• Platform
    • The Osano Platform Overview

      Get an overview of the simple, all-in-one data privacy platform

    • header__icon-1
      Cookie Consent

      Manage consent for data privacy laws in 50+ countries

    • user-square
      Subject Rights Management

      Streamline and automate the DSAR workflow

    • assessments primary 200

      Efficiently manage assessment workflows using custom or pre-built templates

    • Unified Consent primary 200
      Unified Consent & Preference Hub

      Streamline consent, utilize non-cookie data, and enhance customer trust

    • data mapping primary 200
      Data Mapping

      Automate and visualize data store discovery and classification

    • shield-tick
      Vendor Privacy Risk Management

      Ensure your customers’ data is in good hands

    • Features & Integrations

      Key Features & Integrations

    • Privacy Templates
    • GDPR Representative
    • Consult Privacy Team
    • Regulatory Guidance
    • Integrations
  • Solutions
    • By Regulation
    • CPRA

      Discover how Osano supports CPRA compliance

    • CCPA

      Learn about the CCPA and how Osano can help

    • GDPR

      Achieve compliance with one of the world’s most comprehensive data privacy laws

    • By Organization Type
    • Icon (10)

      Don’t let data privacy compliance get in the way of growth

    • Icon (11)

      Preserve your competitive edge

    • Icon (12)

      Manage data privacy at scale

    • By Use Case
    • Path
      Consent Management

      Manage consent without the complexity

    • Icon (14)
      DSAR Automation

      Never miss a DSAR deadline again

    • Icon (15)
      Vendor Risk Management

      Regain insight and control over your customers’ data

    • Icon (16)
      Privacy Program Management

      Build and grow an end-to-end privacy program

  • Resources
    • View All Resources
    • book-open-01

      Expert insights on all things privacy

    • Icon (25)
      Resource Center

      Key resources to further your data privacy education

    • globe icon primary 200
      U.S. Data Privacy Laws

      A guide to data privacy in the U.S.

    • Icon (17)

      Research the most essential privacy topics

    • envelope icon primary 200

      Subscribe and become a Privacy Insider

    • Icon (20)
      Our Pledge

      No fines, no penalties

    • Icon (21)
      Product Updates

      What’s the latest with Osano?

    • Icon (22)
      System Status

      What’s the status of account management systems, the platform, and support systems?

  • Company
    • Vector
      About Us

      The Osano story

    • Icon (25)

      Become an Osanian and help us build the future of privacy!

    • Icon (26)

      We’re eager to hear from you

    • 
      Our Pledge

      No fines, no penalties

    • Icon (27)
      Data Licensing

      Add Osano data privacy ratings and recommendations to your application

    • Icon (28)
      Osano Swag Store
    • Icon (29)
      Press & Media

      Inquiries and Osano in the news

    • Icon (30)
      Partners & Resellers

      Interested in partnering with us?

  • Pricing
  • Sign In Book a Demo

Frequently Asked Questions

Security & Performance

Does Osano store visitor data?

Osano stores de-identified data in our Dublin, Ireland data center and does not store identifiable information about your visitors, nor do we transfer personal data outside of the European Economic Area. For users (administrators) of Osano, we store personal data that is necessary for account management and security audits in our Virginia, USA data center.

Is Osano secure?

Osano maintains an always current SOC2 report which is available upon request to customers on any paid plan. Osano infrastructure and systems are tested for vulnerabilities nightly, are routinely penetration tested, and all data is transferred (in transit) and stored (at rest) using modern encryption protocols such as TLS1.3 and AES 256 respectively. Additional information is available from your account executive.

If you are a current or prospective Enterprise customer, Osano can provide a full suite of third-party audits, policies, documentation, code security reports, code coverage reports, and architectural walkthroughs for your security team assessments.

Nations, states, major airlines, the world's largest financial institutions, energy conglomerates, defense contractors, CPG brands, and biotech multinationals have thoroughly vetted Osano security.

We are confident that Osano will exceed your security requirements.

