Home
//
Company
//
Legal
//
Third-party Audit Readiness

Third-party Audit Readiness

Last updated: April 15, 2026

Megadeals International AB / Njord

This document outlines Megadeals’ security and privacy practices to support third-party audit and due diligence processes. It summarises our current technical and organisational measures, third-party relationships, and compliance frameworks relevant to clients with data protection requirements.

1. Audit & Inspection Rights

  • Our organisation agrees to submit its data processing environment for audits and inspections upon request from authorised enterprise clients.
  • Audits may be conducted by the client itself or by an independent and impartial third-party auditor selected by the client, provided we do not have a reasonable objection to the selection.

2. Audit Methods

Audits may be conducted through the following methods:

  • Review of cloud infrastructure and security controls
  • Review of documentation and reports, including but not limited to:

   • Security policies and controls
   • Data protection and privacy compliance documentation
   • Internal risk assessments and security measures
   • Any relevant third-party security evaluations or attestations

3. Subprocessors

  • We maintain a list of subprocessors involved in data processing.
  • All subprocessors comply with security and privacy requirements, including SCCs (Standard Contractual Clauses) and DPAs (Data Processing Agreements).

Influ2 Inc.
Purpose: Ad delivery & tracking
Region: USA
Legal Basis: SCCs, DPA

Meta Platforms, Inc.
Purpose: Targeted ads on Facebook/Instagram
Region: USA
Legal Basis: SCCs, DPA

LinkedIn Corp.
Purpose: Targeted ads on LinkedIn
Region: USA
Legal Basis: SCCs, DPA

Google LLC
Purpose: Ads & analytics (Google Ads, Tag Manager)
Region: USA
Legal Basis: SCCs, DPA

Oath Inc. (Yahoo Ad Network)
Purpose: Targeted ads on Yahoo
Region: USA
Legal Basis: SCCs, DPA

NextRoll, Inc.
Purpose: Ad delivery on RollWorks, Adroll
Region: Ireland
Legal Basis: DPA

Dealfront Group GmbH
Purpose: B2B lead gen & sales intelligence
Region: Germany
Legal Basis: DPA

InZynk AB
Purpose: Digital marketing campaign optimisation
Region: Sweden
Legal Basis: DPA

Adform A/S
Purpose: Ad targeting, bidding, analytics
Region: Denmark
Legal Basis: DPA

ZenLeads Inc. (Apollo.io)
Purpose: Sales & marketing intelligence
Region: USA
Legal Basis: SCCs, DPA

Amazon Web Services (AWS)
Purpose: Cloud hosting & infrastructure
Region: Global
Legal Basis: SCCs, DPA

4. Access Controls & Security Measures

Authentication & Authorisation

  • OAuth with JWT and Refresh Tokens
  • Multi-factor authentication (MFA) for administrators
  • Role-Based Access Control (RBAC) to restrict access

Data Encryption

  • All data is encrypted in transit using TLS 1.3 and at rest using SHA-256.

Logging & Monitoring

  • Access logs are securely stored and reviewed regularly
  • Audit trails tracked for user and admin actions
  • Anomaly detection and monitoring via security tools

Incident Response Plan

  • Established protocols for handling security incidents
  • Regular security assessments and penetration testing

5. Compliance & Reporting

  • We adhere to industry best practices and security frameworks to ensure data protection and privacy compliance.
  • While we do not currently hold ISO 27001 or SOC 2 certifications, we follow their principles and implement equivalent security measures.
  • Security and privacy documentation is available for audit purposes.
  • Backup and disaster recovery policies are in place to ensure business continuity.

6. Commitment to Audit Readiness

We are committed to maintaining transparency and compliance with audit requirements. To facilitate a smooth audit process, we will:

  • Provide up-to-date security and compliance documentation upon request.
  • Cooperate with enterprise clients or their selected auditors to schedule and conduct necessary inspections.
  • Supply relevant reports and attestations to demonstrate compliance with applicable standards and regulations.

Contact Information

Email: david@megadeals.com / david@njord.io

Phone: +46 73 359 56 55

Company: Megadeals International AB (trading as Njord), reg. no 559220-2120

Address: Mäster Samuelsgatan 42, 111 57 Stockholm, Sweden

Address:
Mäster Samuelsgatan 42
111 57 Stockholm
Contact:
+46 73-359 56 55
hello@njord.io
Complex deals made simple
Legal NoticeTerms and ConditionsData Processing AgreementPrivacy PolicyLegitimate Interest AssessmentThird-party Audit Readiness Pack
© 2026 Megadeals International AB. All rights reserved.