Audit-IQ RegTech

Data Residency Statement

Version 1.2 • Effective: March 2026 • See Legal Changelog

This statement explains where Audit-IQ stores and processes data and the controls we apply to protect it. It is provided for transparency and does not override our Terms of Service or Privacy Policy.

1. Data categories

  • Account data (name, email, organisation, access metadata)
  • Workspace data (projects, obligations, evidence links, notes, exports)
  • Uploaded content (framework PDFs, policies, evidence documents)
  • Operational logs (security logs, audit logs, limited telemetry, error traces)
  • Billing data (billing identifiers, invoices, payment status via Stripe)

2. Primary hosting region

Audit-IQ stores and processes core workspace data (including uploaded content) in the primary region used for your workspace environment, subject to the capabilities and configuration of our infrastructure providers.

At this stage, data residency options may be limited by environment and plan. If you require a specific residency (for example, Australia-only or EU-only), please contact us prior to onboarding so we can confirm feasibility and any required configuration.

3. Cross-border processing

Some processing may occur outside your primary region due to third-party services and operational requirements. Examples include:

  • Payment processing and invoicing (Stripe)
  • Email delivery for notifications and account communications
  • Monitoring, logging, and security alerting
  • Fraud prevention, abuse detection, and incident investigation
  • Support interactions (only when you contact us or request assistance)

Where cross-border processing occurs, we implement reasonable safeguards and contractual protections with our subprocessors appropriate to their role.

For transparency, see our Subprocessors and Security pages.

4. AI processing

Audit-IQ uses AI systems to extract, summarise, and organise obligations from uploaded content and to support the Service features.

  • Customer content is processed only to provide the Service.
  • Customer content is not used to train external, public AI models.
  • AI processing may be performed using infrastructure providers that process data outside your primary region.

You are responsible for ensuring you have the rights and legal basis to upload and process any documents or personal data you provide to the Service.

5. Retention, backups & deletion

We retain customer data for as long as your account remains active and as needed to provide the Service. You may request deletion of workspace data, subject to legal, security, and operational requirements.

Certain information may persist for limited periods in backups, logs, or security records, and will be deleted or overwritten in accordance with our retention practices unless required for legal compliance or incident response.

6. Contact

Questions about data residency or processing:
📧 founder@audit-iq.com