Osano Review

Osano is a data privacy platform that protects companies that hold private data against the consequences of failing to protect private data. We examine what private data is, why protecting it matters, and how Osano does the job.

What is Osano?

Arlo Gilbert and Scott Hertel founded Osano in 2018. Both founders still run the company, with Gilbert serving as CEO and Hertel as Chief Technology Officer. 

This platform tries to please two distinct markets. The first of these is a typical website that just needs to cover all of the legal requirements of operating internationally; the second strand of the business is a corporate data management service.

While there is a definite commonality of functions between these two types of services, Osano is walking a bit of a tightrope in its marketing strategy. The enterprise data privacy market is dominated by OneTrust and TrustArc, which both have very comprehensive menus of services and large marketing budgets. In its website services, Osano has to compete with many fee tools  – Osano offers a free plan in this division of services. 

So, Osano needs to commit a lot of money to grab attention in the corporate data management market and probably makes a loss in its website services division. We will look at Osano’s rivals later in this review.

What does Data Privacy mean?

Despite its common usage, “data privacy” is a broad term with usage that varies among providers. Things get even more complex given the broad landscape of existing data classifications. Not all data is created equal, and not all data points need to be protected in the same way:  

• Private information: The essence of data privacy is protecting personally identifiable information (PII). However, not all information, like a common name or job title, qualifies as PII due to its inability to uniquely identify an individual without additional context.
• Business data: While business contact information doesn't legally require protection, keeping certain trade secrets confidential may be necessary to protect a company’s competitive advantage.
• Privacy anomalies: To circumvent data privacy laws, some services use non-PII identifiers, such as digital IDs or device fingerprints, allowing for personal tracking without direct personal information. These techniques let marketers to track individuals without using PII.

Osano gives businesses tools to navigate these considerations and ensure data privacy is handled correctly. For example, tools for data classification (whether user data is considered PII, business data, or falls under a privacy anomaly) ensure that every data set receives the protection it needs to adhere to regulatory requirements.

Osano review methodology

Osano straddles two markets and so this review is going to split its discussion of the company to look at those two halves:

• Website legal coverage
• Enterprise data privacy management

Osano avoids having data privacy management pulled into its Website legal coverage product. To create two different products, the self-managed cookie consent functions only deal with notifications and not the management of responses. We will highlight these measures and discuss unavoidable cross-over points between the two Osano product categories. 

We will also examine Osano's main competitors in both of its operating fields and identify companies that offer the same strategy of providing both types of services.

Osano Cookie Consent Management

The key element in the website protection services offered by Osano is categorized as cookie consent management. Cookies rarely actually include personal data. As discussed above, digital marketers have removed PII from their cookies to evade privacy data management issues. However, there are legal issues surrounding cookies because they are stored on someone else’s computer. 

A site that uses cookies could declare that the storage of cookies on a visitor's computer is an essential and unavoidable part of the service. Therefore, a visitor has to be prepared to accept those cookies in order to access the site. In fact, that is exactly the minimum requirement of cookie consent. 

It is legally acceptable that there are some cookies that are necessary for the normal workings of a website. However, websites need to tell visitors about them. 

This image illustrates one of the Osano cookie consent options. This provides the minimum legal requirement: visitors are informed that continuing on the site implies that they consent to the use of cookies. 

Osano also provides the text for a Cookie Policy page and the Learn More link in the cookie notification popup leads to that text. Here is another notification option:

This popup is provided for compliance with GDPR.

Multiple privacy standards

Part of the difficulty of operating a website in the current era is that there are different legal requirements in force in different countries. Adapting a cookie consent notification gets complicated. Osano provides notification forms for the requirements of 50 countries. These are delivered in 45 languages.

In truth, Osano delivers this international service by boiling down its notification to the bare minimum requirement. Here is the consent notification provided for compliance with US privacy standards, including California’s CCPA/CPRA and Virginia’s VCDPA:

The Cookie Consent doesn’t provide cookie filtering processes. So, you have to set those up yourself if you only take out the Cookie Consent plan and not the related Data Privacy options. 

Osano Self-Service Cookie Consent plans

Osano offers two levels of the Cookie Consent service:

• Free – for websites with less than 5,000 visitors
• Plus – for websites with up to 30,000 visitors

These packages don’t include mechanisms to block cookies that the user doesn’t consent to. The USA banner simply informs users of the presence of cookies and considers continued use of the site as explicit consent. 

