Skip to main content

Legal and vendor policy watch

Turn silent policy edits into a reviewable evidence trail

Watch the public terms your business depends on and route meaningful clause changes to the people who own the risk. OnChange keeps the timestamp, section-level before and after, page context, and a link the reviewer can actually share.

Terms of servicePrivacy policiesDPA pagesVendor evidence

Policy change detected

Data-processing terms updated

vendor.example/legal/dpa · 09:18 UTC

Legal review requested

Section 4.2 · subprocessors

High
30 days' prior noticeNotice before appointment

The explicit 30-day notice period was removed from the monitored section.

Section 7 · data region

High
EU and United KingdomEU, UK, and United States

A new processing region now appears in the current policy text.

Effective date

Review
August 1, 2026

The page added an effective date 17 days from detection.

Evidence
Text + visual
History
Timestamped
Shared
Review link

Review risk

Policy risk starts with a change nobody routed

A public page is often the only place a vendor announces a material terms update. The monitoring job is not to make the legal decision—it is to make sure the right reviewer receives the right evidence in time.

Vendor terms move independently

Subprocessor lists, DPAs, SLAs, and acceptable-use policies can change outside your contract repository or renewal calendar.

The reviewer needs clause context

A notification that says 'page changed' creates more work. A section diff shows the language that was removed and added.

Evidence scatters quickly

Screenshots, copied paragraphs, and email threads are hard to reconcile later. One timestamped change record keeps the review anchored.

Sources and obligations

Build a watchlist around the obligations you own

Monitor your own published policies, critical vendor terms, and public regulatory sources in separate groups, then route each group to the appropriate owner.

Terms and acceptable use

Track liability, usage, renewal, suspension, and notice clauses on platforms your operations depend on.

Privacy and data processing

Watch privacy policies, DPAs, security addenda, retention language, and data-location disclosures.

Subprocessor lists

Detect additions, removals, and location changes on vendor lists that may trigger a privacy or procurement review.

Regulator and standards pages

Follow guidance, enforcement notices, consultation pages, and published requirements relevant to your operating markets.

Focused clause regions

Use CSS or XPath selectors to isolate the policy body and exclude navigation, banners, or unrelated page furniture.

Owner-specific routing

Send privacy, commercial, and security policy changes to different destinations using alert channels and rules.

Legal review procedure

A defensible operational review loop

The output is a concise review packet: the source, timestamp, exact text change, and a stable place to record the team's decision.

  1. 01

    Create the policy watchlist

    Group public pages by owner, vendor, jurisdiction, or obligation so routing and review cadence stay clear.

  2. 02

    Narrow each monitor to relevant content

    Target the policy body or clause and establish the known-good first snapshot as the comparison baseline.

  3. 03

    Route a meaningful section diff

    When monitored language changes, send the before-and-after section, summary, and source URL to the responsible reviewer.

  4. 04

    Share, decide, and preserve the record

    Create a restricted public evidence link when an outside counsel, client, or stakeholder needs to review the detected change.

What legal and compliance teams gain

  • Earlier notice of vendor policy changes
  • Clause-level evidence instead of generic page alerts
  • A consistent timestamped review starting point
  • Fewer manual revisits to unchanged policy pages
  • Clearer routing across privacy, security, and legal
  • Revocable evidence links for external reviewers

Policy monitoring FAQ

Questions legal and compliance reviewers ask

What legal and policy pages can OnChange monitor?
Teams commonly watch terms of service, privacy policies, data processing agreements, subprocessor lists, SLAs, acceptable-use policies, and public regulator or standards pages. Any publicly reachable page can be monitored, with selectors available to focus on the relevant clauses.
Does OnChange provide a legal-grade immutable archive?
OnChange provides timestamped operational change history, before-and-after diffs, snapshots, and revocable public evidence links. It is not a WORM archive or a substitute for retention controls required by your counsel or regulator.
Can I share a policy change with someone who has no account?
Yes. A reviewer can create a public share link for an individual change. The link presents a restricted evidence view and can be revoked or rotated from OnChange.
Can alerts focus on specific clauses instead of the whole page?
Yes. CSS or XPath targeting can isolate a policy body or clause, and natural-language alert rules can describe the kinds of changes that should be routed for review.

Extend the policy evidence workflow

Stop checking critical policy pages by hand

Start with the vendors and public policies that create the most review risk. Capture the next material edit with its source, timestamp, and exact changed language.

Start with 5 free monitors