Evidence records your privacy team can actually review
DPAFlow turns a detected vendor change into a dated, structured record — from source change to review-ready evidence — with the source URL, timestamp, content hash, and the exact section that changed.
Subprocessor list updated
Anatomy of an evidence record
Every record is built from the same defensible parts — so each one points back to its source and its date.
Source URL
The exact page the evidence came from, so a record always points back to its origin.
Capture timestamp
When the capture was taken, in UTC — the answer to “when did this change?”
Content hash
An integrity check over the captured content, so you can confirm it has not been altered.
Changed section
The specific part of the page that changed — isolated, not buried in the whole document.
Reviewer decision
Who reviewed the change and what they decided, recorded on the record itself.
Export packet
Everything bundled into an audit-ready packet you can hand over or keep on file.
The evidence lifecycle, from snapshot to export
A change moves through one repeatable path, and the record carries its history at every step.
Source snapshot
A baseline of the monitored page is captured with its rendered text and source metadata.
Detected change
On the next check the changed section is identified against the previous capture.
Record created
A dated evidence record is created with URL, timestamp, content hash, and change context.
Reviewer decision
Privacy, legal, or vendor risk reviews the change and records approve, reject, or follow-up.
Audit-ready export
Reviewed records roll up into an export packet with the full chain of events.
What gets captured in every record
Enough context to make the change legible and reviewable — never just a bare screenshot.
Page snapshot
A snapshot of the monitored page as it appeared at capture time.
Rendered text
The readable text content, so the change is legible — not just an image.
Source metadata
The source URL and the capture context that ties the record to its origin.
Change summary
A clear before / after of the section that actually changed.
Review state
The current review status and the reviewer’s recorded decision.
Export metadata
The details needed to assemble a complete, audit-ready evidence bundle.
Review the actual change — not a vague alert
A record arrives with the captured before / after, so the reviewer decides on the real wording of the change.
- Assign a change to the right reviewer — privacy, legal, or vendor risk
- Add decision context and notes directly on the record
- Approve, reject, or request follow-up — the decision is recorded
- Keep a clean handoff between teams, tied to the source and date
- Amazon Web Services
- Nuance Communications, Inc.
- Twilio Inc.
- + Microsoft Azure OpenAI Service
- + Databricks, Inc.
- Nuance Communications, Inc.
Audit-ready exports, on demand
When someone asks what changed and when, you export a complete, self-contained evidence bundle.
- An audit-ready packet for the day someone asks what changed
- A complete evidence bundle: source, capture, hash, and change
- Reviewer notes and the decision attached to the record
- A chain of events from first capture to final export
- Source URL & capture timestamp
- Content hash (integrity check)
- Full-page snapshot & rendered text
- Change summary (before / after)
- Reviewer decision & notes
- Chain of events
What evidence does — and does not — claim
DPAFlow is deliberately honest about what dated evidence means for your compliance program.
Not legal advice
DPAFlow helps you document and review changes. It does not provide legal advice or interpret your obligations for you.
Customer-controlled review
Every decision is made and recorded by your team. DPAFlow surfaces the evidence; you stay in control of the outcome.
Evidence supports documentation
Dated records support your own documentation and reviews. They do not, on their own, make you automatically compliant.
Evidence records FAQ
Common questions about how DPAFlow captures and exports evidence.
What is an evidence record?
An evidence record is a dated capture of a detected change to a monitored page. It includes the source URL, a capture timestamp, a content hash, the changed section, and the reviewer’s decision.
What does “audit-ready” mean here?
It means a record can be exported as a self-contained packet — source, capture, hash, change context, reviewer decision, and chain of events — so it stands on its own when an auditor reviews it.
Is the evidence tamper-proof or immutable?
We don’t claim that. Each record carries a content hash as an integrity check so you can detect whether captured content has been altered, and the chain of events is recorded — but it remains your customer-controlled data.
Who can review and decide on a record?
Records can be routed to privacy, legal, or vendor-risk reviewers. The reviewer’s decision and notes are stored on the record itself.
How does evidence relate to monitoring?
Monitoring detects the change; the evidence record is what monitoring produces. See the product page for how sources are monitored.
Turn the next vendor change into reviewable evidence
Capture dated records your team can review and export — instead of screenshots no one can defend.
7-day trial · DPA available before purchase