1. Data Processing Agreement (counsel-reviewed)
GDPR Article 28 DPA covering processing scope, sub-processors, data residency, Article 32 security measures, breach notification, and crypto-shredding for erasure.
Security & Compliance Architecture
Verifiable Article 50 and outbound evidence. Documents, certifications, and contractual allocations procurement and DPO teams need to qualify Audact.
GDPR Article 28 DPA covering processing scope, sub-processors, data residency, Article 32 security measures, breach notification, and crypto-shredding for erasure.
Machine-readable CSV listing every sub-processor: purpose, data category, location, transfer mechanism (SCCs where applicable). 30-day change-notification window.
Audact’s standard reseller-agreement template allocates AI Act Article 14 provider-side obligations (evidence-chain integrity, disclosure attestation) to Audact, and deployer-side obligations (script content, end-client onboarding, opt-in collection) to the agency. Capped financial liability per agency, with caps tied to underlying Audact platform liability allocation. Specific cap amounts are negotiated per contract — see DPA + MSA.
In accordance with the EU Data Act (Regulation 2023/2854), Audact contracts guarantee:
Target: Q4 2027, sequenced after the first 10 paying customers (so audit scope reflects real production controls). Vendor selection Q2 2027. Type I baseline in advance.
Information Security Management System certification. Statement of Applicability (SoA) drafted Q2 2026; Stage 1 audit Q3 2026; Stage 2 / certification Q4 2026.
Active alignment viaNEN membership(target Q3 2026), participating in the Dutch mirror committee. Certification track follows once the EU harmonised standards under the AI Act stabilise.
Pre-completed DPIA template for outbound voice AI deployments under GDPR Article 35. Includes the Audact data flow, retention defaults, lawful basis options, and risk-mitigation controls. Ready for adaptation by your DPO.
JSON bundle that DPO teams receive on request: sample receipts + policy versions + consent provenance + sub-processor matrix. Designed for procurement intake reviews. Anonymised sample below.