GDPR
GDPR Commitment
AuditGuardX is built for organizations operating under GDPR, CCPA, PIPEDA, and other global privacy frameworks. We act as a data processor under GDPR Article 28 and implement appropriate technical and organizational measures to protect personal data.
Data Processing Agreements
We provide GDPR-compliant Data Processing Agreements (DPAs) to all customers. DPAs include Standard Contractual Clauses (SCCs) for international transfers and are available on request for Business and Enterprise plans.
Article 30 Records
We maintain comprehensive records of processing activities as required by Article 30, including purposes of processing, categories of data subjects, and categories of personal data processed.
Data Subject Rights
We support all data subject rights under GDPR: access (Article 15), rectification (Article 16), erasure (Article 17), restriction (Article 18), portability (Article 20), and objection (Article 21). Requests are fulfilled within 30 days.
Breach Notification
Our incident response plan includes notification to the relevant supervisory authority within 72 hours of becoming aware of a personal data breach (Article 33), and notification to affected data subjects without undue delay when the breach is likely to result in a high risk (Article 34).
Data Protection by Design
AuditGuardX implements privacy by design principles (Article 25): data minimization, purpose limitation, storage limitation, and privacy-preserving defaults. Compliance documents are processed only for the specific purpose of delivering the analysis service.
International Transfers
Data is primarily processed in the United States via Google Cloud Platform. For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs). EU customers may request data residency in Google Cloud europe-west regions.
Subprocessors
Our subprocessors include Google Cloud Platform, Stripe, WorkOS, Groq, and Cerebras. We evaluate all subprocessors for GDPR compliance and data protection standards. Customers are notified of any subprocessor changes.
Audit & Accountability
Our platform logs every access and change to ensure full accountability. Administrative audit logs are available for Business and Enterprise customers. We undergo regular security assessments and are working toward SOC 2 Type II certification.
Request a DPA or EU Data Residency
Contact our privacy team to execute a Data Processing Agreement, request EU data residency, or exercise data subject rights.