Frequently Asked Questions

GDPR Representative

What happens if I get a data subject request?

When you use the Osano GDPR representative service, if you receive any data subject requests or correspondence from an EU supervisory authority, you will receive an email and upon logging in to Osano, you'll have access to your inbox.

At that point, you can work with our local EU counsel or your own counsel to decide how you would like to respond.

A key component of responding to data subject requests is that they have to be timely, "without delay and within one month” -- the efficiency of Osano helps reduce the time crunch for requests.

Is Osano a data protection officer?

No. Osano acts as a representative to receive notices from data subjects and government bodies on your behalf.

What do I provide a data-subject?

It entirely depends on the request. Generally, you will want to verify the identity of the individual to ensure they are authorized to make the request.

In all cases, you will need to quickly find every single record containing any PII that is associated with that individual. This includes data shared with vendors and data stored in your own databases or files.

If it is a deletion request you need to respond to the subject confirming the deletion. If it is a simple inquiry you will need to provide the list of fields that you have stored about that individual.

Vendor Risk Monitoring

How do you generate a vendor's score?

Each vendor is measured on a 163 item ontology. Osano attorneys review the published policies for a vendor and map those practices to the ontology.

In the application, you can see the summary score, but also the breakdown of how that score was calculated.

Does Osano identify Subprocessors?

Yes, when you navigate to a vendor's detail page, you can explore all of the subprocessors for each of those vendors. If you believe a subprocessor may be an important 4th party for your own data, follow that subprocessor as an "indirect" vendor to be alerted about score changes, lawsuits, and policy changes.

My score is low, how can I improve?

If you are a vendor in our system and you are concerned about your score, we recommend that you schedule a time with the Experts. The Experts can help you understand where your practices may be substandard.

The Experts will not share the ontology with you or provide specifics about your individual score.

Policy Change Detection

How frequently does Osano crawl the policies?

Osano crawls every document once per 24 hours. This means you will always find out about changes quickly after they are made.

Does Osano detect decorative changes?

No, change alerts are only based on the content of the policy itself. Osano converts each policy into a rich text format for comparison with future versions.

How do I view a policy change?

In the application in the "Policy Changes" section, you will find an ordered list of the changes for each of your vendors. Viewing the policy allows you to compare versions visually.

How many policies can I monitor?

Osano automatically monitors the policies for every company you tell us is a vendor of yours. The number of vendors you can follow is determined by the Osano plan your company purchased.

Privacy Law Alerts

What should I do about an alert?

The Osano alerts generally include a summary of who the law applies to, the status of the law (enacted or in consideration), and an explanation of what most Osano customers will want to do in response to the law.

We encourage you to check with your attorney prior to making any decisions.

How do I control which alerts I receive?

In the Osano application, you will be provided with an option to subscribe to regions that you do business in. Those regions can be states, countries, or broad regions such as the EU.  Once Osano knows your preferred regions you will begin receiving updates.

Vendor Lawsuit Alerts

Which courts do you monitor?

Osano monitors all U.S. federal courts and many state courts.

Osano does not monitor any international courts.

Click here for a full list of courts Osano monitors.

How will I know if a vendor has been sued?

In order to subscribe to a vendor's lawsuit notifications, you must have added that company as a direct or indirect vendor of yours. The number of vendors you can follow and receive alerts for is based on your tier of service.

How much detail can I access about a lawsuit?

In the application, you can access a case summary. Additional documents related to the case are available. Depending on the case and the court in which it was filed, some documents will be free to access while others require a one time purchase to access the documents.

Ask the Privacy Experts

Are the experts attorneys?

Many of our experts (but not all) are attorneys. All experts are either attorneys OR Certified Information Privacy Professionals (CIPP). Our experts are not acting as attorneys or providing legal advice when answering questions.

Can the experts improve my score?

The experts can provide you with general guidance on practices that may help improve your score, but the experts can not influence the scores, nor do the experts know how the Osano algorithm weighs the items in the ontology.

Does Osano practice law?

No. Osano does not practice law, does not provide legal advice, and does not provide regulatory guidance. Osano provides information about best practices for privacy programs and implementation. All information provided by Osano is the opinion of the company. You should always consult your own legal counsel for final verification of any decisions.

PII Tracking API

How do I add the API to my portal?

Open a ticket with support to enable API access if you are on a tier that includes API access.

Once API access is enabled for your account you will have access to a screen to generate tokens to submit data.

Does Osano store any sensitive information?

Osano stores in plain text, the fields that you tell us you store about each individual and a one-way encrypted representation of that information. This makes the information searchable but not reversible. What that means is that you can confirm whether you are storing a person's information based on PII (e.g. email, phone, IP address), but you can not reverse engineer the identity of the person from Osano data nor can any individual piece of information be viewed.

Can I search with the Osano API?

Yes, you can search the records of consents and PII storage via API. What you receive back is a yes/no flag on whether that information exists in our ledger for your customer account. You also receive which fields were stored about that individual and which vendors the data has been shared with along with timestamps. You can not retrieve PII in Osano because we do not store the PII, only a hash of the PII.


How do I cancel my subscription?

We hate to see you go, but you can cancel anytime. In the application, follow the easy instructions. If you are on a trial you will retain access until the trial period is over. If you are on a paid plan you will retain access and be billed through the conclusion of your agreement.

Why was my credit card charged?

If you were billed by Osano but do not recognize or did not authorize the charge, please contact us immediately to open up a fraud investigation on your payment method.

Do you offer discounts?

Our commitment to helping organizations improve their privacy practices is part of our charter. If you need Osano services but can not afford them, we're happy to discuss your situation.

Osano also offers discounts to startups who have raised less than $2M in funding, non-profits, and fellow B-corporations.

Contact us for a discount code.

The managed data privacy platform

Get started with Osano today

Explore Osano

What's New at Osano

Sweeney release

We have just released a major new upgrade to our platform. This update features role-based access controls for your business. Admins will now be empowered to restrict a user's access and control to specific parts of Osano's platform.

Role-based access controls are only the most visible of numerous enhancements in this update that improve the performance, integrity and security of the Osano platform. The release notes detail the full list of enhancements and bug fixes.

The name of this release is a hat tip to Latanya Sweeney, a Harvard professor and privacy researcher who has done pioneering privacy research for the past two decades. Click to read more about her impressive work.

Read the Release Notes

Westin release

Announcing a shiny new update to Osano's platform! Updates include:

  • Consent Manager preview showing language translations and popup styling by location
  • Consent Manager versioning and rollback
  • iFrame blocking support
  • Consent Manager configuration duplication
  • Two dozen other features, enhancements, and bug fixes

This release is named in honor of Alan Westin, the father of modern data privacy law. We released an article on our blog about how his work has shaped privacy laws and perceptions today.

Read the Release Notes

White paper: The Osano Data Privacy and Data Breach Link

Announcing a groundbreaking report analyzing the relationship between a company’s privacy practices and their likelihood of experiencing a data breach. The Osano Data Privacy and Data Breach Link reveals a predictive relationship between responsible privacy practices and security outcomes.

Download the White Paper

11,000 vendors and counting!

Osano's proprietary dataset of vendor privacy risk just broke 11,000! We couldn't be more proud! 🎉

Brandeis release

Announcing a massive update to Osano's platform! We completely re-built the consent manager from the ground up. Updates include:
  • Automated script and cookie classifications
  • We've added multi-factor authentication to help further safeguard your Osano account
  • More than a dozen other features, enhancements, and bug fixes

This release is named after Louis Brandeis, one of the original pioneers of data privacy rights. We released an article on our blog about his fascinating life and how it impacted the data privacy world.

Read the Release Notes