OneTrust or Sendora — pick the trade-off, not the marketing.
OneTrust runs your consent banner + ledger + audit dashboards. Real enforcement — does the messaging tool refuse to send to a revoked recipient? Does erasure remove every row across your stack? — is on every downstream code path. Sendora puts the same ledger inside the platform that already holds the customer profiles, sends, tickets, push tokens, and auth users — so a single `enforce_consent` toggle (migration 0057) gates every email broadcast at the dispatch line, and one DSAR call cascades across 7 tables enumerated in code. Audit log records actor + recent-passkey-UV step-up + confirm string for every erasure.
Enterprise consent + privacy compliance suite. Banner UI + ledger + dashboards. Downstream enforcement is on you.
Consent ledger + real send-time enforcement on email broadcasts + DSAR cascade across 7 tables — all platform-native.
Side-by-side
| Capability | OneTrust | Sendora |
|---|---|---|
| Cookie banner UI + automated scan | ✅ industry-leading | ❌ bring your own (or use Cookiebot for the banner only) |
| Per-purpose consent ledger | ✅ | ✅ `consent_records` table — email / userId / phone / entityId, retained forever for legal evidence |
| Real send-time consent enforcement | Plumb to each vendor manually | ✅ one toggle — email broadcasts check consent at dispatch line (push + SMS gates in next release) |
| DSAR Art. 15 export | Workflow tool that fetches from each vendor | ✅ one POST — gathers from 7 tables (events, profiles, push_tokens, email_sends, sms_sends, support_tickets, auth_service_users) |
| DSAR Art. 17 erasure | Per-vendor cascade you assemble | ✅ one POST — ADMIN + recent-passkey-UV step-up + confirm="DELETE" string, audit log records actor |
| Per-region data residency | ✅ enterprise tier | ✅ per-org EU/US at sign-up |
| Vendor-risk / third-party-risk modules | ✅ (enterprise suite) | ❌ — scoped to consent + DSAR only |
| Pricing | Enterprise quoted; from $10K/yr min in 2026 | Bundled with 21 other modules |
Why teams switch to Sendora
- OneTrust costs $3,680+/mo at the lowest enterprise tier; Sendora bundles consent + DSAR with 21 other modules.
- Enforcement is real — not aspirational. Flip `enforce_consent` and broadcast email refuses no-record + revoked recipients at dispatch, writing a `suppressed` row with `metadata.suppressed_reason='no_consent'` for the audit log.
- DSAR is one POST, not a workflow tool wiring per-vendor connectors. The 7 tables are enumerated in `gdpr/routes.ts` — auditable in our source.
- Erasure requires recent-passkey-UV step-up + the literal string "DELETE" in the body — anti-fat-finger by design.
When OneTrust is the right call
- You need OneTrust's vendor-risk + third-party-risk + internal-audit suites beyond consent. Sendora doesn't touch those.
- Your privacy / legal team has years of OneTrust playbook depth + integrations.
- You want a polished cookie banner UI out of the box — Sendora is BYO banner.
Common questions
Does Sendora ship a cookie banner UI?
No — bring your own (or use Cookiebot for the banner only). Sendora handles the ledger, send-time enforcement, and DSAR cascade — the parts OneTrust doesn't actually enforce.
Show me the 7 tables DSAR touches.
events, profiles, push_tokens, email_sends, sms_sends, support_tickets, auth_service_users. Enumerated in `apps/backend/src/modules/gdpr/routes.ts:27-28` (open-source repo). click_events is deliberately excluded — already pseudonymised via IP hash + 90-day prune.
What does "real enforcement" mean?
Org admin toggles `enforce_consent` in `/dashboard/consent`. From then on, every broadcast + workflow email send checks the most-recent `marketing` consent row for the recipient (email | userId | phone) before dispatching. No row OR revoked → `email_sends` written with `status='failed' provider='suppressed' suppressed_reason='no_consent'` — visible in send stats. Transactional / auth / ticket bypass — those are platform-critical.
Push + SMS enforcement?
Same shape as email, next release. Phone column + 3 partial indexes (`org_id, {email,user_id,phone}, purpose, created_at DESC`) already landed in migration 0057 so the SMS gate is a 10-line follow-up. Push needs a `category` discriminator on the send schema first.
Data residency — EU or US?
Per-org tenancy at sign-up. Data stays in-region. Cross-region replication for backups only; metadata respects the residency boundary.
Does Sendora replace OneTrust's enterprise compliance suite end-to-end?
No. OneTrust Enterprise covers vendor-risk, third-party-risk, internal audit — Sendora Privacy is scoped to consent + DSAR + downstream enforcement on the channels Sendora ships. Use both for full enterprise compliance.
Privacy
GDPR / CCPA / DPF compliance enforced at the platform layer — flip one toggle, every marketing email checks consent at dispatch.
OneTrust / Cookiebot manage a consent banner. They don't stop your messaging tool from emailing someone who revoked consent — that's on you to plumb. Sendora puts consent state on the Customer profile + flips a single org-level switch (`enforce_consent`) that makes Email refuse to dispatch broadcast / workflow sends to recipients without a granted `marketing` row. No record OR revoked record → `email_sends` row with `status='failed' provider='suppressed' suppressed_reason='no_consent'` for audit visibility. Transactional / auth / ticket bypasses — those are platform-critical. Push + SMS enforcement follow the same posture (in-flight; phone column + indexes already shipped). DSAR / right-to-erasure cascades across every Sendora module. Audit trail of every consent change is a first-class log.
Switch from OneTrust. Keep your weekend.
Free plan covers real product use, no credit card. Bulk hash import for auth, CSV import for profiles, schema-validated event import for analytics — Data Sync module handles the migration in a day.