Monitor Terms of Service and Privacy Policy pages for changes — get plain-English summaries and risk scores for every update.
Never be caught off guard by a sneaky TOS change again. policywatch fetches policy pages, extracts the readable text, diffs against previous versions, and flags concerning changes like expanded data collection, new arbitration clauses, or AI training provisions.
- TikTok just changed its TOS to collect precise location and biometric data — most users had no idea
- Companies slip in arbitration clauses, data-selling provisions, and consent removals in routine "updates"
- There's no free, self-hosted, CLI-friendly tool that monitors this for you
- Existing solutions charge $50+/mo or only work for enterprise compliance teams
# Install
npm install -g policywatch
# (or clone and npm link)
# Add policies to watch
policywatch add https://openai.com/policies/terms-of-use --name "OpenAI TOS"
policywatch add https://github.com/site/terms --name "GitHub TOS"
policywatch add https://www.tiktok.com/legal/terms-of-service --name "TikTok TOS"
# Run a check (first run captures baseline snapshots)
policywatch check --all
# Run again later to detect changes
policywatch check --all
# View latest diff for a specific policy
policywatch diff https://openai.com/policies/terms-of-use
# View snapshot history
policywatch history https://openai.com/policies/terms-of-use
# Export all data
policywatch export --format json- Smart Text Extraction — Strips nav, footer, cookie banners, scripts; extracts just the policy text
- Risk Scoring — Automatic 0-100 risk score based on detected concern patterns
- Concern Detection — Flags 15+ categories: data collection, location tracking, biometrics, third-party sharing, arbitration clauses, AI training, data retention, and more
- Markdown Summaries — Human-readable change reports with severity levels
- Multiple Notification Channels — Console, webhook (Slack/Discord/generic), file output
- SQLite Storage — Full snapshot history with diff records for audit trails
- CSS Selector Scoping — Target specific page sections for cleaner extraction
- Zero External APIs — All analysis runs locally (no OpenAI/Anthropic dependency)
| Command | Description |
|---|---|
policywatch add <url> --name <name> |
Add a policy URL to monitor |
policywatch list |
List all watched policies |
policywatch check [url] --all |
Check for changes |
policywatch diff <url> |
Show latest diff for a policy |
policywatch history <url> |
Show snapshot & change history |
policywatch remove <url> |
Stop watching a policy |
policywatch export --format json|md |
Export all data |
--db <path> Custom database file location
--selector <css> CSS selector to narrow text extraction
--webhook <url> Send change notifications to a webhook
--output <file> Write change reports to a file
When changes are detected and --webhook is set, policywatch sends:
{
"event": "policy_change",
"policy": {
"name": "TikTok TOS",
"url": "https://www.tiktok.com/legal/terms-of-service"
},
"change": {
"headline": "TikTok TOS: Data Collection Expansion and 2 other concern(s) detected",
"riskScore": 65,
"linesAdded": 47,
"linesRemoved": 12,
"summary": "## TikTok TOS: Data Collection Expansion...\n..."
},
"timestamp": "2025-01-28T14:30:00.000Z"
}| Category | Severity | What It Detects |
|---|---|---|
| Data Selling | 🔴 CRITICAL | Selling personal data to third parties |
| Data Collection | 🟠 HIGH | Expanded data collection scope |
| Location Tracking | 🟠 HIGH | Precise/GPS location monitoring |
| Biometrics | 🟠 HIGH | Facial recognition, fingerprints, voice prints |
| Third-Party Sharing | 🟠 HIGH | Sharing data with partners/advertisers |
| Legal Rights | 🟠 HIGH | Arbitration clauses, class-action waivers |
| Data Retention | 🟠 HIGH | Indefinite/permanent data retention |
| AI Training | 🟡 MEDIUM | Using content for ML model training |
| Automated Decisions | 🟡 MEDIUM | Algorithmic profiling/decisions |
| Children's Privacy | 🟡 MEDIUM | Changes affecting minors |
| International Transfer | 🟡 MEDIUM | Cross-border data transfers |
| Government Access | 🟡 MEDIUM | Law enforcement data sharing |
| Advertising | 🟡 MEDIUM | Targeted advertising expansions |
| Consent & Opt-Out | 🔵 LOW | Changes to consent mechanisms |
| Security | ℹ️ INFO | Security measure updates |
import { PolicyStore, fetchPolicy, diffSnapshots, summariseChanges } from 'policywatch';
const store = new PolicyStore('./my-data.db');
const policy = store.addPolicy('https://example.com/tos', 'Example');
// Fetch and store
const { content, hash } = await fetchPolicy(policy.url);
store.addSnapshot(policy.id, content, hash);
// Later: check for changes
const prev = store.getLatestSnapshot(policy.id);
const current = await fetchPolicy(policy.url);
const diff = diffSnapshots(prev.content, current.content);
const summary = summariseChanges(diff, 'Example TOS');
console.log(summary.headline); // "Example TOS: Data Collection Expansion detected"
console.log(summary.riskScore); // 45
console.log(summary.concerns); // [{ category: 'data-collection', ... }]
store.close();# Check all policies daily at 9 AM
0 9 * * * cd /path/to/project && policywatch check --all --webhook https://hooks.slack.com/your-hookgit clone https://github.com/brandonwise/policywatch.git
cd policywatch
npm install
npm test # Run tests (51 passing)
npm run lint # ESLint
npm run format # Prettier
npm run check # All quality gatessrc/
├── cli.js # Commander-based CLI entry point
├── index.js # Public API exports
├── store.js # SQLite storage (policies, snapshots, diffs)
├── fetcher.js # HTTP fetch + HTML text extraction (Cheerio)
├── differ.js # Line-level diffing with context formatting
├── summariser.js # Heuristic risk analysis + concern detection
├── notifier.js # Console / webhook / file notifications
├── checker.js # Orchestration: fetch → diff → summarise → notify
└── config.js # Config file loading + defaults
Private