Data Processing Agreement

Effective Date: 05 April 2025

1. Parties to the Agreement

This Data Processing Agreement (“DPA”) is entered into between:

N53 Techlabs LLC (“Processor”), a Delaware limited liability company and provider of the AuditWise platform, with principal office at 1007 N Orange St., 4th Floor, 4291 Wilmington, DE 19801, United States; and
[Customer Name] (“Controller”), with principal office at [Customer Address] as defined in the applicable Master Services Agreement (MSA) or invoice.

2. Definitions

Data Protection Laws include the GDPR, the DPDP Act (India), the CCPA/CPRA, and other applicable privacy regulations.
Personal Data: Any data relating to an identifiable natural person processed by the Processor on behalf of the Controller.
Processing: Any operation performed on Personal Data (e.g., collection, storage, transfer).
Sub-Processor: A third party engaged by the Processor to process Personal Data.

3. Purpose & Scope

3.1 The Processor will process Personal Data only as necessary to provide services defined in the MSA and as instructed by the Controller.
3.2 Categories of data and purposes are defined in Annexure 1.
3.3 All Sub-Processors are contractually bound to security and privacy obligations equivalent to this DPA.

4. Sub-Processors

The following Sub-Processors may process Personal Data as part of service delivery:

Sub-Processor - Purpose - Link to DPA / Privacy

Amazon Web Services (AWS) - Infrastructure hosting (compute, DNS, backups) - AWS DPA
MongoDB Atlas - Primary database (NoSQL) - MongoDB DPA
Supabase - Primary database (SQL) - Supabase Privacy
Cloudflare - DNS management, WAF, edge security, bot mitigation - Cloudflare DPA
Sentry - Application monitoring and error tracking - Sentry DPA
Google Workspace - Business communications and document handling - Google DPA
HubSpot - CRM and contact management (if enabled) - HubSpot DPA
Calendly - Calendar scheduling for demos - Calendly DPA
CallHippo - VoIP sales/support communication - CallHippo Privacy
Zoho Books - Invoicing and accounting data - Zoho Privacy
Apollo.io - Lead outreach and enrichment - Apollo Privacy

5. Processor Obligations

Only process data as instructed by the Controller
Implement technical and organisational security measures
Notify of any breach within 48 hours
Assist in fulfilling data subject rights (access, deletion, etc.)

6. Controller Obligations

Ensure the lawful collection and transfer of Personal Data
Provide proper notices and obtain valid consents

7. International Transfers

Data may be transferred between the US, India, the EU, and other countries. Standard Contractual Clauses (SCCs) or equivalent frameworks will be used where required.

8. Data Retention & Deletion

Upon termination of services:

Data will be returned or deleted within 30 days
Retention may extend for legal or regulatory compliance

9. Breach Notification

Notification to the Controller within 48 hours
Includes nature, scope, affected data, and mitigation steps

10. Audit Rights

The controller may conduct or request third-party audits
Audits must provide reasonable notice and maintain confidentiality

11. Liability & Indemnity

Each party is liable for breaches of this DPA per the MSA
The processor’s liability is limited to direct damages unless otherwise agreed

12. Governing Law

This DPA is governed by the laws of the State of Delaware, USA
Courts of Delaware shall have exclusive jurisdiction unless otherwise indicated in the MSA

13. Contact

Support: support@auditwise.io
Compliance: compliance@n53tech.com

Annexure 1: Details of Processing

1. Categories of Personal Data

Name, email, phone, job title
Audit metadata, access logs, file uploads
IP address, browser fingerprint, session data

2. Categories of Data Subjects

Audit participants (employees, internal/external auditors)
Customers' employees or contractors using the platform

3. Processing Activities

Account creation, role-based access
Audit task execution and file handling
Logging and monitoring for compliance and traceability

4. Retention

As instructed by the Controller or required by law