Osano's Data Privacy Management platform

The Data Privacy Management platform provides a more detailed service than the Self-Service Cookie Consent plans. The six units on the Data Privacy Management platform are:  

• Cookie Consent – This is the same unit that is offered on the Self-Service Cookie Consent plans.
• Universal Consent – Collect and store consent for different elements across a domain, including email systems. This service stores each user’s responses. 
• Subject Rights Management – The response storage of the Universal Consent unit necessitates this mechanism that enables visitors to request a copy of the data held and correct it.
• Data Mapping – Automatically discovers instances of PII and records their locations
• Assessments – A compliance auditing feature.
• Vendor Privacy Risk Management – A questionnaire format data gathering system that records the events experienced by vendors and scores their responses, maintaining a database of third-party risk.

The Subject Rights Management module revolves around what is known as a “data subject access request” (DSAR). 

The plans of the Data Management Platform transition from the Cookie Consent service through to a data privacy management package. All of the plans on this side of the Osano product menu include a number of extra features. These include:

• The No Fines, No Penalties pledge
• Reporting and analytics
• Automated regulatory updates
• TrustHub Privacy Documents Center
• Regulatory guidance library
• Privacy and legal templates
• Vendor profiles
• Uptime Service level agreement pledge
• UK and GDPR representative

While the Self-Service Cookie Consent plans specify a limit to the number of users that can access the Osano dashboard all of the Data Privacy Management services have no limit on the number of system users. Accounts set up on the console can be linked to a single sign-on network for convenience. 

The UK and GDPR representative offered by all plans is one of the few extra features that the subscribers to the Plus plan of the Cookie Consent system get that isn’t in the Fee edition of that service.   

The TrustHub Privacy Document Center is a project library and general system design library. For example, as well as storing your data discoveries and vendor assessments in the folder, you can save branding images, Style Sheets, and other website elements for new additions to a site.

The No Fines, No Penalties Pledge is a guarantee that if a subscriber of the platform gets a data privacy violation fine, the company will pay compensation up to $200,000.

The modules listed above are packaged in plans that allow three levels of service and address different requirements and different budgets.

Osano’s Data Privacy Management Platform plans

The units in the Data Privacy Management Platform build up the modules offered by up in three levels. These, with their allocated modules are:

• Privacy Trust & Assurance

• Cookie Consent

• Privacy Essentials

• Cookie Consent
• Universal Consent
• Subject Rights Management
• Data Mapping

• Privacy Operations & Governance

• Cookie Consent
• Universal Consent
• Subject Rights Management
• Data Mapping
• Assessments
• Vendor Privacy Risk Management

As it only includes the Cookie Consent module, the Privacy Trust & Assurance plan is the same as the Free and Plus editions of the Self-Service Cookie Consent side of the Osano platform. Additionally, this unit gets those added extras that we listed in the previous section.

The Cookie Consent unit only provides a notification display and a Cookie Policy page. So, if you only take that unit, you need to be able to store consent, identify responses and store them, and block types of cookies accordingly. Without those self-constructed features, you are essentially just operating a system that is notified by the following banner that Osano shows on its website:

Clearly, this is intended as a joke, but users of the Privacy Trust & Assurance option could quite easily implement such a strategy. A website owner who doesn’t have the skills to implement a cookie filter might have to.  

The units collected in the Privacy Essentials provide a more suitable package for a website owner who doesn’t intend to redevelop the site. These modules take care of all of the consequences of seeking and collecting consent for cookies. That includes the responsibility of storing responses securely and allowing the people by whom the consent was given to get a copy of the record held about them.   

The extra modules in the Privacy Operations & Governance plan are a privacy auditing unit and a vendor risk assessor. 

Osano UX & Onboarding

While some users report difficulty in working through the Orano console’s menu to find the right feature, overall, the dashboard looks pretty good. Screens mix visual elements such as charts and graphs in with text to make displays attractive and easy to read. 

Getting the system to run its consent popup service on a website requires the user to insert some lines of code. Although this requires a little programming skill, most users report that this step did not cause a problem. It seems that the user community for the Free edition realizes that their chosen version is going to take a little work and those who pay don’t mind having to do a little work despite the relatively high price of the top editions. 