Is Osano reliable?

Osano is built entirely on top of Amazon Web Services. The majority of the Osano application runs inside of AWS CloudFront instances in the region closest to you and your visitors. In addition to leveraging CloudFront for speed of delivery, Osano is fully fault tolerant. If a required AWS service at the data center in Berlin goes down, you and your customers will never know,  because Osano's proprietary failover technology will immediately route requests to Frankfurt.

The result is extreme scalability and high performance. During peak hours, Osano processes upwards of 3.5 Million consents per hour and 10 Million cookie reports per hour. Osano is the most used, highest volume, fastest, and most reliable data privacy platform in the world.

Can Osano employees access my data?

You are always able to invite Osano support to your account to assist with troubleshooting or configuration, but unless you invite us, no Osano employee has the ability to access your account.

Personal data is encrypted using an encryption key which is unique to each customer. Most data is stored using a per customer salt and SHA-512 hashing.

Osano stores the minimum necessary data to provide you with service, and nothing more.

Will the Osano CMP break my site?

No, when you first deploy Osano, it is set automatically to a non-breaking, listener only mode. During that time, it only collects data about the scripts and cookies that load on your website.

Read documentation about Consent Management configuration.

Does Osano collect PII on my users?

Osano does not collect data about your users other than IP addresses, which are stored for 30 days for fraud and abuse detection and then permanently deleted from our log files. In some jurisdictions, IP addresses are considered PII, so we do recommend adding Osano to your GDPR statement as a sub-processor.

What about developers?

Developers can easily add additional capabilities to a website by listening for Osano events. Read the developer documentation for more information.

What languages are supported?

Arabic, Bulgarian, Catalan, Chinese, Czech, Danish, Dutch, English, Farsi/Persian, Finnish, French, German, Greek, Hebrew, Hindi, Hungarian, Indonesian, Italian, Japanese, Korean, Malay, Norwegian, Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Spanish, Swedish, Thai, Turkish, Ukrainian, and Vietnamese

Does Osano set cookies?

To avoid repeatedly requesting consent from a visitor, Osano sets two cookies identifying the categories of consent and their expiration as provided by the end-user. These cookies qualify as "Strictly Necessary" and do not require consent.

GDPR Representative

What happens if I get a data subject request?

When you use the Osano GDPR representative service, if you receive any data subject requests or correspondence from an EU supervisory authority, you will receive an email and upon logging in to Osano, you'll have access to your inbox.

At that point, you can work with our local EU counsel or your own counsel to decide how you would like to respond.

A key component of responding to data subject requests is that they have to be timely, "without delay and within one month” -- the efficiency of Osano helps reduce the time crunch for requests.

Is Osano a data protection officer?

No. Osano acts as a representative to receive notices from data subjects and government bodies on your behalf.

What do I provide a data-subject?

It entirely depends on the request. Generally, you will want to verify the identity of the individual to ensure they are authorized to make the request.

In all cases, you will need to quickly find every single record containing any PII that is associated with that individual. This includes data shared with vendors and data stored in your own databases or files.

If it is a deletion request you need to respond to the subject confirming the deletion. If it is a simple inquiry you will need to provide the list of fields that you have stored about that individual.

Vendor Risk Monitoring

How do you generate a vendor's score?

Each vendor is measured on a 163 item ontology. Osano attorneys review the published policies for a vendor and map those practices to the ontology.

In the application, you can see the summary score, but also the breakdown of how that score was calculated.

Does Osano identify Subprocessors?

Yes, when you navigate to a vendor's detail page, you can explore all of the subprocessors for each of those vendors. If you believe a subprocessor may be an important 4th party for your own data, follow that subprocessor as an "indirect" vendor to be alerted about score changes, lawsuits, and policy changes.

My score is low, how can I improve?

If you are a vendor in our system and you are concerned about your score, we recommend that you schedule a time with the Experts. The Experts can help you understand where your practices may be substandard.

