Sub-processor Register — Audit Intelligence
Last updated: 2026-05. Owner: Eden Pearson, EDENIC Consulting.
This register lists every third-party service that processes Audit Intelligence customer data, the category of data each processes, the region in which they process it, and the contractual basis (DPA) for that processing.
Material changes to this register are notified to customer firms 30 days in advance, in line with our Master Services Agreement.
1. Infrastructure sub-processors
These services handle the storage and compute of customer data.
| Vendor | Service | Data category | Storage region | Processing region | DPA / SCC link |
|---|---|---|---|---|---|
| Cloudflare, Inc. | Workers, Pages, R2, KV, Queues, DNS | All application data + files | R2: APAC (Sydney/Melbourne); KV: global (non-PII only) | Sydney/Melbourne/Perth POPs (AU users); nearest POP otherwise | Cloudflare DPA — SCC-incorporated |
| Neon, Inc. | Postgres database | Structured audit data (working papers, audit trail, journals, materiality, risk register) | AWS ap-southeast-2 (Sydney) | Same region | Neon DPA |
| Amazon Web Services, Inc. (sub-sub-processor via Neon, and optionally via Bedrock) | Underlying infrastructure (storage + compute used by Neon; optionally Bedrock for AI inference under STRICT_AU_AI) | Same as the vendor above (Neon / Bedrock) | ap-southeast-2 (Sydney) | AWS DPA + Australia DPA Addendum |
2. Functional sub-processors
These services support specific features. Customer data is sent in narrow, scoped flows; see docs/DATA_RESIDENCY.md §4 for details.
| Vendor | Service | Data sent | Processing region | DPA link |
|---|---|---|---|---|
| OpenAI, L.L.C. | LLM inference (GPT-4o-mini, GPT-4o) | Prompts containing the audit content for the specific feature (FSA mapping description, risk statement context, IRL prompt). No raw client identifiers unless inherent to the WP content. | US | OpenAI DPA — zero-retention API tier in use; OpenAI confirms no training on submitted data. |
| Anthropic, PBC | LLM inference (Claude Sonnet 4.5) | Prompts for document summarisation, journal fraud analytics, WP narrative autofill, pre-lock checklist. | US (default) or ap-southeast-2 via AWS Bedrock when STRICT_AU_AI=1 | Anthropic Commercial Terms + DPA |
| Google LLC | LLM inference (Gemini 2.5 Flash) | Prompts for FSA mapping, field autofill, materiality benchmark, MUS random start, entity profile search. | US | Google Cloud DPA |
| Resend, Inc. | Transactional email delivery | Email to/from addresses; subject + body (notification metadata + deep links only — no audit content). | US | Resend DPA |
| Upstash, Inc. (optional) | Redis cache for job queue acceleration | Hashed identifiers, queue metadata. No PII. | ap-southeast-2 (Sydney) | Upstash DPA |
3. Operational sub-processors
These services support EDENIC Consulting's internal operations but do not process customer audit data.
| Vendor | Purpose | Customer data exposure |
|---|---|---|
| GitHub, Inc. | Source code hosting | None — application code only, no customer data |
| Sentry | Error monitoring | Stack traces with redacted request bodies; no PII in default config |
| Cloudflare Logpush | Application access logs | Source IP, request path, response status; logs delivered to SYD-resident R2 bucket |
4. Not used
We do not currently use the following categories of sub-processor:
- Customer support ticketing (Intercom, Zendesk, etc.) — support is direct via
email until volume warrants tooling. When introduced, the chosen vendor will be added here with 30 days' notice.
- Marketing analytics (Segment, Mixpanel, etc.) — by design.
- Session replay (Hotjar, FullStory, LogRocket) — by design.
- US-based identity providers — sessions are HMAC-signed cookies with a
Sydney-stored secret.
5. Notification of changes
When a sub-processor is added, changed, or removed:
- The change is recorded in this file with a dated entry in §6.
- Customer firms with active subscriptions receive email notification to
their nominated security/IT contact.
- A 30-day objection window applies. If a customer objects to a new
sub-processor on reasonable security grounds, EDENIC will either (a) work with the customer on alternative configuration (e.g. self-host the feature) or (b) the customer may terminate the affected service with refund of unused subscription.
6. Change log
| Date | Change | Notice given |
|---|---|---|
| 2026-05-08 | Initial register published. | — (pre-commercial) |
7. Verification
A customer firm's security reviewer can verify the contents of this register against the running platform as described in docs/DATA_RESIDENCY.md Appendix A.
Eden Pearson is available for live screen-share verification by appointment: eden@edenic.com.au.