Skip to content
Sendora Cloud
Create account
Operate · Privacy

GDPR / CCPA / DPF compliance enforced at the platform layer — flip one toggle, every marketing email checks consent at dispatch.

OneTrust / Cookiebot manage a consent banner. They don't stop your messaging tool from emailing someone who revoked consent — that's on you to plumb. Sendora puts consent state on the Customer profile + flips a single org-level switch (`enforce_consent`) that makes Email refuse to dispatch broadcast / workflow sends to recipients without a granted `marketing` row. No record OR revoked record → `email_sends` row with `status='failed' provider='suppressed' suppressed_reason='no_consent'` for audit visibility. Transactional / auth / ticket bypasses — those are platform-critical. Push + SMS enforcement follow the same posture (in-flight; phone column + indexes already shipped). DSAR / right-to-erasure cascades across every Sendora module. Audit trail of every consent change is a first-class log.

Get started freeRead the docs

Features

  • Per-purpose consent state — analytics / marketing / functional / etc. tracked per-user (or per email / phone / userId), per-purpose, immutable retention. Every grant + revoke also writes an events row so analytics can plot consent rates over time.
  • Real send-time enforcement on Email — broadcast + workflow categories check the most-recent marketing row at dispatch. No record OR revoked → email_sends row with status='failed' provider='suppressed' suppressed_reason='no_consent'. Toggle in /dashboard/consent. Transactional / auth / ticket bypass — platform-critical.
  • Push + SMS enforcement — same posture, shipping next release. Phone column + 3 partial indexes (org_id, {email,user_id,phone}, purpose, created_at DESC) already landed in migration 0057.
  • Art. 15 DSAR export — one POST returns a JSON bundle across 7 tables: events, profiles, push_tokens, email_sends, sms_sends, support_tickets, auth_service_users. Enumerated in gdpr/routes.ts — auditable in source.
  • Art. 17 erasure — one POST hard-deletes the same 7 tables. Requires ADMIN role + recent-passkey-UV step-up (Touch ID / passkey within 5 min) + the literal string confirm="DELETE" in the body. Audit log records actor + table + row count for regulator export.
  • Data residency — EU or US tenancy at sign-up; data stays in-region. Backups respect the boundary.
  • Auditor-ready posture — consent ledger + DSAR runbook + audit log all exportable. Per-action audit log records actor + IP-hash + timestamp + intent for every privileged operation.
  • First-class SDK helpersconsent.record({ purpose, granted, email?, phone?, userId?, source? }) + consent.requestDeletion() on RN 0.18.3+ and Web 2.17.0+. Cookie-banner integrations ship in one call.

Common use cases

Replace OneTrust ($3,680+/mo enterprise tier) for consent ledger + DSAR — keep enterprise tier only if you also need vendor-risk / third-party-risk modules.

Replace Osano ($199-1,000+/mo) — same posture, plus consent enforcement happens inside Sendora's senders instead of via per-vendor connectors.

Keep Cookiebot (or any banner-only vendor) for the cookie UI — wire it to Sendora's `consent.record()` for the enforcement + DSAR side.

GDPR / CCPA / DPF compliance baked into the platform — auditor sees a single ledger, runbook, audit log, no per-vendor stitching.

Enterprise DPA: auditor sees consent ledger + residency + DSAR endpoints + step-up posture out of the box. No "we'll wire it later" claims.

Start in minutes. Scale without switching tools.

The free tier covers most side projects. Every module is turn-key and every SDK is first-party.

Create free accountView pricing