GDPR, UK, and Swiss Data Protection Notice

Last Updated: July 2, 2026



European Economic Area, United Kingdom, and Switzerland Privacy Notice

AuditFile, Inc. (“AuditFile,” “we,” “us,” “our”) is committed to protecting the privacy of your information. The following notice describes how we collect, use, and disclose information we receive from users of our website, mobile applications, and products and services (collectively, the “Services”) in the European Economic Area, the United Kingdom, and Switzerland (collectively, “you” or “users”). For personal data relating to our users and customers — such as account, billing, and usage information — AuditFile is the “controller” under the EU General Data Protection Regulation (GDPR). For personal data contained in the content our customers upload to the Services (for example, financial records within audit files), AuditFile processes that data on behalf of the customer as a “processor” under our agreements with them. References to the GDPR in this notice include the UK GDPR and, where applicable, the Swiss Federal Act on Data Protection (FADP).

Effective Date

This notice is effective and last updated as of July 2, 2026.

The Information We Collect

We collect different types of information from users.
Personal Data means any information relating to an identified or identifiable natural person. Examples of Personal Data we collect from users include first and last names, company name and address, email address, telephone number, username and password for accessing your AuditFile account, IP addresses, and mobile device identifier.
Usage Data. We collect additional information regarding users’ activities on our website, mobile app, and software application. For instance, when you view a section of our website or application that does not require you to log in with unique user credentials or start conversations with us using our software application, we may collect anonymous Usage Data that may not reasonably be used to identify you as the source. Usage Data includes “click stream” activity, such as when you click on a banner advertisement; the type of Internet browser and computer operating system you are using; the location from which you are accessing the website; the URL of the website from which you linked to our website; and the areas of our website you visited.

How We Collect Information

We collect Personal Data when you voluntarily provide such information through the website or other communications. For example, we receive Personal Data when you visit our website, create an online user account, submit a membership application, subscribe to receive our communications, register for events, submit various online forms, and contact us via telephone, mail, or email. We automatically record Usage Data on our server logs that your browser transmits when you use the website. We also collect Usage Information about how you access and interact with the website through the use of automated tracking technology, such as cookies. Please find more information about our use of cookies below.

How We Use and Disclose Information

General Uses and Disclosures. We use and share the information we collect from users for the purposes described below. Depending on the purpose, our legal basis for processing is the performance of our contract with you (providing the Services), our legitimate interests (improving and securing the Services and operating our business), compliance with our legal obligations, the protection of vital interests, or your consent where we ask for it. To perform the following tasks, AuditFile may transfer your data to countries outside the European Economic Area, the United Kingdom, or Switzerland using the safeguards described under “International Data Transfers” below. When necessary, we will obtain your consent before using your data for these purposes.

Artificial Intelligence Features

The Services include AI-assisted features — such as in-product assistants, engagement review, trial-balance categorization, request-list generation, document extraction, and dictation — that are controlled by each customer firm’s administrators. To generate responses, these features may process the prompts a user submits together with related engagement content, including the contents of documents uploaded to a conversation.

By default, AuditFile processes AI interactions through its enterprise Microsoft Azure AI Foundry and Amazon Web Services (Amazon Bedrock) environments, which host third-party models (for example, Anthropic Claude and OpenAI models). For this AuditFile-managed processing path, prompts, inputs, and outputs are not used to train or fine-tune the model providers’ models and are not retained by those model providers beyond generating a response, in accordance with AuditFile’s agreements with those providers. Where a firm enables web search, search queries are sent to a third-party search provider (for example, Tavily or Brave); where dictation is enabled, audio is processed for transcription (for example, by Amazon Transcribe). If a firm configures its own model endpoint or a self-hosted model, that provider’s terms and data practices govern that processing. Users can delete uploaded files at any time, and deleting a conversation permanently removes the conversation, its messages, and its uploaded files from the product.

The AI features assist and inform the professional work of our customers; AuditFile does not use them to make automated decisions about you that produce legal or similarly significant effects within the meaning of Article 22 of the GDPR.

International Data Transfers

AuditFile is based in the United States, and by default the Services are hosted and personal data is processed in the United States on Amazon Web Services and Microsoft Azure (region-based hosting is available for firms operating in other jurisdictions, including the EU and Canada). Where we transfer Personal Data from the European Economic Area, the United Kingdom, or Switzerland to the United States or another country that has not received an adequacy decision, we rely on the European Commission’s Standard Contractual Clauses (as adopted in 2021), together with the UK International Data Transfer Addendum and the Swiss-recognized version of those clauses, as the transfer mechanism, supplemented by technical and organizational measures such as encryption of data in transit and at rest. You may request a copy of the relevant clauses by contacting us at [email protected].

