Legal
Data Processing Agreement (Summary)
This page summarizes how AuditVantage AI processes personal data on behalf of business customers. A countersigned DPA is available on request for enterprise accounts.
Last updated: June 24, 2026
Important notice
These documents describe how AuditVantage AI operates today. They are not a substitute for advice from a licensed attorney in your jurisdiction. Enterprise customers may request a signed Data Processing Agreement (DPA).
Related: Privacy · Terms · Refunds · DPA
1. Parties and roles
AuditVantage AI is operated by its owner as an independent software service. It is not yet registered as a separate legal company.
For candidate and applicant personal data uploaded to AuditVantage AI, your organization is typically the data controller and AuditVantage AI acts as a data processor processing data on your documented instructions via these Terms and our Privacy Policy.
Customer = the organization that creates a workspace and uploads candidate data.
Processor = AuditVantage AI (AuditVantage AI).
2. Subject matter and duration
Processing relates to recruitment and applicant screening via AuditVantage AI. Processing continues for the subscription term and reasonable wind-down period after termination, except data deleted earlier at Customer instruction.
3. Nature and purpose of processing
- Storage and parsing of resumes (PDF/DOCX)
- AI-assisted screening and ranking against job descriptions
- Collaboration features (notes, status, team access)
- Secure client share links with passcode protection
4. Categories of data subjects and data
Data subjects:job applicants and Customer's authorized users.
Personal data: names, contact details, employment history, skills, and other information contained in resumes and screening outputs.
5. Processor obligations
We will:
- Process personal data only on documented Customer instructions (Terms + this DPA).
- Ensure personnel with access are bound by confidentiality.
- Implement appropriate technical and organizational security measures.
- Assist with data subject requests where feasible, via Customer.
- Notify Customer of personal data breaches without undue delay.
- Delete or return data when Customer deletes records or terminates, per Privacy Policy.
- Make available information necessary to demonstrate compliance.
6. Sub-processors
Customer authorizes our use of sub-processors listed below. We impose data protection obligations on sub-processors through contract:
| Provider | Purpose | Location |
|---|---|---|
| Supabase, Inc. | Authentication, PostgreSQL database, and private file storage | United States (regions may vary by project) |
| Vercel Inc. | Application hosting and content delivery for the web platform | United States (regions may vary by deployment) |
| OpenAI, L.L.C. | Resume text analysis via API (requests configured with store: false) | United States |
| Lemon Squeezy (Lemon Squeezy LLC) | Payment processing, subscriptions, and tax compliance (when online checkout is enabled) | United States |
| Inngest, Inc. | Background job queue for resume batch processing (when enabled) | United States |
7. International transfers
Where personal data is transferred outside the EEA/UK, we implement appropriate safeguards such as Standard Contractual Clauses where required by law.
8. Audits
Upon reasonable written request, we will provide information about our security practices. On-site audits may be available for enterprise customers under a separate agreement and mutual NDA.
9. Signed DPA
This summary is incorporated into our Terms of Service. For a countersigned Data Processing Agreement (including EU Standard Contractual Clauses where applicable), email the address published on our website with your company name and billing contact.