The Experts will not share the ontology with you or provide specifics about your individual score.

Policy Change Detection

How frequently does Osano crawl the policies?

Osano crawls every document once per 24 hours. This means you will always find out about changes quickly after they are made.

Does Osano detect decorative changes?

No, change alerts are only based on the content of the policy itself. Osano converts each policy into a rich text format for comparison with future versions.

How do I view a policy change?

In the application in the "Policy Changes" section, you will find an ordered list of the changes for each of your vendors. Viewing the policy allows you to compare versions visually.

How many policies can I monitor?

Osano automatically monitors the policies for every company you tell us is a vendor of yours. The number of vendors you can follow is determined by the Osano plan your company purchased.

Privacy Law Alerts

What should I do about an alert?

The Osano alerts generally include a summary of who the law applies to, the status of the law (enacted or in consideration), and an explanation of what most Osano customers will want to do in response to the law.

We encourage you to check with your attorney prior to making any decisions.

How do I control which alerts I receive?

In the Osano application, you will be provided with an option to subscribe to regions that you do business in. Those regions can be states, countries, or broad regions such as the EU.  Once Osano knows your preferred regions you will begin receiving updates.

Vendor Lawsuit Alerts

Which courts do you monitor?

Osano monitors all U.S. federal courts and many state courts.

Osano does not monitor any international courts.

How will I know if a vendor has been sued?

In order to subscribe to a vendor's lawsuit notifications, you must have added that company as a direct or indirect vendor of yours. The number of vendors you can follow and receive alerts for is based on your tier of service.

How much detail can I access about a lawsuit?

In the application, you can access a case summary. Additional documents related to the case are available. Depending on the case and the court in which it was filed, some documents will be free to access while others require a one time purchase to access the documents.

Ask the Privacy Experts

Are the experts attorneys?

Many of our experts (but not all) are attorneys. All experts are either attorneys OR Certified Information Privacy Professionals (CIPP). Our experts are not acting as attorneys or providing legal advice when answering questions.

Can the experts improve my score?

The experts can provide you with general guidance on practices that may help improve your score, but the experts can not influence the scores, nor do the experts know how the Osano algorithm weighs the items in the ontology.

Does Osano practice law?

No. Osano does not practice law, does not provide legal advice, and does not provide regulatory guidance. Osano provides information about best practices for privacy programs and implementation. All information provided by Osano is the opinion of the company. You should always consult your own legal counsel for final verification of any decisions.

PII Tracking API

How do I add the API to my portal?

Open a ticket with support to enable API access if you are on a tier that includes API access.

Once API access is enabled for your account you will have access to a screen to generate tokens to submit data.

Does Osano store any sensitive information?

Osano stores in plain text, the fields that you tell us you store about each individual and a one-way encrypted representation of that information. This makes the information searchable but not reversible. What that means is that you can confirm whether you are storing a person's information based on PII (e.g. email, phone, IP address), but you can not reverse engineer the identity of the person from Osano data nor can any individual piece of information be viewed.

Can I search with the Osano API?

Yes, you can search the records of consents and PII storage via API. What you receive back is a yes/no flag on whether that information exists in our ledger for your customer account. You also receive which fields were stored about that individual and which vendors the data has been shared with along with timestamps. You can not retrieve PII in Osano because we do not store the PII, only a hash of the PII.


How do I cancel my subscription?

We hate to see you go, but you can cancel anytime. In the application, follow the easy instructions. If you are on a trial you will retain access until the trial period is over. If you are on a paid plan you will retain access and be billed through the conclusion of your agreement.

Why was my credit card charged?

If you were billed by Osano but do not recognize or did not authorize the charge, please contact us immediately to open up a fraud investigation on your payment method.

Do you offer discounts?

Our commitment to helping organizations improve their privacy practices is part of our charter. If you need Osano services but can not afford them, we're happy to discuss your situation.

Osano also offers discounts to startups who have raised less than $2M in funding, non-profits, and fellow B-corporations.

Contact us for a discount code.