How to Withdraw Your Consent

At any time, you may withdraw consent you have provided to AuditFile for using, disclosing, or otherwise processing your Personal Data. You may withdraw your consent by emailing AuditFile at [email protected], and following the instructions in our communication to you. Please note that your withdrawal of consent to process certain Personal Data about you (1) may limit our ability to deliver membership benefits and services to you, and (2) does not affect the lawfulness of our processing activities based on your consent before its withdrawal.

How We Use Cookies and Other Technology

To enhance your experience with our websites, many of our pages use “cookies.” Cookies are text files that are placed on your computer to store your preferences or for other record-keeping purposes. Cookies and other user tracking mechanisms (e.g., local shared objects), by themselves, do not tell us your email address or other personally identifiable information unless you choose to provide this information to us by, for example, registering at our websites. However, once you choose to furnish us with personally identifiable information, this information may be linked to the data stored in the cookie or other tracking mechanism. We may use cookies and other user tracking mechanisms, including “persistent cookies”, which will remain on your computer even after you close your browser, to understand website usage and to improve the content and offerings on our websites. For example, we may use cookies to personalize your experience at our website (e.g., to recognize you by name when you return to our website), and to save your password in password-protected areas. We also may use cookies to offer you products, programs, or services. While most browsers are set to accept cookies and other tracking devices by default, you can set yours to refuse tracking devices or to alert you before accepting them. However, by disabling tracking devices, you may not have access to the entire set of features of our websites. Your browser manufacturer has information on changing the default setting for your specific browser. AuditFile also uses standard Internet technology, such as web beacons and similar technologies, to track your use of the websites or to track your response to email messages that we send you in connection with the Services. Web beacons (sometimes called transparent GIFs, clear GIFs, or web bugs) are small strings of code that provide a way for us to deliver a small graphic image (usually invisible) on a web page or in an email. Web beacons can recognize certain types of information on your computer such as cookies, the time and date a page is viewed, and a description of the page where the web beacon is placed. AuditFile may use web beacons to improve your experience with the Services, including to provide you with content customized to your interests and to understand whether users read email messages and click on links contained within those messages so that the websites can deliver relevant content. Our web beacons may collect some contact information (for example, the email address associated with an email message that contains a web beacon). We use analytics software to allow us to better understand the functionality of our mobile applications on your mobile devices. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.

Your Rights

You have the following rights under the GDPR, the UK GDPR, and the Swiss FADP: To exercise the above rights, please contact us at the information we provide below. We will consider and process your request within a reasonable period of time. Please be aware that under certain circumstances, applicable data protection law may limit your exercise of these rights. If your Personal Data is contained in content uploaded by an AuditFile customer (for example, within an audit file), we may refer your request to that customer, as the controller of that data, and will assist them in responding.

Retention of Personal Data

We will retain your Personal Data only as long as necessary to process your requests or other submissions, fulfill the terms of our service contract with you, and comply with applicable law.

Security of Personal Data

Unfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be 100% secure. As a result, while we attempt to protect all Personal Data, we cannot ensure or warrant that Personal Data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network. We will notify you in the event we become aware of a security breach involving your Personal Data (as defined by applicable law) stored by or for us.

How to File a Complaint

You may file a complaint regarding this notice or our privacy practices by contacting us at the information we provide below. You also have the right to lodge a complaint directly with a supervisory authority: if you are in the European Economic Area, with the data protection authority of your country (a list is available at https://edpb.europa.eu); if you are in the United Kingdom, with the Information Commissioner’s Office (https://ico.org.uk); and if you are in Switzerland, with the Federal Data Protection and Information Commissioner (FDPIC).

Data Protection Officer

We have appointed a Data Protection Officer to oversee our data protection compliance efforts. You may reach the Data Protection Officer by email at [email protected], or by mail at:

Office of the Data Protection Officer for AuditFile, Inc.
C/O Goodwin Procter LLP
3 Embarcadero Center, 28th Floor
San Francisco, CA 94111
United States of America

Comments and Questions

If you have a comment, question, or request related to this notice, please reach us at [email protected].

Updates to this Notice

We may periodically revise this notice in our sole and absolute discretion to reflect changes in the law or our business practices. If we revise this notice, we post the updated version on our website. Changes to this notice will become effective and will apply to the information collected starting on the date we post the revised notice.