Draft for internal review only — not legal advice. This document is a working draft based on the EquestrianIQ Pre-Launch Policy Pack (v0.1) and must be reviewed by qualified counsel before launch.
Purpose
This register tracks external providers that store, process, analyse, transmit or access EquestrianIQ user data.
| Provider | Purpose | Data processed | Location | Security notes | Contract / DPA | Review date |
|---|---|---|---|---|---|---|
[Provider name] | Hosting / storage | [Categories] | [Country] | [SOC 2 / ISO] | [Yes/No/Pending] | [Date] |
[Provider name] | AI processing | [Categories] | [Country] | [SOC 2 / ISO] | [Yes/No/Pending] | [Date] |
[Provider name] | Payments | [Categories] | [Country] | [SOC 2 / ISO] | [Yes/No/Pending] | [Date] |
[Provider name] | Email / transactional | [Categories] | [Country] | [SOC 2 / ISO] | [Yes/No/Pending] | [Date] |
Processor onboarding checklist
- Confirm what data the provider receives.
- Confirm whether documents, videos or sensitive records are processed.
- Review security certifications, encryption, access controls and breach notification obligations.
- Review overseas storage or cross-border transfer implications.
- Confirm whether the provider uses data for model training, analytics or advertising.
- Record subprocessors and contract terms.