A documentary review of how you collect, process and transfer personal data, scored against six published criteria. Delivered as a PDF you can share with customers, partners, or regulators.
A documentary review against fixed criteria. Not a penetration test. Not a code audit. We assess what you publish, what you tell us, and what is publicly testable from your domain.
Privacy policy completeness, plain-language readability, layered notices, accessibility of the contact for data subject requests.
Legal bases declared per processing activity, consent mechanism quality, ePrivacy compliance, soft-opt-in handling.
Subprocessor list completeness, third-country transfers, transfer impact assessments, Standard Contractual Clauses.
Documented Article 12–22 process, response time, accessibility of the contact, and the actual workflow used internally.
HTTPS configuration, security headers, security.txt, breach notification procedure, declared standards, evidence of pen-tests.
Hosting region, ownership structure, cross-border data flow, exposure to surveillance regimes (FISA 702, CLOUD Act, equivalent).
A multi-page PDF report, delivered to the email on your application. Each criterion is scored 0–10 with a written finding. You also receive a permanent verification record so a third party can confirm the audit is genuine.
Each PDF embeds a unique link to dazr.eu/audit-reports/<id>. That page confirms the audit was issued for your organisation on the audit date. Nothing more. It exists so anyone you share the PDF with can check authenticity.
From application to PDF in your inbox.
Fill in the application form: legal entity, privacy governance, data flows, security baseline, signatory. Upload supporting documents (privacy policy PDF, RoPA, subprocessor list, register extract, etc.). All uploads are encrypted at rest.
Dazr's team reviews the documents against the six criteria, plus public-source verification (DNS, headers, robots, security.txt, etc.). Typical turnaround is 15–25 business days.
If something's missing or unclear, we ask follow-up questions through the applicant portal. You can reply or upload additional documents directly there. Every step also goes to your email.
The final report is emailed to you as a PDF. After delivery we delete everything: the application, the documents, the conversation thread. All gone from our systems. Only the verification record survives.
The audit is about privacy. We hold ourselves to the same standard. Everything you submit is AES-GCM encrypted at rest. Documents go to a private bucket only the Dazr audit team can access. Conversations stay inside the encrypted portal.
When we deliver the final PDF, we delete everything: the application data, every uploaded document, the entire conversation thread. The PDF in your inbox is your record. The only thing that survives is a tiny verification stub on dazr.eu so third parties can confirm the audit is genuine.
We don't host the report. We don't keep your documents. We don't list you in a directory. The audit happens, you get the report, we forget.
Most applications take 30–45 minutes. You can save and come back. We keep your draft locally in your browser.
Start applicationDisclaimer. The Dazr Privacy Audit is a private documentary review carried out by Dazr based on materials supplied by your organisation, plus public-source verification. It does not constitute legal advice, GDPR Article 42 certification, ISO certification, conformity assessment, or any regulatory approval. Findings are Dazr's good-faith editorial opinion as of the audit date. Material misstatements by the applicant void the report and may result in public correction.