Pricing

Pay per usage

🛡️ Trust Center Monitor

Track vendor trust centers, subprocessor lists, and DPA updates to extract compliance data, export audit evidence, and schedule daily API runs.

Pricing

Pay per usage

Rating

0.0

(0)

Developer

太郎山田

Actor stats

Bookmarked

Total users

Monthly active users

2 days ago

Last modified

Trust Center & Subprocessor Monitor API

Monitor vendor trust centers, subprocessor lists, DPA updates, and security posture changes. Outputs one summary-first digest per vendor with executiveSummary, actionNeeded, recommendedActions, changedSinceLastRun, pageSummaries, and evidence.

Store Quickstart

Run this actor with your target input. Results appear in the Apify Dataset and can be piped to webhooks for real-time delivery. Use dryRun to validate before committing to a schedule.

Key Features

🛡️ Compliance-first — Produces audit-ready reports mapping findings to standards (WCAG, GDPR, SOC2)
🔒 Non-invasive scanning — Uses only observable public signals — no intrusive probing
📊 Severity-scored output — Each finding rated for criticality with remediation guidance
📡 Delta-alerting — Flag new findings since last run via webhook delivery
📋 Evidence export — Raw headers/responses captured for compliance documentation

Use Cases

Who	Why
Developers	Automate recurring data fetches without building custom scrapers
Data teams	Pipe structured output into analytics warehouses
Ops teams	Monitor changes via webhook alerts
Product managers	Track competitor/market signals without engineering time

Input

Field	Type	Default	Description
vendors	array	prefilled	Each vendor can use shorthand fields (trustCenterUrl, subprocessorsUrl, securityUrl, dpaUrl) or a full urlPacks object.
requestTimeoutSeconds	integer	`30`	HTTP request timeout per page.
userAgent	string	—	Optional User-Agent header override.
maxChars	integer	`40000`	Upper bound on extracted text length per page.
delivery	string	`"dataset"`	dataset: Apify Dataset (default). webhook: POST to webhookUrl. email: placeholder, not implemented.
datasetMode	string	`"changes_only"`	changes_only: changed + initial + error rows. action_needed: only vendors requiring follow-up. all: every vendor regardl
webhookUrl	string	—	Required when delivery is webhook.
notifyOnNoChange	boolean	`false`	When false, webhook delivery is skipped if no vendors changed and no action is needed.

Input Example

{
  "vendors": [
    {
      "id": "okta",
      "name": "Okta",
      "criticality": "high",
      "owner": "Security / Legal",
      "tags": [
        "iam",
        "renewal-q4"
      ],
      "subprocessorsUrl": "https://www.okta.com/privacy/okta-personal-data-sub-processors/",
      "dpaUrl": "https://www.okta.com/privacy/data-processing-addendum/",
      "trustCenterUrl": "https://trust.okta.com/"
    }
  ],
  "requestTimeoutSeconds": 30,
  "maxChars": 40000,
  "delivery": "dataset",
  "datasetMode": "changes_only",
  "notifyOnNoChange": false,
  "snapshotKey": "trust-center-subprocessor-monitor-snapshots",
  "diffMode": "line_summary",
  "summaryMaxLines": 15,
  "concurrency": 3,
  "batchDelayMs": 500,
  "dryRun": false
}

Output

Field	Type	Description
`meta`	object
`actionNeeded`	array
`results`	array
`actionNeeded[].vendorId`	string
`actionNeeded[].vendorName`	string
`actionNeeded[].owner`	string
`actionNeeded[].severity`	string
`actionNeeded[].status`	string
`actionNeeded[].reason`	string
`actionNeeded[].changedPacks`	array
`actionNeeded[].recommendedActions`	array
`actionNeeded[].executiveSummary`	string

Output Example

{
  "meta": {
    "generatedAt": "2026-04-02T10:30:00.000Z",
    "now": "2026-04-02T10:00:00.000Z",
    "input": {
      "vendorCount": 1,
      "pageCount": 2,
      "delivery": "dataset",
      "datasetMode": "changes_only",
      "diffMode": "line_summary",
      "summaryMaxLines": 15,
      "concurrency": 2,
      "batchDelayMs": 500,
      "dryRun": false
    },
    "snapshot": {
      "key": "trust-center-quickstart",
      "loadedFrom": "local",
      "savedTo": "local"
    },
    "warnings": [],
    "totals": {
      "vendors": 1,
      "monitoredPages": 2,
      "changedVendors": 1,
      "initialVendors": 0,
      "unchangedVendors": 0,
      "partialVendors": 0,
      "errorVendors": 0,
      "actionNeededVendors": 1,
      "changedPages": 1,
      "initialPages": 0,
      "unchangedPages": 1,
      "errorPages": 0
    },
    "executiveSummary": {
      "brief": "1 vendor(s) require review; 1 vendor(s) changed since last run.",
      "totals": {
        "vendors": 1,
        "monitoredPages": 2,

