Skip to content
DPAFlow
01 / Subprocessor change monitoring

Vendor and subprocessor changes, detected the moment they happen.

DPAFlow continuously monitors vendor and subprocessor pages, captures dated evidence when they change, and routes review-ready records to the right teams.

In every record
source-urltimestampcontent-hashreview-trail

7-day trialNo credit card required

Microsoft Trust Center
Monitoring active
trust.microsoft.com
Last change: May 12
Google Workspace
Monitoring active
privacy.google.com/businesses/processors
Last change: May 10
Amazon Web Services
Monitoring active
aws.amazon.com/compliance/sub-processors
Last change: May 11
Change detectedMay 12, 2025 · 14:23 UTC

Subprocessor list updated

trust.microsoft.com/subprocessors
May 5, 2025May 12, 2025Changed
What changed
2 subprocessors added · 1 removed
  • +Microsoft Azure OpenAI Service (East US 2)New
  • +Databricks, Inc.New
  • Nuance Communications, Inc.Removed
Evidence captured
Full page snapshot
Subprocessor section
Change highlight
Rendered text
Evidence IDEV-2F8D-D5B7Hasha7e4…c3b9
Open recordAdd to review queue
The anatomy of an evidence record

Four anchors behind every record

No logo wall. Every change DPAFlow detects becomes a record built on the same four anchors — so the evidence speaks for itself.

01
Source URL
northwind.example/subprocessors

Exactly where it was captured

02
Captured timestamp
2026-03-14 09:42 UTC

The precise moment of capture

03
Content hash
3f9a8c2e…c21b

A fingerprint of the content

04
Review status
In review → Approved

Who reviewed it, and when

02 /The gap

Manual subprocessor tracking breaks where it matters most

Spreadsheets, calendar reminders, and ad-hoc screenshots feel like a process — until you have to prove oversight.

01

Vendor pages change without notice

Subprocessor lists and DPAs update quietly — nobody emails you.

02

Evidence is captured too late

By the time someone notices, the original page is already gone.

03

Reviews scatter across tools

Privacy, legal, and vendor-risk weigh in across email and spreadsheets.

04

You can’t prove what changed

When an auditor asks what the page said in March, you can’t prove it.

03 /How it works

From a quiet change to a defensible record

One disciplined loop on every source — so oversight never depends on someone remembering to check.

DPAFlow vendor monitoring network and source status overview
01

Monitor source

Add a vendor’s public page; DPAFlow checks it on your schedule.

02

Detect change

When the page changes, DPAFlow flags exactly what’s different.

03

Capture evidence

Records the source URL, timestamp, content hash, and a snapshot.

04

Review & export

Routes to the right reviewers, then exports as audit-ready evidence.

04 /Evidence record

Every change becomes an audit-ready record

Each record is self-contained: where it came from, when it was captured, a content hash, the exact change that triggered it, and the review trail behind the decision.

  • Source URL & captured timestamp
  • Content hash & stored snapshot
  • Previous → current change
  • Reviewer role & recorded decision
  • One-click audit-ready export
Evidence record
Atlas Mail — subprocessor list
Change detected
Source URL
atlasmail.example/legal/subprocessors
Captured
2026-03-14 09:42 UTC
Content hash
3f9a8c2e…c21b
Snapshot
Stored · 2 versions
Detected change
14 subprocessors listed
+15 subprocessors — added Northwind Cloud (US)
EV-2026-0314-07Privacy review
Export record

Sample data · customer-controlled review

05 /Source trust

Monitoring is only as good as its sources

DPAFlow is honest about the state of every page it watches — so a broken or moved source never quietly masquerades as “no change.”

Verified source

Reachable and unchanged since the last capture. Nothing to act on.

Recent checks
Under review

A change was detected; a record is open with your reviewers.

Recent checks
Needs verification

DPAFlow couldn’t confidently match the page — a quick human check.

Recent checks
Source unavailable

No response on recent checks; DPAFlow retries and flags it.

