Features

Everything Thorgate does, in one place.

Built for one job — monitoring vendor privacy posture for compliance evidence — and pointedly not built for anything else. Here's everything.

Monitoring

Daily document tracking.

Daily fetches across the documents that matter for compliance evidence.

Daily document fetch.
Every tracked document is checked once per day. Manual on-demand crawls available with a 60-minute cooldown.
Five document types per vendor.
Privacy policy, terms of service, data processing agreement, subprocessor list, security / trust page.
Auto-detection of document URLs.
Paste a primary URL; Thorgate scans the homepage and privacy policy for the other documents. Auto-detects most documents on well-organized sites.
Direct + Jina Reader fallback.
Direct HTTPS fetch by default; falls back to Jina Reader (browser engine) for Cloudflare-protected pages. PDFs handled transparently.
Polite crawling.
Identifiable user agent, per-domain rate limiting, robots.txt respect, single shared crawl per URL across the platform.
Catalog autocomplete.
When you add a vendor, Thorgate suggests already-known matches with documents and facts pre-populated. Instant onboarding for popular SaaS.
Change detection

Structured diffs, not noise.

Cosmetic reformats are filtered out so the signal stays clean.

Hash-based change detection.
Whitespace-normalized content hashing — formatting tweaks and CDN cache flips don't register as changes.
Line-level structured diff.
Paragraph-grouped before-and-after view. Additions and removals highlighted distinctly.
Word-level inline highlighting.
When a single sentence within a paragraph changes, only the changed words are highlighted — like Word's track changes.
Reading view + Unified view.
Reading view shows the document with redline-style annotations (closer to legal review). Unified is dev-style line-by-line. Toggle per change.
Version comparator.
Pick any two stored snapshots of one document and view the diff between them — not just adjacent versions.
AI intelligence

Plain-English summaries, severity classification.

Deterministic outputs cached per diff. Available on Pro and Scale.

One-sentence change summaries.
Each detected change gets a factual one-sentence description. Cached per diff — what you read Tuesday is what your colleague reads Thursday.
Severity classification.
Minor / moderate / major. Major: new subprocessors, retention changes, jurisdictional changes, breach notification term changes. Minor: typos, reformatting, non-substantive rewording. Moderate: clarifications.
Structured fact extraction.
Per-vendor structured facts — retention period, subprocessor count, DPA version, SCC modules, jurisdictions, breach notification SLA, security certifications, AI training disclosures. Powers the peer comparator.
PolicyChat (Pro / Scale).
Conversational query interface scoped to your tracked corpus. "Which of my vendors share data with non-EU subprocessors?" 100 queries/month on Pro, 1,000 on Scale.
Alerts

Email digests today, Slack and webhooks on Pro.

Reach you in the channel you actually watch.

Daily or weekly email digests.
Aggregated changes since the last digest, grouped by severity. Per-account frequency setting. Skip-if-empty for daily; weekly always sends (compliance trust signal).
Slack webhook (Pro+).
Posts change notifications to a configured Slack channel. Configurable per workspace.
Generic webhook (Pro+).
POSTs structured JSON to a URL of your choice — for piping into your GRC platform, ticketing system, or internal data warehouse.
Per-vendor severity thresholds (Pro+).
Configure to alert only on major changes for tier-1 vendors, all changes for tier-2. Tunable per vendor.
Comparison

Side-by-side vendor and version comparison.

See what changed across time, or how vendors stack up against each other.

Version comparator.
Two arbitrary snapshots of one document, side by side. Useful for "what changed in Notion's privacy policy between March and November."
Peer comparator (Pro+).
Multi-vendor scorecard across structured dimensions: retention, subprocessor count, DPA version, SCC modules, jurisdictions, breach notification SLA, security certifications, AI training use, opt-out mechanisms.
PDF export (Pro+).
Export the peer comparator as a PDF — useful for vendor evaluation memos and committee reviews.
Branded exports (Scale).
Add your team's logo to peer comparator and audit reports.
Audit evidence

Designed for the auditor's ask.

Compatible with SOC 2, ISO 27001 Annex A.5.19-5.22 (supplier relationships), and GDPR Article 30 records of processing.

CSV export.
Full vendor list with current document versions, last-fetched timestamps, recent change counts, severity summaries, and last-reviewed dates.
Mark-as-reviewed flow.
Per-change review with audit trail — who reviewed it, when. Persisted forever. Gives auditors a "Reviewed by [user] on [date]" record.
Internal notes per vendor.
Free-text notes for context, decisions, follow-ups. Visible to your workspace only.
Indefinite history retention (Pro / Scale).
12 months on Starter; indefinite on Pro and Scale. The accumulated history compounds — older versions and earlier change events stay queryable.
Workspace

Built for compliance teams, not solo accounts.

Multi-seat from Pro upward, with the operational basics teams expect.

Multi-seat plans.
Starter is single-user. Pro includes 3 seats, Scale includes 7. Owner / member roles.
Workspace settings.
Rename workspace, configure digest frequency, manage members and billing in one place.
Topbar search.
Debounced search across vendors and changes. Keyboard shortcut: ⌘K.
Per-account customization.
Display-name overrides on shared catalog vendors — so your workspace can label "Stripe, Inc." however your team thinks of it.

See it on your own vendors.

Free for 14 days. No credit card. Cancel anytime.

Start your trial →