AuditGuardX

Privacy

Privacy Policy

Last updated: March 15, 2026. This policy describes how AuditGuardX collects, uses, stores, and protects personal data. For data processing agreements, email privacy@auditguardx.com.

1. Information We Collect

  • Account Information: Name, work email address, company name, and billing details provided during registration.
  • Compliance Documents: Policies, procedures, and evidence files you upload for compliance analysis. These are processed solely to deliver the AuditGuardX service.
  • Usage Data: Feature usage patterns, session duration, pages visited, and compliance checks run used to improve the platform and provide analytics.
  • Device & Browser Data: IP address, browser type, operating system, and device identifiers for security monitoring and fraud prevention.
  • Voice Data: When using Voice Mode, audio is processed in real time by Groq (TTS via Orpheus and STT via Whisper). Audio is not stored after processing.

2. How We Use Your Information

  • Service Delivery: To provide compliance analysis, document processing, AI assistance, reporting, and collaboration features.
  • Account Management: To manage your subscription, billing, authentication, and workspace settings.
  • Security: To protect against unauthorized access, monitor for security threats, and maintain audit logs.
  • Product Improvement: To analyze aggregate usage patterns and improve platform performance (never using individual document content).
  • Communications: To send service notifications, security alerts, and product updates. Marketing emails only with explicit consent.

3. Legal Basis for Processing (GDPR)

  • Contract Performance: Processing your account and compliance data is necessary to deliver the service you subscribed to (Article 6(1)(b)).
  • Legitimate Interest: Usage analytics and security monitoring are based on our legitimate interest in improving and securing the platform (Article 6(1)(f)).
  • Consent: Marketing communications are sent only with your explicit consent, which can be withdrawn at any time (Article 6(1)(a)).
  • Legal Obligation: We may process data to comply with applicable laws, regulations, or legal proceedings (Article 6(1)(c)).

4. Data Storage & Security

  • Infrastructure: All data is stored on Google Cloud Platform with AES-256 encryption at rest and TLS 1.3 encryption in transit.
  • Isolation: Customer data is logically isolated per workspace and organization. No cross-tenant access is possible.
  • Access Controls: Role-based access control (RBAC), session-based authentication, and optional SSO via WorkOS (SAML/OIDC).
  • Backups: Automated daily backups with point-in-time recovery and cross-zone replication.

5. Data Retention

  • Active Accounts: Data is retained for the duration of your subscription.
  • Account Deletion: Upon contract termination or account deletion request, all personal data and compliance documents are permanently deleted within 30 days.
  • Audit Logs: Administrative audit logs are retained for 12 months for security purposes, then automatically purged.
  • Backups: Backup data is automatically purged within 90 days of deletion from the primary database.

6. Subprocessors

  • Google Cloud Platform - Infrastructure (compute, storage, database, networking). Location: United States (configurable).
  • Stripe - Payment processing and subscription billing. Location: United States.
  • WorkOS - Enterprise SSO, SCIM directory sync. Location: United States.
  • Cerebras - AI inference for compliance analysis. Location: United States.
  • Groq - AI inference, text-to-speech (Orpheus), and speech-to-text (Whisper). Location: United States.
  • We evaluate all subprocessors for security practices and data protection standards before engagement. Customers are notified of subprocessor changes.

7. International Data Transfers

  • AuditGuardX primarily processes data in the United States via Google Cloud Platform.
  • For transfers outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission.
  • EU customers may request data residency in Google Cloud europe-west regions. Contact privacy@auditguardx.com for details.

8. Your Rights

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate personal data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request limitation of processing in certain circumstances.
  • Objection: Object to processing based on legitimate interest.
  • Withdraw Consent: Withdraw consent for marketing communications at any time.
  • To exercise any of these rights, email privacy@auditguardx.com. We respond to all requests within 30 days.

9. Cookies & Tracking

  • Essential Cookies: Session management and authentication (required for the service to function).
  • Analytics: Aggregate usage patterns to improve the platform. No individual compliance document content is tracked.
  • We do not sell personal data. We do not use third-party advertising trackers.

10. Contact & DPO

  • Privacy inquiries: privacy@auditguardx.com
  • Data Processing Agreements: Available on request for Business and Enterprise customers.
  • Security concerns: security@auditguardx.com
  • AuditGuardX, New York, NY, United States.