Skip to content
Sendora Cloud
Create account
Migrate from OneTrust

Move from OneTrust to Sendora.

Move consent ledger + DSAR runbook from OneTrust to Sendora Privacy. Half-day for most teams; 1-2 days if you keep a 3rd-party banner.

Total effort: Half-day for most teams; 1-2 days if you keep Cookiebot for the banner UI.

Step-by-step

  1. 1

    1. Export OneTrust consent records

    Export from OneTrust admin: Consent → Records → Export → CSV. Columns to keep: user identifier (email or userId), purpose, granted (boolean), timestamp, source, IP hash if present. OneTrust exports across all purposes by default — filter to the purposes you'll enforce in Sendora (`marketing` is the one the email gate reads).

    30 min
  2. 2

    2. Bulk-record into Sendora

    Loop the CSV through `POST /api/v1/consent/record` with API key auth. One row per (identifier, purpose, granted) tuple. Sendora retains forever — same posture as OneTrust (legal evidence). Source field accepts free text — write `source: 'onetrust-import-2026-05'` so the audit log marks the import batch.

    1-2 hours (script-driven)
  3. 3

    3. Decide on the banner

    Sendora doesn't ship a cookie banner UI. Two paths: (A) keep OneTrust's banner — change it to call Sendora's `consent.record()` SDK helper on every grant/revoke instead of OneTrust's API. Cancel OneTrust's enterprise consent module, keep the banner-only tier. (B) Move to Cookiebot or similar banner-only vendor — same SDK hook.

    1-2 hours
  4. 4

    4. Enable Sendora send-time enforcement

    Dashboard → Consent → toggle "Enforce consent on outbound email" to on. From that moment, every broadcast + workflow email checks the most-recent `marketing` consent for the recipient before dispatching. No-record + revoked recipients get a `suppressed` row with `metadata.suppressed_reason='no_consent'` in `email_sends` for the audit log. Transactional / auth / ticket email bypass.

    5 min
  5. 5

    5. Repoint your DSAR runbook

    Replace OneTrust's DSAR workflow tool with Sendora's two endpoints: `POST /orgs/:orgId/gdpr/export` returns a JSON bundle across 7 tables (events, profiles, push_tokens, email_sends, sms_sends, support_tickets, auth_service_users) — forward verbatim to the data subject. `POST /orgs/:orgId/gdpr/delete` with `confirm="DELETE"` hard-deletes the same rows. Both require ADMIN + recent-passkey-UV step-up.

    30 min
  6. 6

    6. (Optional) Migrate vendor-risk + third-party-risk records

    Sendora doesn't ship vendor-risk / third-party-risk modules. If you used OneTrust Enterprise for those, keep the enterprise tier — they live alongside Sendora cleanly. If you only had OneTrust for consent + DSAR, you can downgrade or cancel.

    Depends on what else you used
  7. 7

    7. Cancel the OneTrust consent + DSAR tier

    Once Sendora is enforcing + DSAR runbook is repointed for ≥30 days, cancel the OneTrust consent + DSAR contract. Keep the export of the historical consent records and audit logs in cold storage (legal-evidence retention).

    5 min (after wait period)

Watch-outs

  • OneTrust's audit log + Sendora's audit log are SEPARATE logs across the cutover. Plan to export OneTrust's historical audit log to cold storage — you can't merge them retroactively.
  • Sendora's enforcement gates `marketing` consent only today. If you enforced `analytics` consent via OneTrust at the tag-manager layer, that stays separate (handled by your tag manager / banner).
  • Push + SMS enforcement gates are in the next release. If you need SMS consent enforcement immediately, plumb `consent.record()` calls + a pre-send check in your application code until the gate ships.
  • Sendora doesn't ship a cookie banner UI — if you canceled OneTrust without lining up Cookiebot or a custom banner, you have a compliance gap.
Lands you on

Privacy

GDPR / CCPA / DPF compliance enforced at the platform layer — flip one toggle, every marketing email checks consent at dispatch.

OneTrust / Cookiebot manage a consent banner. They don't stop your messaging tool from emailing someone who revoked consent — that's on you to plumb. Sendora puts consent state on the Customer profile + flips a single org-level switch (`enforce_consent`) that makes Email refuse to dispatch broadcast / workflow sends to recipients without a granted `marketing` row. No record OR revoked record → `email_sends` row with `status='failed' provider='suppressed' suppressed_reason='no_consent'` for audit visibility. Transactional / auth / ticket bypasses — those are platform-critical. Push + SMS enforcement follow the same posture (in-flight; phone column + indexes already shipped). DSAR / right-to-erasure cascades across every Sendora module. Audit trail of every consent change is a first-class log.

Read full Privacy page

Stuck on the migration? We'll help.

Launch partners get white-glove migration help direct from the engineering team. Free plan covers real product use during the parallel-run period.

Create free accountBecome a launch partnerSide-by-side vs OneTrust