How Vendor.Watch Works

Factual vendor transparency data — collected, structured, and scored automatically. No opinions. No AI hallucinations. Just verifiable compliance facts.

735+Vendors
110DPAs Scored
19Clauses
4Pipeline Stages

Platform overview

Two-sided vendor transparency

Vendor.Watch serves two audiences. Businesses build a vendor portfolio and track compliance posture. Vendors claim their profile and self-report via a structured questionnaire.

For Businesses

Build your vendor portfolio, tag data flows with categories and purposes, set criticality levels, and export structured data to DPO Central or AI Sentinel.

For Vendors

Claim your profile via domain verification, complete a structured questionnaire once, and serve every future customer with a verified transparency badge.

Transparency scoring

9 factual data points. No opinions.

Each vendor gets a transparency score based on what they have disclosed — not subjective quality judgments. Points for having a DPA, trust center, certifications, subprocessors, and more.

8/9

Transparency Score

89% complete

1
Description
2
Website
3
Privacy Policy
4
DPA Link
5
Trust Center
6
Certifications
7
Verified Claim
8
Questionnaire
9
Subprocessors

DPA processing

Automated compliance analysis at zero AI cost

Our 4-stage pipeline verifies, discovers, fetches, and analyzes Data Processing Agreements using regex-based clause detection — no LLMs, no API costs, deterministic results.

1Verify Links

Check existing URLs, null broken/soft-404, update redirects

495 URLs checked
2Discover DPAs

Probe 16 well-known URL patterns per vendor domain

16 URL patterns
3Fetch & Validate

Extract HTML, validate with 8 keyword groups, 3+ = valid DPA

8 keyword groups
4Analyze Compliance

19 regex clauses scored: GDPR 50% + CCPA 30% + US State 20%

19 clauses
Runs monthly on the 1st at 3 AM UTCZero AI cost
GDPR8 clauses · 50% weight
Process only on documented instructionsArt. 28(3)(a)
Confidentiality obligationArt. 28(3)(b)
Technical & organizational measuresArt. 28(3)(c)
Sub-processor conditionsArt. 28(3)(d)
Data subject rights assistanceArt. 28(3)(e)
Breach notification & DPIA assistanceArt. 28(3)(f)
Deletion/return of dataArt. 28(3)(g)
Audit rightsArt. 28(3)(h)
CCPA6 clauses · 30% weight
Purpose limitation§1798.140(ag)
No selling/sharing§1798.100(d)
No combining data§1798.140(ag)(1)
Compliance with CCPA§1798.100
Right to notify non-compliance§1798.100(d)(3)
Allow compliance assessment§1798.100(d)(4)
US State5 clauses · 20% weight
Binding instructionsState Processor Laws
Duty of confidentialityState Processor Laws
Delete or return dataState Processor Laws
Sub-contractor requirementsState Processor Laws
Assessment/auditState Processor Laws

Vendor profiles

Everything about a vendor in one place

Each vendor profile aggregates compliance data from multiple sources into a single structured view.

  • Certifications (SOC 2, ISO 27001, HIPAA, PCI DSS)
  • DPA compliance scores across GDPR, CCPA & US state laws
  • Subprocessor chains with processing roles
  • Privacy litigation from US federal courts (Seneca)
  • AI governance: EU AI Act roles & model inventory
  • Data center locations & EU presence
  • Trust center & privacy policy links
  • Security controls & compliance indicators
vendor.watch/vendors/datadog

Datadog

See inside any stack, any app, at any scale, anywhere.

Developer Tools / Observability
Transparency Score6/10

DPA Compliance

Overall
92%
GDPR
100%
CCPA
100%
US State
60%

Certifications

Subprocessors

NamePurposeLocation
Amazon Web Services, Inc.Infrastructure servicesUS, IT, JP
Anthropic, PBCAI servicesUS
Forethought Technologies, Inc.Support ticket routingUS
+ 9 more

Data Locations

US EU UK IT JP DE

Compliance

HIPAA Compliant
EU Data Center
DPA Available
Trust Center

Subprocessor chains

Follow the data chain

Oregon SB 619 requires processors to disclose subprocessors. The EDPB mandates controller awareness of the full chain. We make it visible — from your vendor to their sub-sub-processors.

Your Company
Stripe
AWS
Datadog
Verified Unverified

For businesses

Build your vendor portfolio

Search, tag, classify, and export. Manage your entire vendor ecosystem with structured compliance data.

1Browse Catalog

Search 641+ vendors

2Add to Portfolio

Select and add

3Tag Data Flows

Categories, purposes, criticality

4Export

Push to DPO Central or AI Sentinel

  • Search 735+ enriched vendors by name, category, or certification
  • Tag data flows with 22 categories, processing purposes, and legal bases
  • Set criticality levels and track compliance posture per vendor
  • Export batches of 10 to DPO Central or AI Sentinel
  • 5 free enrichment reviews — incomplete profiles processed within 48 hours

For vendors

Claim once. Serve every customer.

Vendors claim their profile via domain verification and complete a structured questionnaire. One-time effort that serves all future compliance inquiries.

  • Domain Verification

    Sign in with Google OAuth or work email. We match your email domain to the vendor's website domain.

  • 6-Tab Questionnaire

    Data Governance, Security, Certifications, Subprocessors, AI Governance, and Review — structured and fast.

  • Verified Badge

    Claimed vendors get a verified badge and improved transparency score, visible to every business.

  • Free Forever

    Vendor profiles and claims are always free. No hidden costs.

1Find Profile

View public profile

2Claim via Domain Match

Email domain verification

3Complete Questionnaire

6 structured tabs

4Get Verified

Verified badge + transparency score

Ecosystem

Part of the TODO.LAW platform

Vendor.Watch is the data hub. DPO Central handles privacy compliance management. AI Sentinel governs AI risk. Seneca provides litigation intelligence. Data flows between all four.

Vendor.Watch

Vendor data transparency hub

DPO Central

Privacy compliance management

Seneca

Privacy litigation data from US federal courts

AI Sentinel

AI risk governance

Vendor.Watch

Vendor data transparency hub

DPO Central

Privacy compliance management

AI Sentinel

AI risk governance

Seneca

Privacy litigation intelligence

Expert verification

Professionals in the loop

Automated scoring is a starting point. For vendors that want to go further, qualified legal and technical experts review compliance posture and verify claims independently.

Lawyer in the Loop

Certified privacy professionals review vendor compliance posture — DPA clauses, data transfer safeguards, and regulatory alignment.

Privacy Engineer in the Loop

Technical specialists verify security controls, encryption implementation, and data architecture claims against documented evidence.

Public Attestation on Comply.org

Verified vendors receive a public compliance attestation under the Comply.org open standard (v1) — machine-readable, auditable by anyone.

See live attestations at attest.comply.org · Read the specification

Zero-cost automation

Compliance intelligence that runs itself

Our monthly GitHub Actions pipeline verifies DPA links, discovers new DPAs, fetches documents, and analyzes 19 compliance clauses — fully automated, zero AI costs.

4
Pipeline stages
19
Compliance clauses
3
Legal frameworks
$0
AI cost per run

No credit card required · 5 free vendor reviews · Free forever for vendors