Skip to content
DPAFlow
01 /Evidence records

Evidence records your privacy team can actually review

DPAFlow turns a detected vendor change into a dated, structured record — from source change to review-ready evidence — with the source URL, timestamp, content hash, and the exact section that changed.

source-urltimestampcontent-hashbefore / after
Evidence recordChange detected

Subprocessor list updated

Source URL
trust.microsoft.com/subprocessors
Captured
May 12, 2025 · 14:23 UTC
Content hash
a7e4…c3b9
Reviewer
Routed · pending
Nuance Communications, Inc.
+Microsoft Azure OpenAI Service (East US 2)
ID EV-2F8D-D5B7Export packet
02 /Anatomy

Anatomy of an evidence record

Every record is built from the same defensible parts — so each one points back to its source and its date.

Source URL

The exact page the evidence came from, so a record always points back to its origin.

Capture timestamp

When the capture was taken, in UTC — the answer to “when did this change?”

Content hash

An integrity check over the captured content, so you can confirm it has not been altered.

Changed section

The specific part of the page that changed — isolated, not buried in the whole document.

Reviewer decision

Who reviewed the change and what they decided, recorded on the record itself.

Export packet

Everything bundled into an audit-ready packet you can hand over or keep on file.

03 /Lifecycle

The evidence lifecycle, from snapshot to export

A change moves through one repeatable path, and the record carries its history at every step.

Step 1

Source snapshot

A baseline of the monitored page is captured with its rendered text and source metadata.

Step 2

Detected change

On the next check the changed section is identified against the previous capture.

Step 3

Record created

A dated evidence record is created with URL, timestamp, content hash, and change context.

Step 4

Reviewer decision

Privacy, legal, or vendor risk reviews the change and records approve, reject, or follow-up.

Step 5

Audit-ready export

Reviewed records roll up into an export packet with the full chain of events.

04 /Captured

What gets captured in every record

Enough context to make the change legible and reviewable — never just a bare screenshot.

Page snapshot

A snapshot of the monitored page as it appeared at capture time.

Rendered text

The readable text content, so the change is legible — not just an image.

Source metadata

The source URL and the capture context that ties the record to its origin.

Change summary

A clear before / after of the section that actually changed.

Review state

The current review status and the reviewer’s recorded decision.

Export metadata

The details needed to assemble a complete, audit-ready evidence bundle.

05 /Review

Review the actual change — not a vague alert

A record arrives with the captured before / after, so the reviewer decides on the real wording of the change.

  • Assign a change to the right reviewer — privacy, legal, or vendor risk
  • Add decision context and notes directly on the record
  • Approve, reject, or request follow-up — the decision is recorded
  • Keep a clean handoff between teams, tied to the source and date
Changed sectionMay 5 → May 12
Before · May 5
  • Amazon Web Services
  • Nuance Communications, Inc.
  • Twilio Inc.
After · May 12
  • + Microsoft Azure OpenAI Service
  • + Databricks, Inc.
  • Nuance Communications, Inc.
06 /Audit & export

Audit-ready exports, on demand

When someone asks what changed and when, you export a complete, self-contained evidence bundle.

  • An audit-ready packet for the day someone asks what changed
  • A complete evidence bundle: source, capture, hash, and change
  • Reviewer notes and the decision attached to the record
  • A chain of events from first capture to final export
See plans & exports
Audit-ready exportPDF · JSON
  • Source URL & capture timestamp
  • Content hash (integrity check)
  • Full-page snapshot & rendered text
  • Change summary (before / after)
  • Reviewer decision & notes
  • Chain of events
Generate evidence bundle
07 /Honest by design

What evidence does — and does not — claim

DPAFlow is deliberately honest about what dated evidence means for your compliance program.

Not legal advice

DPAFlow helps you document and review changes. It does not provide legal advice or interpret your obligations for you.

Customer-controlled review

Every decision is made and recorded by your team. DPAFlow surfaces the evidence; you stay in control of the outcome.

Evidence supports documentation

Dated records support your own documentation and reviews. They do not, on their own, make you automatically compliant.

08 /FAQ

Evidence records FAQ

Common questions about how DPAFlow captures and exports evidence.

What is an evidence record?

An evidence record is a dated capture of a detected change to a monitored page. It includes the source URL, a capture timestamp, a content hash, the changed section, and the reviewer’s decision.

What does “audit-ready” mean here?

It means a record can be exported as a self-contained packet — source, capture, hash, change context, reviewer decision, and chain of events — so it stands on its own when an auditor reviews it.

Is the evidence tamper-proof or immutable?

We don’t claim that. Each record carries a content hash as an integrity check so you can detect whether captured content has been altered, and the chain of events is recorded — but it remains your customer-controlled data.

Who can review and decide on a record?

Records can be routed to privacy, legal, or vendor-risk reviewers. The reviewer’s decision and notes are stored on the record itself.

How does evidence relate to monitoring?

Monitoring detects the change; the evidence record is what monitoring produces. See the product page for how sources are monitored.

Turn the next vendor change into reviewable evidence

Capture dated records your team can review and export — instead of screenshots no one can defend.

7-day trial · DPA available before purchase