Subprocessors
Version 1.3 • Effective: June 2026 • See Legal Changelog
Audit-IQ is operated by RIO ENTERPRISE, India. We use trusted third-party service providers ("subprocessors") to operate and deliver the Service — including hosting, authentication, AI-assisted processing, billing, email delivery, and operational monitoring.
We limit data shared with subprocessors to what is necessary for service delivery. All subprocessors are engaged under contractual terms appropriate to their role.
This page complements our Data Processing Agreement structure, Privacy Policy, and Data Residency Statement.
Current subprocessors
| Provider | Purpose | Data categories processed | Primary location | Customer data? |
|---|---|---|---|---|
| Supabase Supabase Inc. | Database, authentication, file storage | Account data, workspace data, uploaded documents, auth tokens | Managed region — contact legal@audit-iq.com to confirm production region | Yes |
| Fly.io Fly.io Inc. | Backend API hosting (application server) | All authenticated API request and response data | United States (primary) | Yes |
| OpenAI OpenAI Inc. | AI-assisted obligation extraction, document analysis, compliance gap analysis | Uploaded document content (processed per-request for feature delivery; not used for model training per OpenAI API usage policies) | United States | Yes (document content) |
| Vercel Vercel Inc. | Frontend application hosting, CDN, server-side rendering | Session metadata, request headers, basic telemetry (no workspace content) | United States (origin); global CDN edge | Limited (request metadata) |
| Stripe Stripe Inc. | Billing and payment processing | Billing identifiers, subscription status, invoices (Audit-IQ does not store or process raw card or bank data) | United States (primary) | Limited (billing data) |
| Resend Resend Inc. | Transactional email delivery | Email address, notification content, delivery metadata | United States (primary) | Limited |
| Zoho Mail Zoho Corporation Pvt. Ltd. | Notification email delivery (internal notification worker) | Email address, notification content | India / global | Limited |
| Sentry Functional Software Inc. | Error monitoring and operational observability | Error traces, stack frames, limited request metadata (no document content by default; configured to minimise personal data in error payloads) | United States (San Francisco) | Limited (operational logs) |
Subprocessor details are verified at the time of publication. Contact legal@audit-iq.com for a confirmed list for procurement review.
See also: Data Residency Statement.
AI processing note
Audit-IQ uses OpenAI's API for AI-assisted features including obligation extraction and compliance analysis. Document content submitted for AI processing is governed by OpenAI's API usage policies. Audit-IQ does not intentionally use customer content to train AI models, and does not authorise OpenAI to use submitted content for training purposes under current API configurations.
Customers with specific requirements regarding AI processing of their documents should review our Data Residency Statement and contact us before uploading sensitive or regulated content.
Vendor due diligence
We evaluate subprocessors based on their suitability for the role they perform, including their security documentation and privacy controls where available. We restrict data shared with subprocessors to what is necessary for service delivery.
Change notifications
We may update this list from time to time. Material changes will be reflected on this page and in our legal changelog. Where reasonably practicable, we will provide at least 30 days' advance notice of material subprocessor additions through the Service or by email to account administrators.
Subprocessor enquiries: legal@audit-iq.com