API Usage

Run this actor programmatically using the Apify API. Replace YOUR_API_TOKEN with your token from Apify Console → Settings → Integrations.

cURL

curl -X POST "https://api.apify.com/v2/acts/taroyamada~trust-center-subprocessor-monitor/run-sync-get-dataset-items?token=YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "vendors": [ { "id": "okta", "name": "Okta", "criticality": "high", "owner": "Security / Legal", "tags": [ "iam", "renewal-q4" ], "subprocessorsUrl": "https://www.okta.com/privacy/okta-personal-data-sub-processors/", "dpaUrl": "https://www.okta.com/privacy/data-processing-addendum/", "trustCenterUrl": "https://trust.okta.com/" } ], "requestTimeoutSeconds": 30, "maxChars": 40000, "delivery": "dataset", "datasetMode": "changes_only", "notifyOnNoChange": false, "snapshotKey": "trust-center-subprocessor-monitor-snapshots", "diffMode": "line_summary", "summaryMaxLines": 15, "concurrency": 3, "batchDelayMs": 500, "dryRun": false }'

Python

from apify_client import ApifyClient

client = ApifyClient("YOUR_API_TOKEN")
run = client.actor("taroyamada/trust-center-subprocessor-monitor").call(run_input={
  "vendors": [
    {
      "id": "okta",
      "name": "Okta",
      "criticality": "high",
      "owner": "Security / Legal",
      "tags": [
        "iam",
        "renewal-q4"
      ],
      "subprocessorsUrl": "https://www.okta.com/privacy/okta-personal-data-sub-processors/",
      "dpaUrl": "https://www.okta.com/privacy/data-processing-addendum/",
      "trustCenterUrl": "https://trust.okta.com/"
    }
  ],
  "requestTimeoutSeconds": 30,
  "maxChars": 40000,
  "delivery": "dataset",
  "datasetMode": "changes_only",
  "notifyOnNoChange": false,
  "snapshotKey": "trust-center-subprocessor-monitor-snapshots",
  "diffMode": "line_summary",
  "summaryMaxLines": 15,
  "concurrency": 3,
  "batchDelayMs": 500,
  "dryRun": false
})

for item in client.dataset(run["defaultDatasetId"]).iterate_items():
    print(item)

JavaScript / Node.js

import { ApifyClient } from 'apify-client';

const client = new ApifyClient({ token: 'YOUR_API_TOKEN' });
const run = await client.actor('taroyamada/trust-center-subprocessor-monitor').call({
  "vendors": [
    {
      "id": "okta",
      "name": "Okta",
      "criticality": "high",
      "owner": "Security / Legal",
      "tags": [
        "iam",
        "renewal-q4"
      ],
      "subprocessorsUrl": "https://www.okta.com/privacy/okta-personal-data-sub-processors/",
      "dpaUrl": "https://www.okta.com/privacy/data-processing-addendum/",
      "trustCenterUrl": "https://trust.okta.com/"
    }
  ],
  "requestTimeoutSeconds": 30,
  "maxChars": 40000,
  "delivery": "dataset",
  "datasetMode": "changes_only",
  "notifyOnNoChange": false,
  "snapshotKey": "trust-center-subprocessor-monitor-snapshots",
  "diffMode": "line_summary",
  "summaryMaxLines": 15,
  "concurrency": 3,
  "batchDelayMs": 500,
  "dryRun": false
});

const { items } = await client.dataset(run.defaultDatasetId).listItems();
console.log(items);

Tips & Limitations

Schedule weekly runs against your production domains to catch config drift.
Use webhook delivery to pipe findings into your SIEM (Splunk, Datadog, Elastic).
For CI integration, block releases on critical severity findings using exit codes.
Combine with ssl-certificate-monitor for layered cert + headers coverage.
Findings include links to official remediation docs — share with dev teams via the webhook payload.

FAQ

Is running this against a third-party site legal?

