AuditHQ trust center
Security posture, privacy practices, sub-processor list, compliance status, and data residency - kept current as AuditHQ evolves. The trust center is the canonical answer to "is AuditHQ safe to use".
Evidence-first audit architecture
AuditHQ runs deterministic checks before AI narrative. Code collects the evidence, the engine classifies findings, and AI explains the result in plain English.
Subprocessors
AuditHQ uses Supabase, Vercel, Stripe, Resend, and Anthropic to operate the service. The Trust Center lists the purpose, data involved, and known hosting region for each provider.
Vendor review resources
Customers can review the Security page, Privacy Policy, Terms of Service, AI Policy, status page, and DPA request path from the Trust Center.
Data residency and transfer posture
AuditHQ uses managed cloud providers and may process operational data through those providers to deliver the service. Processor, data protection, and security information can be provided for vendor review where available.
Incident and status communication
Operational incidents are communicated through status and support channels. Security or privacy concerns should be raised through the published contact paths so they can be triaged and answered. This gives procurement, customers, and auditors a clearer path than relying on private messages or informal support threads.