questions about this AI Use Policy or our use of AI technologies:

Visit our Trust Center: https://trust.caseware.com

Email us: privacy@caseware.com

Review the MPSA: https://www.caseware.com/nl/master-product-service-agreement/

‍

1. Purpose and Scope

This Code of Conduct (“Code”) is a summary, and it supports policies, including those on Environmental, Social and Governance (ESG), modern slavery, privacy, supplier standards, and information security. It is intended to provide an accessible overview of the ethical standards, legal responsibilities, and behavioural expectations that guide how everyone associated with Caseware International Inc. (“Caseware”), including employees, contractors, suppliers, partners and representatives, should act in support of our values: Integrity, Mutual Respect, Accountability, and Excellence.

This Code does not replace the full Code of Conduct or the referenced policies. All employees are expected to comply with the full Code, related internal policies, and applicable laws.

The intention is to protect Caseware’s reputation and foster a culture of trust, fairness, and compliance. Caseware provides ongoing training on these principles, and all employees certify annually that they have read, understood, and will comply with the full Code and related policies.

We expect third parties acting on Caseware’s behalf, including suppliers, partners, and representatives, to uphold standards of conduct consistent with this Code. For more detailed guidance on supplier expectations, see Caseware’s Supplier Code of Conduct.

2. Core Principles

2.1. Integrity and Ethical Business

Caseware is committed to conducting business with honesty, fairness and transparency. All business decisions and interactions should uphold the highest ethical standards. This includes:

·      Gifts and Hospitality: Employees and representatives must not offer, give, or receive improper gifts or hospitality, including facilitation of payments.

·      Accurate Books and Records: All records, invoices, and reports must be complete, accurate, and free from misrepresentation.

2.2. Compliance with Laws

Employees and representatives must comply with all applicable laws, regulations and internal policies, including those governing anti-corruption, privacy and human rights.

2.3. Respect and Diversity

Caseware values diversity and inclusion. Discrimination, harassment, or bias in hiring or workplace conduct on grounds such as race, gender, sexual orientation, identity, age, disability, creed, or family status is prohibited. Caseware values human rights; forced labour, child labour, and any violation of internationally recognized human rights standards will not be tolerated.

2.4. Confidentiality and Information Protection

Protecting confidential and personal information is a fundamental responsibility. All client, partner and employee data must be handled in accordance with Caseware’s Privacy Statement, applicable contractual obligations, and consistent with applicable privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA), and the General Data Protection Regulation (GDPR).

2.5. Environmental Responsibility

Casware strives to minimize its environmental impact and promote sustainability, in line with ESG standards. Employees and representatives should act responsibly in using resources and managing environmental risks.

3. Workplace Conduct

3.1 Anti-Corruption and Business Ethics

Caseware maintains a zero-tolerance policy towards corruption bribery, and improper business practices. Offering, giving, soliciting, or accepting anything of value in exchange for improper advantage is prohibited, whether direct or indirect, by employees or anyone acting on Caseware’s behalf.

3.2. Safety and Respect

All employees are expected to contribute to a work environment free from harassment, bullying, unsafe conduct, or other demeaning behaviour. Mutual respect and professionalism must guide all interactions.

3.3. Conflict of Interest

Employees must avoid conflicts, actual or perceived, between personal interests and the interests of Caseware. Where potential conflicts arise, they should be disclosed promptly to management or compliance officers.

3.4. Third Parties & Representatives

We encourage third parties acting on our behalf to upload standards of conduct consistent with this Code and our Supplier Code of Conduct.

4. Use of Caseware Assets & Systems

Caseware resources, including software, computer systems, networks and intellectual property, must be used responsibly, only for legitimate business purposes, and in accordance with security policies. Misuse, theft or unauthorized access is prohibited.

5. Reporting, Accountability and Non-Retaliation

Caseware encourages speaking up if someone observes behaviour that appears unethical, illegal or non-compliant with this Code. Individuals raising concerns in good faith will be protected against retaliation. A detailed reporting mechanism and protection policy are included in internal governance documents.

6. Enforcement

Violations of this Code may lead to disciplinary action, up to and including termination, and when appropriate, referral to legal authorities. Caseware reserves the right to investigate potential breaches and take corrective measures.

1. PURPOSE AND SCOPE

Caseware International Inc. and its subsidiaries and affiliates (collectively, “Caseware”) are committed to conducting business in a lawful, ethical, and responsible manner. Caseware seeks to work with suppliers that share similar values and standards.

