Vendor and subprocessor changes, detected the moment they happen.
DPAFlow continuously monitors vendor and subprocessor pages, captures dated evidence when they change, and routes review-ready records to the right teams.
7-day trialNo credit card required
Subprocessor list updated
trust.microsoft.com/subprocessors- +Microsoft Azure OpenAI Service (East US 2)New
- +Databricks, Inc.New
- −Nuance Communications, Inc.Removed
Four anchors behind every record
No logo wall. Every change DPAFlow detects becomes a record built on the same four anchors — so the evidence speaks for itself.
Exactly where it was captured
The precise moment of capture
A fingerprint of the content
Who reviewed it, and when
Manual subprocessor tracking breaks where it matters most
Spreadsheets, calendar reminders, and ad-hoc screenshots feel like a process — until you have to prove oversight.
Vendor pages change without notice
Subprocessor lists and DPAs update quietly — nobody emails you.
Evidence is captured too late
By the time someone notices, the original page is already gone.
Reviews scatter across tools
Privacy, legal, and vendor-risk weigh in across email and spreadsheets.
You can’t prove what changed
When an auditor asks what the page said in March, you can’t prove it.
From a quiet change to a defensible record
One disciplined loop on every source — so oversight never depends on someone remembering to check.

Monitor source
Add a vendor’s public page; DPAFlow checks it on your schedule.
Detect change
When the page changes, DPAFlow flags exactly what’s different.
Capture evidence
Records the source URL, timestamp, content hash, and a snapshot.
Review & export
Routes to the right reviewers, then exports as audit-ready evidence.
Every change becomes an audit-ready record
Each record is self-contained: where it came from, when it was captured, a content hash, the exact change that triggered it, and the review trail behind the decision.
- Source URL & captured timestamp
- Content hash & stored snapshot
- Previous → current change
- Reviewer role & recorded decision
- One-click audit-ready export
Sample data · customer-controlled review
Monitoring is only as good as its sources
DPAFlow is honest about the state of every page it watches — so a broken or moved source never quietly masquerades as “no change.”
Reachable and unchanged since the last capture. Nothing to act on.
A change was detected; a record is open with your reviewers.
DPAFlow couldn’t confidently match the page — a quick human check.
No response on recent checks; DPAFlow retries and flags it.
One change, the right reviewers
When a record opens, it routes to the people who need to weigh in — with the decision kept against the evidence.

Privacy
Reviews the data-processing impact — new sub-processors and locations.
Legal
Reviews contractual and DPA implications of the change.
Vendor risk
Reviews operational and security implications across the vendor portfolio.
The decision is recorded with the evidence
Approved, annotated, or escalated — the decision is saved against the record with its source, timestamp, hash, and reviewer notes. Customer-controlled, kept with your team.
Evidence that stacks up over time
From the source snapshot to the reviewer’s decision and export packet, each change adds a dated layer — so you can always show what changed, when, and who signed off.

Sample data · reduced-motion safe
Start with monitoring. Expand when you’re ready
DPAFlow isn’t a full enterprise GRC suite — and it doesn’t pretend to be. It does vendor and subprocessor monitoring well, then grows into adjacent privacy work only when you need it.
Vendor & subprocessor monitoring
Continuous monitoring, dated evidence, source health, and review-ready records with audit-ready exports — the core of DPAFlow.
Transfer Impact Assessment
Assessment workflowGuided TIAs for international transfers, linked to the vendors you already monitor.
RoPA builder
Documentation workflowMaintain your Record of Processing Activities, fed by real vendor data.
External-processor & ESG evidence
Evidence workflowExploratory — in designExtend dated evidence capture beyond privacy into ESG and external-processor oversight.
Built for the people who own vendor risk
One monitored source, four points of view. DPAFlow gives each team the evidence it needs, in the form it needs it.
Prove ongoing Article 28 oversight — with evidence, not memory
See every subprocessor change as it happens, with dated evidence ready for an auditor.
- Dated evidence for every detected change
- Subprocessor additions surfaced automatically
- A defensible, reconstructable oversight trail
Built to be trusted by the teams who answer to auditors
DPAFlow is made for privacy and legal professionals — which means being clear and honest about how it handles your data and what it does on your behalf.
EU-first hosting
Your data is hosted in the EU by default — built for European privacy teams.
DPA available before purchase
Review our Data Processing Agreement before you commit. No sales gate.
Role-based access
Give each teammate only the access their role needs — privacy, legal, or vendor-risk.
Controlled automation
You decide what’s monitored, how often it’s checked, and who reviews each change.
Audit-ready exports
Export records as clean, dated evidence whenever an auditor or customer asks.
Customer-controlled review
Decisions stay with your team. DPAFlow never approves or signs off on your behalf.
DPAFlow supports your compliance work — it doesn’t provide legal advice or guarantee compliance, and it isn’t a certification. Evidence records are designed to be clear and defensible, not a claim of tamper-proofing.
Simple pricing that scales with your vendor list
Every plan includes the full monitoring-to-evidence workflow. Start with a 7-day trial — and review our DPA before you buy.
Starter
For a small privacy team starting to monitor its key vendors.
- Vendor & subprocessor monitoring
- Scheduled change detection
- Dated evidence capture (URL, time, hash)
- Review-ready records
- Email change alerts
Professional
Most popularFor teams running monitoring as a real, reviewed process.
- Everything in Starter
- Review workflow routing
- Source-health monitoring
- Audit-ready exports
- Priority email support
Business
For larger vendor portfolios and multi-team review.
- Everything in Professional
- Role-based access controls
- TIA & RoPA modules included
- Guided onboarding
All plans include a 7-day trial · DPA available before purchase · Prices in EUR, excl. VAT
Stop screenshotting vendor pages. Start proving what changed.
Set up monitoring on your first vendor in minutes, and keep the dated evidence for the day someone asks.
7-day trial · DPA available before purchase