FAQs

Frequently Asked Questions

Security & Performance

Does Osano store visitor data?

Osano stores de-identified data in our Dublin, Ireland data center and does not store identifiable information about your visitors, nor do we transfer personal data outside of the European Economic Area. For users (administrators) of Osano, we store personal data that is necessary for account management and security audits in our Virginia, USA data center.

Is Osano secure?

Osano maintains an always current SOC2 report which is available upon request to customers on any paid plan. Osano infrastructure and systems are tested for vulnerabilities nightly, are routinely penetration tested, and all data is transferred (in transit) and stored (at rest) using modern encryption protocols such as TLS1.3 and AES 256 respectively. Additional information is available from your account executive.

If you are a current or prospective Enterprise customer, Osano can provide a full suite of third-party audits, policies, documentation, code security reports, code coverage reports, and architectural walkthroughs for your security team assessments.

Nations, states, major airlines, the world's largest financial institutions, energy conglomerates, defense contractors, CPG brands, and biotech multinationals have thoroughly vetted Osano security.

We are confident that Osano will exceed your security requirements.

Is Osano reliable?

Osano is built entirely on top of Amazon Web Services. The majority of the Osano application runs inside of AWS CloudFront instances in the region closest to you and your visitors. In addition to leveraging CloudFront for speed of delivery, Osano is fully fault tolerant. If a required AWS service at the data center in Berlin goes down, you and your customers will never know,  because Osano's proprietary failover technology will immediately route requests to Frankfurt.

The result is extreme scalability and high performance. During peak hours, Osano processes upwards of 3.5 Million consents per hour and 10 Million cookie reports per hour. Osano is the most used, highest volume, fastest, and most reliable data privacy platform in the world.

Can Osano employees access my data?

You are always able to invite Osano support to your account to assist with troubleshooting or configuration, but unless you invite us, no Osano employee has the ability to access your account.

Personal data is encrypted using an encryption key which is unique to each customer. Most data is stored using a per customer salt and SHA-512 hashing.

Osano stores the minimum necessary data to provide you with service, and nothing more.

GDPR Representative

What happens if I get a data subject request?

When you use the Osano GDPR representative service, if you receive any data subject requests or correspondence from an EU supervisory authority, you will receive an email and upon logging in to Osano, you'll have access to your inbox.

At that point, you can work with our local EU counsel or your own counsel to decide how you would like to respond.

A key component of responding to data subject requests is that they have to be timely, "without delay and within one month” -- the efficiency of Osano helps reduce the time crunch for requests.

Is Osano a data protection officer?

No. Osano acts as a representative to receive notices from data subjects and government bodies on your behalf.

What do I provide a data-subject?

It entirely depends on the request. Generally, you will want to verify the identity of the individual to ensure they are authorized to make the request.

In all cases, you will need to quickly find every single record containing any PII that is associated with that individual. This includes data shared with vendors and data stored in your own databases or files.

If it is a deletion request you need to respond to the subject confirming the deletion. If it is a simple inquiry you will need to provide the list of fields that you have stored about that individual.

Vendor Risk Monitoring

How do you generate a vendor's score?

Each vendor is measured on a 163 item ontology. Osano attorneys review the published policies for a vendor and map those practices to the ontology.

In the application, you can see the summary score, but also the breakdown of how that score was calculated.

Does Osano identify Subprocessors?

Yes, when you navigate to a vendor's detail page, you can explore all of the subprocessors for each of those vendors. If you believe a subprocessor may be an important 4th party for your own data, follow that subprocessor as an "indirect" vendor to be alerted about score changes, lawsuits, and policy changes.

My score is low, how can I improve?

If you are a vendor in our system and you are concerned about your score, we recommend that you schedule a time with the Experts. The Experts can help you understand where your practices may be substandard.

The Experts will not share the ontology with you or provide specifics about your individual score.

Policy Change Detection

How frequently does Osano crawl the policies?

Osano crawls every document once per 24 hours. This means you will always find out about changes quickly after they are made.

Does Osano detect decorative changes?

No, change alerts are only based on the content of the policy itself. Osano converts each policy into a rich text format for comparison with future versions.

How do I view a policy change?

In the application in the "Policy Changes" section, you will find an ordered list of the changes for each of your vendors. Viewing the policy allows you to compare versions visually.

How many policies can I monitor?

Osano automatically monitors the policies for every company you tell us is a vendor of yours. The number of vendors you can follow is determined by the Osano plan your company purchased.

Privacy Law Alerts

What should I do about an alert?

The Osano alerts generally include a summary of who the law applies to, the status of the law (enacted or in consideration), and an explanation of what most Osano customers will want to do in response to the law.

We encourage you to check with your attorney prior to making any decisions.

How do I control which alerts I receive?

In the Osano application, you will be provided with an option to subscribe to regions that you do business in. Those regions can be states, countries, or broad regions such as the EU.  Once Osano knows your preferred regions you will begin receiving updates.

Vendor Lawsuit Alerts

Which courts do you monitor?

Osano monitors all U.S. federal courts and many state courts.

Osano does not monitor any international courts.

Click here for a full list of courts Osano monitors.

How will I know if a vendor has been sued?

In order to subscribe to a vendor's lawsuit notifications, you must have added that company as a direct or indirect vendor of yours. The number of vendors you can follow and receive alerts for is based on your tier of service.

How much detail can I access about a lawsuit?