This Supplier Code of Conduct (the “Code”) describes principles and standards that Caseware encourages its suppliers, vendors, contractors, consultants, agents, resellers, distributors, and other third parties (collectively, “Suppliers”) to follow when conducting business with or on behalf of Caseware.
‍
This Code applies to Suppliers and, where appropriate, their employees, officers, directors, agents, and subcontractors involved in providing goods or services to Caseware.
‍
This Code sets out Caseware’s expectations of all Caseware Suppliers and does not impose additional legal obligations on Caseware.
‍
In addition, Suppliers are encouraged to conduct themselves in a manner consistent with the ethical principles reflected in Caseware’s Code of Conduct.

‍

2. COMPLIANCE WITH LAWS AND REGULATIONS

Suppliers are expected to comply with all applicable local, provincial/state, national, and international laws, regulations, and industry standards in the jurisdiction in which they operate. This includes laws relating to employment, labour standards, occupational health and safety, anti-corruption, competition, data protection and privacy, environmental protection, and trade controls.

Where local laws are less restrictive than this Code, you are encouraged to comply with the Code, even if your conduct would otherwise be legal. If local laws are more restrictive than the Code, you must always, at a minimum, comply with those laws.Supplier Code of Conduct

‍

3. ETHICAL BUSINESS CONDUCT

3.1 Integrity and Fair Dealing

Suppliers are expected to conduct business in good faith and with integrity. Dealings with Caseware, customers, competitors, and public authorities should be conducted honestly and transparently.

3.2 Anti-Bribery and Anti-Corruption

Suppliers are expected to comply with applicable anti-bribery and anti-corruption laws, including, where applicable, the Canadian Corruption of Foreign Public Officials Act, the U.S. Foreign Corrupt Practices Act, and the UK Bribery Act.
‍
Suppliers should not engage in bribery, corruption, or other improper business practices in connection with Caseware business.

3.3 Fair Competition and Anti-Trust

Dealings with competitors, customers, and third parties should be conducted fairly and in good faith.

Suppliers ought to conduct business in compliance with applicable competition and antitrust laws. Suppliers should avoid anti-competitive practices, including price fixing, bid rigging, market allocation, or the improper exchange of competitively

3.4 Trade Controls, Sanctions and Export Compliance

Suppliers should not engage in transactions or activities in connection with Caseware business that would cause Caseware or the Supplier to violate applicable trade or sanctions laws.

Suppliers ought to comply with all applicable trade control, customs, export, re-export, import, and economic sanctions laws and regulations in the jurisdictions in which they operate, including those relating to restricted or denied parties, embargoed countries, and prohibited end uses.

3.5 Conflict of Interest

Suppliers are encouraged to avoid situations that may present an actual or perceived conflict of interest in their dealings with Caseware. Where actual or potential conflict exists, Suppliers should resolve the conflict and promptly disclose the matter to Caseware.
‍

3.6 Gifts, Hospitality, and Business Courtesies

Caseware prohibits any gifts, hospitality, business courtesies, money, or anything similar, directly or indirectly to a government official or employee of a state-owned enterprise, or to the spouse, significant other, child, or other relative of any such person, for the purpose of influencing or rewarding an action or decision of the government or public sector employee or official or to gain any improper advantage for Caseware.
‍
Suppliers should not offer, promise, or provide gifts, hospitality, entertainment, or other business courtesies that are intended, or could reasonably be perceived, to improperly influence a business decision, create a conflict of interest, or obtain an improper advantage in connection with Caseware business.
‍
Suppliers should also avoid offering gifts, hospitality, or business courtesies to Caseware employees, officers, or representatives where such items could reasonably be perceived as influencing business judgment or creating an improper advantage.
‍
Reasonable, lawful hospitality aligned with Caseware policies is acceptable.

‍

4. HUMAN RIGHTS AND LABOUR PRACTICES

Caseware supports respect for internationally recognized human rights principles, including those reflected in the United Nations Universal Declaration of Human Rights and the International Labour Organization (ILO) core conventions. Nothing in this Code is intended to require Suppliers to take actions that are inconsistent

with local law, nor to interfere with lawful employer-employee relationships.

4.1 Forced and Child Labour

Suppliers are expected to comply with applicable laws relating to forced labour, child labour, and human trafficking. Suppliers should not knowingly engage in practices involving forced, bonded, or child labour.

4.2 Modern Slavery and Forced Labour Transparency

In accordance with applicable legislation, including Canada’s Fighting Against Forced Labour and Child Labour in Supply Chains Act, the United Kingdom’s Modern Slavery Act, and Australia’s Modern Slavery Act, Caseware may request certain information from Suppliers regarding their policies, processes, or risk management practices relating to forced labour and child labour. Any such requests are intended for transparency and reporting purposes only.

