OnCatch by OnPath Testing
Compliance receipts. Not a sales call.
The compliance work OnCatch shipped, what jurisdictions it covers, which PR or external standard backs each claim. No vendor questionnaire required.
Western-launch compliance, built in at the Free tier:
- US Federal + 20-state privacy disclosures (CCPA / CPRA / VCDPA + 17 more state privacy laws)
- GDPR (EU) Articles 15 / 17 / 20 + EU Standard Contractual Clauses + Article 30 ROPA + Article 33 breach workflow
- UK GDPR + DPA 2018 + PECR
- Australia Privacy Act + NDB scheme
- Canada PIPEDA + provincial
- GPC universal opt-out honored end-to-end
- WCAG 2.1 AA verified
- Breach notification matrix across 4 jurisdictions + 4 templates
- 7-locale i18n on the widget
- Workspace isolation enforced by row-level security
- Closed shadow DOM + Cloudflare Turnstile + HMAC-SHA256 webhook signing + SSRF defense
The contrast: Userback gates SSO to 25 seats. Marker.io custom-quotes SSO. Gleap gates SOC 2 Type 2 to $999/mo Enterprise. Jam.dev SSO is "Call Us!" on the SSO Wall of Shame. OnCatch ships the actual compliance work — at $0.
Documents: Privacy policy · DPA · Subprocessors · Cookie policy · Terms
Questions for your CISO, DPO, or procurement? Email hello@oncatch.app — Brian Borg (OnPath Testing founder, 17 years in QA).