In the application, you can access a case summary. Additional documents related to the case are available. Depending on the case and the court in which it was filed, some documents will be free to access while others require a one time purchase to access the documents.

Ask the Privacy Experts

Are the experts attorneys?

Many of our experts (but not all) are attorneys. All experts are either attorneys OR Certified Information Privacy Professionals (CIPP). Our experts are not acting as attorneys or providing legal advice when answering questions.

Can the experts improve my score?

The experts can provide you with general guidance on practices that may help improve your score, but the experts can not influence the scores, nor do the experts know how the Osano algorithm weighs the items in the ontology.

Does Osano practice law?

No. Osano does not practice law, does not provide legal advice, and does not provide regulatory guidance. Osano provides information about best practices for privacy programs and implementation. All information provided by Osano is the opinion of the company. You should always consult your own legal counsel for final verification of any decisions.

PII Tracking API

How do I add the API to my portal?

Open a ticket with support to enable API access if you are on a tier that includes API access.

Once API access is enabled for your account you will have access to a screen to generate tokens to submit data.

Does Osano store any sensitive information?

Osano stores in plain text, the fields that you tell us you store about each individual and a one-way encrypted representation of that information. This makes the information searchable but not reversible. What that means is that you can confirm whether you are storing a person's information based on PII (e.g. email, phone, IP address), but you can not reverse engineer the identity of the person from Osano data nor can any individual piece of information be viewed.

Can I search with the Osano API?

Yes, you can search the records of consents and PII storage via API. What you receive back is a yes/no flag on whether that information exists in our ledger for your customer account. You also receive which fields were stored about that individual and which vendors the data has been shared with along with timestamps. You can not retrieve PII in Osano because we do not store the PII, only a hash of the PII.

Billing

How do I cancel my subscription?

We hate to see you go, but you can cancel anytime. In the application, follow the easy instructions. If you are on a trial you will retain access until the trial period is over. If you are on a paid plan you will retain access and be billed through the conclusion of your agreement.

Why was my credit card charged?

If you were billed by Osano but do not recognize or did not authorize the charge, please contact us immediately to open up a fraud investigation on your payment method.

Do you offer discounts?

Our commitment to helping organizations improve their privacy practices is part of our charter. If you need Osano services but can not afford them, we're happy to discuss your situation.

Osano also offers discounts to startups who have raised less than $2M in funding, non-profits, and fellow B-corporations.

Contact us for a discount code.

The managed data privacy platform

Get started with Osano today

Explore Osano

What's New at Osano

Pentland release offers new features on consent management and data subject access requests

As we here at Osano continue to roll out features to help you do data privacy right, we have some exciting new features to announce with our Pentland release.

Our First Layer Category feature allows you to turn off the “cookie categories” function within your first-layer cookie banner. This impacts end users within the European Economic Area and the U.K. Importantly, you still have the option to maintain the cookie categories function for your customers if preferred, but now, an “on/off” toggle button allows you the choice. 

The change is based on Osano customers’ feedback and aims to present a cleaner user experience and may result in higher opt-in rates to cookies.

In addition, the Pentland release provides a new service to help you comply with California residents’ privacy rights under California’s Consumer Privacy Act. The law requires businesses with an offline component or indirect relationship to provide a toll-free phone number for data subject inquiries. Customers using Twilio as a phone host can now integrate Osano’s “DSAR phone line,” which transcribes the call and places it into your company’s data subject access request center. This eliminates the need for call agents to fulfill your data subject phone line obligation under the CCPA.

Learn more about Pentland features

Osano offers privacy consulting

By now, you know that companies that show their customers that they take privacy seriously will earn their trust and loyalty. And we know that compliance with data privacy laws, like the GDPR or the CCPA, can feel like a burden. But what if it were easy and could boost your bottom line? What if you could relax — maybe even sleep at night! —  because your regulatory commitments were being handled.

We're excited to tell you: We can help you feel that way. Osano is now offering privacy consulting in addition to our compliance software. Whether you need an interim privacy officer, a data protection officer or project-specific resources, our privacy consultants are ready to roll their sleeves up for you. 

You can get started today with a free 30-minute consultation by clicking here. 

Find out more

Sweeney release

We have just released a major new upgrade to our platform. This update features role-based access controls for your business. Admins will now be empowered to restrict a user's access and control to specific parts of Osano's platform.

Role-based access controls are only the most visible of numerous enhancements in this update that improve the performance, integrity and security of the Osano platform. The release notes detail the full list of enhancements and bug fixes.

The name of this release is a hat tip to Latanya Sweeney, a Harvard professor and privacy researcher who has done pioneering privacy research for the past two decades. Click to read more about her impressive work.

Read the Release Notes

Westin release

Announcing a shiny new update to Osano's platform! Updates include:

  • Consent Manager preview showing language translations and popup styling by location
  • Consent Manager versioning and rollback
  • iFrame blocking support
  • Consent Manager configuration duplication
  • Two dozen other features, enhancements, and bug fixes

This release is named in honor of Alan Westin, the father of modern data privacy law. We released an article on our blog about how his work has shaped privacy laws and perceptions today.

Read the Release Notes

White paper: The Osano Data Privacy and Data Breach Link

Announcing a groundbreaking report analyzing the relationship between a company’s privacy practices and their likelihood of experiencing a data breach. The Osano Data Privacy and Data Breach Link reveals a predictive relationship between responsible privacy practices and security outcomes.

Download the White Paper