4.3 Fair Wages and Working Hours

Suppliers are expected to comply with applicable wage, benefits, and working hour laws in the jurisdictions in which they operate.

4.4 Non-Discrimination and Respectful Workplace

Suppliers are encouraged to provide workplaces free from unlawful discrimination or harassment and to make employment-related decisions based on lawful, job-related criteria.

4.5 Freedom of Association

Suppliers are encouraged to respect the rights of workers to lawfully associate, organize, and engage in collective bargaining, consistent with applicable laws and regulations in the jurisdiction in which they operate.

4.6 Health, Safety and Working Conditions

Suppliers are expected to comply with applicable occupational health and safety laws and to take reasonable measures to provide safe and healthy working conditions for their workers.

‍

5. INFORMATION SECURITY, PRIVACY AND DATA PROTECTION

5.1 Security Standards

Suppliers that access, process, or handle Caseware confidential information or personal data are expected to comply with applicable privacy and data protection laws and with any contractual data protection obligations agreed with Caseware.

Suppliers should implement reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, use, or disclosure.
‍
These practices should be proportionate to the nature of the services provided and aligned with applicable laws, regulations, and contractual obligations.

‍5.2 Responsible Use of AI

Where Suppliers develop, deploy, or use artificial intelligence, machine learning, or automated decision-making systems in connection with Caseware business, Suppliers are encouraged to do so in a responsible, lawful, and ethical manner.

Suppliers are to:

• Use Caseware data or information within AI systems only as authorized;

• Implement appropriate human oversight for material decisions that may significantly affect individuals;

• Avoid uses of AI that result in unlawful discrimination or harm; and

• Use AI systems in compliance with applicable laws and regulations;

‍

6. INTELLECTUAL PROPERTY AND PROPRIETARY INFORMATION

Suppliers should use Caseware intellectual property and information solely for authorized purposes related to Caseware business and should not misuse, disclose, copy, or infringe upon such rights except as permitted by applicable law or agreement.

Suppliers are expected to respect and protect Caseware’s intellectual property, confidential information, and proprietary assets, as well as the intellectual property rights of third parties.

‍

7. ENVIRONMENTAL RESPONSIBILITY

Suppliers are encouraged to comply with applicable environmental laws and regulations and to operate in a manner that seeks to minimize environmental impact, where practicable.

‍

8. SUBCONTRACTING AND SUPPLY CHAIN PRACTICES

Where Suppliers engage subcontractors or third parties in connection with Caseware business, Suppliers are encouraged to take reasonable steps to promote awareness of this Code and applicable legal requirements.

‍

9. FINANCIAL INTEGRITY AND RECORDKEEPING

Suppliers are expected to maintain accurate business records in accordance with applicable laws and standard business practices. Records related to Caseware business should not be knowingly falsified or misleading.

‍

10. BUSINESS CONTINUITY AND RESILIENCE

Suppliers that provide critical services or support key business operations for Caseware are encouraged to maintain reasonable business continuity and disaster recovery practices appropriate to the nature of the services provided.Supplier Code of Conduct

Suppliers are encouraged to take reasonable steps to minimize disruptions to Caseware business and to notify Caseware, where appropriate, of material disruptions that may affect the delivery of goods or services.

‍

11. RAISING CONCERNS AND NON-RETALIATION

Suppliers are encouraged to promptly raise concerns regarding potential violations of applicable laws, regulations, or ethical standards related to Caseware business.

Concerns may be raised through the Supplier’s internal reporting channels or, where appropriate, by contacting Caseware using reporting mechanisms made available by Caseware from time to time.

Suppliers should avoid retaliation against any individual who, in good faith, raises a concern, reports suspected misconduct, or participates in an investigation relating to Caseware business.

Retaliation may include, but is not limited to, termination, demotion, harassment, discrimination, or any other adverse action taken because an individual raised a concern or participated in a review in good faith.

‍

12. MONITORING AND ASSESSMENTS

Caseware may, from time to time and where appropriate, request information or certifications from Suppliers to support compliance, risk management, or regulatory reporting.

Any such activities will be subject to applicable legislation and contractual arrangements.

‍

13. RELATIONSHIP AND REMEDIES

Nothing in this Code limits or modifies Caseware’s rights or remedies under applicable law or under any agreement between Caseware and a Supplier.

Caseware reserves the right to take appropriate action in accordance with applicable contracts and legislation.

‍

14. SUPPLIER ACKNOWLEDGEMENT

Suppliers are encouraged to acknowledge review of this Code in a manner agreed between the parties. Serious or repeated violations of this Code may affect the

Supplier’s relationship with Caseware, including the exercise of rights or remedies available to Caseware under any applicable agreement and applicable legislation.

‍