Data Processing Addendum
Updated: May 2026
This Data Processing Addendum (DPA) governs the processing of personal data by AuditingLab on behalf of customers (Controllers).
Roles
- Customer (Controller): Determines the purposes of data processing.
- AuditingLab (Processor): Processes data as instructed by the Controller.
Nature of Processing
Analyzing and managing clinical quality assurance workflows, documents, and audit findings on behalf of customers.
Sub-processors
- Neon (PostgreSQL database hosting)
- Clerk (Identity and authentication)
- Stripe (Payment processing)
- OpenAI (AI prompt processing)
- Calendly (Scheduling)
- Replit (Application hosting)
Breach Notification
AuditingLab will notify the Controller within 72 hours of becoming aware of a personal data breach.
For DPA execution or questions, email support@auditinglab.com.