Recent checks
06 /Review workflow

One change, the right reviewers

When a record opens, it routes to the people who need to weigh in — with the decision kept against the evidence.

DPAFlow review workflow for privacy and legal teams

Privacy

Reviews the data-processing impact — new sub-processors and locations.

Legal

Reviews contractual and DPA implications of the change.

Vendor risk

Reviews operational and security implications across the vendor portfolio.

The decision is recorded with the evidence

Approved, annotated, or escalated — the decision is saved against the record with its source, timestamp, hash, and reviewer notes. Customer-controlled, kept with your team.

07 /Evidence trail

Evidence that stacks up over time

From the source snapshot to the reviewer’s decision and export packet, each change adds a dated layer — so you can always show what changed, when, and who signed off.

Source inspection · illustrative
DPAFlow evidence trail showing source snapshot to export packet

Sample data · reduced-motion safe

08 /Platform

Start with monitoring. Expand when you’re ready

DPAFlow isn’t a full enterprise GRC suite — and it doesn’t pretend to be. It does vendor and subprocessor monitoring well, then grows into adjacent privacy work only when you need it.

Available now

Vendor & subprocessor monitoring

Continuous monitoring, dated evidence, source health, and review-ready records with audit-ready exports — the core of DPAFlow.

Monitoring workflow

Transfer Impact Assessment

Assessment workflow

Guided TIAs for international transfers, linked to the vendors you already monitor.

RoPA builder

Documentation workflow

Maintain your Record of Processing Activities, fed by real vendor data.

External-processor & ESG evidence

Evidence workflowExploratory — in design

Extend dated evidence capture beyond privacy into ESG and external-processor oversight.

09 /Use cases

Built for the people who own vendor risk

One monitored source, four points of view. DPAFlow gives each team the evidence it needs, in the form it needs it.

Prove ongoing Article 28 oversight — with evidence, not memory

See every subprocessor change as it happens, with dated evidence ready for an auditor.

  • Dated evidence for every detected change
  • Subprocessor additions surfaced automatically
  • A defensible, reconstructable oversight trail
10 /Security & trust

Built to be trusted by the teams who answer to auditors

DPAFlow is made for privacy and legal professionals — which means being clear and honest about how it handles your data and what it does on your behalf.

EU-first hosting

Your data is hosted in the EU by default — built for European privacy teams.

DPA available before purchase

Review our Data Processing Agreement before you commit. No sales gate.

Role-based access

Give each teammate only the access their role needs — privacy, legal, or vendor-risk.

Controlled automation

You decide what’s monitored, how often it’s checked, and who reviews each change.

Audit-ready exports

Export records as clean, dated evidence whenever an auditor or customer asks.

Customer-controlled review

Decisions stay with your team. DPAFlow never approves or signs off on your behalf.

DPAFlow supports your compliance work — it doesn’t provide legal advice or guarantee compliance, and it isn’t a certification. Evidence records are designed to be clear and defensible, not a claim of tamper-proofing.

11 /Pricing

Simple pricing that scales with your vendor list

Every plan includes the full monitoring-to-evidence workflow. Start with a 7-day trial — and review our DPA before you buy.

Starter

€99/mo

For a small privacy team starting to monitor its key vendors.

  • Vendor & subprocessor monitoring
  • Scheduled change detection
  • Dated evidence capture (URL, time, hash)
  • Review-ready records
  • Email change alerts
Start free trial

Professional

Most popular
€299/mo

For teams running monitoring as a real, reviewed process.

  • Everything in Starter
  • Review workflow routing
  • Source-health monitoring
  • Audit-ready exports
  • Priority email support
Start free trial

Business

€999/mo

For larger vendor portfolios and multi-team review.

  • Everything in Professional
  • Role-based access controls
  • TIA & RoPA modules included
  • Guided onboarding
Talk to sales

All plans include a 7-day trial · DPA available before purchase · Prices in EUR, excl. VAT

Stop screenshotting vendor pages. Start proving what changed.

Set up monitoring on your first vendor in minutes, and keep the dated evidence for the day someone asks.

7-day trial · DPA available before purchase