Terms of Service and Privacy Policy Drift Detection

The scenario

Your company uses fifty SaaS vendors. Most of them update their Terms of Service or Privacy Policy quietly, with a small banner that the URL was modified - or with no banner at all. Your DPA depends on those terms. When a vendor changes data-sharing language, your compliance team needs to know in time to review and renegotiate, not after the change is already in effect.

The same pattern applies for academic-integrity teams watching AI-tool ToS pages, and for product teams whose integrations depend on third-party API terms.

The problem

Vendor ToS pages are intentionally hard to diff. Layouts change. Wording moves between sections. "Last updated" dates aren't always accurate. The DIY approach - store a snapshot, hash it, compare - works fine when you can set it up; in practice it falls off because no one owns it.

How Verid solves it

Use the full_page extractor and an any_field_changes predicate. Verid hashes the rendered page on every run. When the hash changes, the page changed. That's it.

Pair the alert with a manual diff workflow on your side - link the webhook to the wayback-machine snapshot from the previous run, or hash both yourself and surface the byte-level diff in your legal team's tool.

Build the monitor

Extraction config

{ "method": "full_page" }

This returns page_hash and content_length as fields.

Predicate

{ "type": "any_field_changes" }

A hash change is a real change. There's nothing more granular to ask for at this layer.

Create the monitor

curl -X POST https://api.verid.dev/v1/monitors \
  -H "Authorization: Bearer vrd_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Vendor ToS - ExampleCorp",
    "url": "https://example.com/legal/terms",
    "schedule_interval_seconds": 86400,
    "extract_config": { "method": "full_page" },
    "diff_predicate": { "type": "any_field_changes" },
    "deliveries": [
      { "type": "email", "to": "legal@example.com" }
    ]
  }'

SDK:

import { VeridClient } from '@verid.dev/sdk';

const client = new VeridClient({ apiKey: 'vrd_your_api_key' });

await client.monitors.create({
  name: 'Vendor ToS - ExampleCorp',
  url: 'https://example.com/legal/terms',
  schedule_interval_seconds: 86400,
  extract_config: { method: 'full_page' },
  diff_predicate: { type: 'any_field_changes' },
  deliveries: [{ type: 'email', to: 'legal@example.com' }],
});

What the webhook delivers

{
  "id": "del_01H...",
  "fired_at": "2026-05-08T03:00:00Z",
  "diff": {
    "fields_changed": ["page_hash", "content_length"],
    "before": { "page_hash": "a1b2c3d4...e", "content_length": 18421 },
    "after":  { "page_hash": "9f8e7d6c...3", "content_length": 18557 }
  }
}

The hash changed; the page is 136 bytes longer than yesterday. Time for legal to take a look.

Caveats & tips

• Cosmetic changes will fire. A footer redesign hashes the whole page differently even though no legal text changed. Treat full-page-hash alerts as "investigate" signals, not "act" signals.
• Layer with prompt extraction for higher signal. Combine this monitor with a second monitor on the same URL using the prompt extractor and a schema like { "data_sharing_summary": "string", "termination_clause_summary": "string" }. The full-page hash catches everything; the prompt monitor catches the things that actually matter.
• Daily check is plenty. Vendor ToS doesn't move hourly. Daily keeps you within the typical 30-day notice window vendors offer for term changes.
• Archive snapshots externally. Verid keeps run history but isn't a legal archive. Push the before/after content from the webhook into your evidence store on every fire.

Related use cases

For regulatory page tracking with structured summaries, see regulatory filings & policy pages. For domain ownership changes, see WHOIS & domain ownership changes. For competitor copy drift more broadly, see competitor ad & landing copy changes.