ZenovayTools

SaaS Privacy Label

Generate a privacy nutrition label for any SaaS vendor. Check GDPR contracts, data residency, sub-processors, and regulatory history.

How to Use SaaS Privacy Label

  1. 1Enter a SaaS vendor name or URL (e.g., "HubSpot", "hotjar.com").
  2. 2Review the privacy grade (A-F) and vendor profile.
  3. 3Check GDPR contracts, data residency, and regulatory history.
  4. 4Use the procurement verdict to make informed vendor decisions.
Zenovay

Track your website performance

Real-time analytics, session replay, heatmaps, and AI insights. 2-minute setup, privacy-first.

Try Zenovay Analytics — Free

Related Tools

GA4 Health CheckerAudit your Google Analytics 4 setup for duplicate tracking, consent mode issues, deprecated UA scripts, and data layer problems.
Analytics AdvisorCompare 14+ analytics platforms on pricing, privacy compliance, features, and GDPR readiness. Find the right tool for your needs.
Privacy Policy AuditorDetect third-party scripts on your site and check if each one is properly disclosed in your privacy policy. Get a compliance score.
Privacy Law CheckerAnalyze your website to determine which privacy laws (GDPR, CCPA, LGPD, PIPEDA, APPI) apply based on audience signals.

Frequently Asked Questions

What is a SaaS Privacy Label?
Like nutrition labels on food, a SaaS Privacy Label gives you a quick overview of a vendor's privacy posture. It covers GDPR contracts, data residency, regulatory history, and whether the tool requires user consent.
How are grades calculated?
Grades range from A (best) to F (worst). EU-based, cookieless vendors with no regulatory incidents get an A. US-based vendors with DPA, SCCs, and EU residency get a B. Vendors with enforcement history or severe violations get D or F.
What is a DPA?
A Data Processing Agreement (DPA) is a legally binding contract between a data controller and processor. Under GDPR Article 28, you must have a DPA with every vendor that processes personal data on your behalf.
What are Standard Contractual Clauses (SCCs)?
SCCs are legal contracts approved by the EU Commission for transferring personal data outside the EU/EEA. They provide safeguards for data transfers to countries without an EU adequacy decision, like the United States.
What is the EU-US Data Privacy Framework?
The EU-US DPF is an adequacy framework allowing certified US companies to receive EU personal data without additional safeguards like SCCs. Companies must self-certify and comply with specific privacy principles.
Does this replace a legal assessment?
No. This tool provides a quick privacy posture overview based on publicly available information. A full vendor assessment should include legal review of DPA terms, Transfer Impact Assessments, and your specific use case.
Which vendors are included?
We cover 30 major SaaS vendors across analytics, advertising, session replay, CRM, chat, and A/B testing categories. We continuously add new vendors based on user demand.