Passive public-header scanning is generally permitted, but follow your own compliance policies. Only scan sites you have authorization for.

How often should I scan?

Weekly for production domains; daily if you have high config-change velocity.

Can I export to a compliance tool?

Use webhook delivery or Dataset API — formats map well to Drata, Vanta, OneTrust import templates.

Is this a penetration test?

No — this actor performs passive compliance scanning only. No exploitation, fuzzing, or auth bypass.

Does this qualify as a SOC2 control?

This actor produces evidence artifacts suitable for SOC2 CC7.1 (continuous monitoring). It is not itself a SOC2 certification.

Security & Compliance cluster — explore related Apify tools:

Privacy & Cookie Compliance Scanner | GDPR / CCPA Banner Audit — Scan public privacy pages and cookie banners for GDPR/CCPA compliance signals.
Security Headers Checker API | OWASP Audit — Bulk-audit websites for OWASP security headers, grade each response, and monitor header changes between runs.
SSL Certificate Monitor API | Expiry + Issuer Changes — Check SSL/TLS certificates in bulk, detect expiry and issuer changes, and emit alert-ready rows for ops and SEO teams.
DNS / SPF / DKIM / DMARC Audit API — Bulk-audit domains for SPF, DKIM, DMARC, MX, and email-auth posture with grades and fix-ready recommendations.
robots.txt AI Policy Monitor | GPTBot ClaudeBot — Detect GPTBot, ClaudeBot, Google-Extended, and other AI crawler policies in robots.
Data Breach Disclosure Monitor | HIPAA Breach Watch — Monitor the HHS OCR Breach Portal for new HIPAA data breach disclosures.
WCAG Accessibility Checker API | ADA & EAA Compliance Audit — Audit websites for WCAG 2.
📜 Open-Source License & Dependency Audit API — Audit npm packages for license risk, dependency depth, maintainer activity, and compliance posture.

Cost

Pay Per Event:

actor-start: $0.01 (flat fee per run)
dataset-item: $0.003 per output item

Example: 1,000 items = $0.01 + (1,000 × $0.003) = $3.01

No subscription required — you only pay for what you use.

⚖️ Compliance Monitor

taroyamada/regulatory-change-monitor

Monitor regulatory changes and automate compliance tracking. Schedule runs to scrape government updates and trigger webhooks on new alerts.

太郎山田

📊 Vendor Change Monitor

taroyamada/vendor-change-monitor

Track SaaS vendor pricing, terms of service, and renewal language. Extract web data to schedule procurement alerts and integrate results.

太郎山田

Pricing Monitor & Scraper

taroyamada/competitive-pricing-monitor

Extract competitor SaaS and ecommerce pricing data. Schedule regular runs to monitor plan changes, track price tiers, and export results via API.

太郎山田

CVE Vulnerability Monitor - NVD Daily

pink_comic/nvd-cve-vulnerability-database

Monitor the National Vulnerability Database for new CVEs daily. Schedule runs to track vulnerabilities by keyword, severity, or vendor. Get CVSS scores, descriptions, and affected products. For security teams, DevSecOps, penetration testers, and compliance. Pay per result.

Ava Torres

Trustpilot Scraper - Company Reviews & Trust Scores

renzomacar/trustpilot-reviews

Scrape Trustpilot reviews for any company. Extract trust scores, star ratings, reviewer names, review titles, full review text, dates, verification badges, and company responses. Great for brand monitoring, due diligence, and competitive benchmarking.

Renzo Madueno

🟢 Status Page Monitor

taroyamada/status-page-incident-digest-monitor

Monitor vendor status pages and incident feeds to extract real-time outage data. Schedule runs to integrate alerts into your DevOps tools.

太郎山田

Regulatory Intelligence API - AI Compliance Radar

ai_solutionist/regulatory-intelligence-api

The compliance radar AI agents trust. Extract structured requirements, deadlines, and compliance checklists from Federal Register, regulations.gov, and state regulations.

Jason Pellerin

⚡ HTTP Status Monitor

taroyamada/bulk-url-health-checker

Monitor URLs to extract status codes, response times, and SSL validity. Schedule runs and integrate via API to track website uptime.

太郎山田

Trustpilot Scraper — Reviews, Ratings & Data

cryptosignals/trustpilot-scraper

Scrape Trustpilot business reviews and ratings. Extract review text, star ratings, reviewer details, company responses, and trust scores. Monitor brand reputation and customer feedback. Export to JSON, CSV, or Excel.