Osano customer reviews

Osano users have registered 102 reviews on the G2 website. All of these are three- to five-star reviews, and the Osano marketing manager has replied to almost all of them. 

The Customer Support team consistently receives appreciation from users, particularly for their assistance during onboarding. The ease of use of the system also frequently draws appreciation. This review is typical of the comments of current Osana users:

However, note that this subscriber paid for one of the expensive higher plans that includes cookie scanning and shrugs that it doesn’t always work. So, despite paying out a lot, the buyer’s team still has to comb through Web page code looking for the sections that generate cookies. Note that if cookies are tagged, the filtering service of the higher plans won’t notice them and will let them through no matter what the site visitor specified.

Here’s another paying subscriber who winces that the package is expensive. However, the reviewer gives full marks for the excellent support team.

One more user appreciates the support team. The manager of a mid-market company found the console difficult to work with and so had to rely on the Customer Support technicians to get things done. 

Overall, the Customer Support team seems to be earning their wages and winning loyalty for all of the platform’s subscribers. 

Pricing

Only the Self-Service Cookie Consent plans have prices. These are:

• Free – $0
• Plus – $199 per month

Keep in mind that you will also have the cost of implementing data discovery, protection, storage, and DSAR management to take into account.

These plans don’t benefit from the No Fines, No Penalties pledge. Osano used to offer a third level of the Self-Service Cookie Consent system at a price of $599 per month. This has now disappeared and could well be reborn as the Privacy Trust & Assurance plan. 

Alternatives to Osano

Osano isn’t the only cookie consent system available to website owners and there are other data privacy platforms as well. For those looking for another tool to compare against the cookie management system of Osano, here are five to consider:

1. Ketch – This platform is almost identical to the Self-Service Cookie Consent packages of Osano. This service offers a Free edition, which actually collects and stores responses. A higher plan costs $199 per month and adds on cookie discovery, cookie blocking, and DSAR management. The highest plan includes an SDK to integrate cookie management into Web development. 
   
   
2. Enzuzo – This platform competes with Osano by covering both cookie consent and full data privacy management packages, only for a much lower price. Its six plans include Free, which provides a cookie banner and also blocks deselected cookie types; Starter for $9 per month, which adds on cookie scanning; and the top plan, Enterprise, which adds on vendor risk management, compliance management, and data governance.
   
   👉 Sign up for a free account (no credit card required)
   
   
3. Cookiebot – A cookie consent platform that includes a banner and a policy page plus a cookie scanner. Get instructions on how to update the code of your Web page to get cookie filtering. Available for free or in three paid editions priced from $13 to $5 per month.  
   
   
4. Usercentrics – The pricier sister of Cookiebot, the lowest plan of this platform provides cookie consent management for low volume websites for $50 per month, while the charge for higher volume sites rising to $999 per month.
   
   
5. CookieYes – Get a free cookie banner, scanner, and blocker or pay to cover a larger website with prices up to $40 per month.

All of these options provide a Free edition and in the case of the full versions, the main difference is the price. 

👉 Read our detailed breakdown of the best Osano alternatives and competitors.

Osano strengths and weaknesses 

The Osano system tries to catch both ends of the data privacy market. Although the platform provides a Free edition, the user is expected to implement cookie searches and cookie blocking. That free plan doesn’t provide a method to manage user preference across website elements or over time properly. 

Here are the main strengths and weaknesses of the Osano platform:

Pros of Osano:

• Free trial for the Self-Service Cookie Consent Plus edition
• Compliance with GDPR and CCPA/CPRA
• Cookie notifications that are adaptable for 50 countries
• Banners are available in 45 languages
• A choice of cookie consent for layouts
• DSAR handling in the higher editions
• A $200,000 guarantee of protection against fines for data mishandling (on the enterprise plans)

Cons of Osano:

• No free trial for the Data Privacy Management plans                            
• No cookie scanning on the Self-Service Cookie Consent plans
• No cookie filters in the Self-Service Cookie Consent plans
• No DSAR management in the Self-Service Cookie Consent plans
• No uptime guarantee in the Self-Service Cookie Consent plans