
GITNUXSOFTWARE ADVICE
Policy Government MattersTop 8 Best Policies Software of 2026
Top 10 Policies Software ranking for governance buyers. Compare Power Automate, Microsoft Purview, and Google Cloud Policy Intelligence features.
How we ranked these tools
Core product claims cross-referenced against official documentation, changelogs, and independent technical reviews.
Analyzed video reviews and hundreds of written evaluations to capture real-world user experiences with each tool.
AI persona simulations modeled how different user types would experience each tool across common use cases and workflows.
Final rankings reviewed and approved by our editorial team with authority to override AI-generated scores based on domain expertise.
Score: Features 40% · Ease 30% · Value 30%
Gitnux may earn a commission through links on this page — this does not influence rankings. Editorial policy
Editor’s top 3 picks
Three quick recommendations before you dive into the full comparison below — each one leads on a different dimension.
Power Automate
Custom connectors let teams define authentication and connector schemas for new systems.
Built for fits when enterprises need governed, connector-based workflow automation across Microsoft and SaaS apps..
Microsoft Purview
Editor pickSensitivity labels tied to governance policies with RBAC governed access and audit log traceability.
Built for fits when governance teams need auditable policy automation across Microsoft and external data sources..
Google Cloud Policy Intelligence
Editor pickOrganization policy impact analysis with structured mappings from constraints to effective resources.
Built for fits when teams need API-driven policy assessment and audit-ready governance across GCP..
Related reading
Comparison Table
This comparison table maps policy software by integration depth, data model, and the automation and API surface used to enforce controls. It also lists admin and governance controls such as RBAC, provisioning paths, and audit log coverage. Readers can compare schema design, extensibility, and configuration patterns across tools like Power Automate, Microsoft Purview, Google Cloud Policy Intelligence, OPA, and Cerbos.
Power Automate
workflow automationCreates policy automation flows with Microsoft Dataverse connectors, supports RBAC via Microsoft Entra ID, and exposes a documented automation surface for approvals, ticketing, and governance workflows.
Custom connectors let teams define authentication and connector schemas for new systems.
Power Automate runs event-driven flows from triggers like Microsoft Graph events and service bus messages, then calls actions through a connector surface for SaaS and on-prem systems. The data model is centered on JSON payloads and connector-defined schemas, with run-time variables and managed connectors that map fields into the flow graph. For automation and API surface, it offers HTTP actions, custom connectors, and webhook-style patterns that let external systems initiate workflows or consume results. Integration depth is highest inside the Microsoft ecosystem through first-party connectors and Graph-related triggers.
A practical tradeoff is that throughput and latency depend on connector behavior and retry policies, so high-volume scenarios need careful throttling and idempotency design. Governance control relies on environment-level separation, RBAC for flow creation and management, and audit logging to track runs and configuration changes. The strongest usage situation is centralizing cross-app process automation where admins need consistent schema mapping, access controls, and operational visibility.
- +Deep Microsoft 365 and Graph-trigger integration
- +Consistent connector schemas with JSON data mapping
- +Custom connectors, HTTP actions, and webhooks for extensibility
- +Environment RBAC and run audit logs for operational governance
- –High-volume flows require throttling and idempotency planning
- –Complex approvals and data mapping can become hard to maintain
IT operations teams
Create ticket from monitored incidents
Faster incident intake
Finance operations teams
Automate invoice approvals and routing
Controlled approval paths
Show 2 more scenarios
Data platform teams
Trigger ETL jobs from events
Event-aligned data runs
Event triggers start HTTP calls for ETL orchestration and pass JSON payloads for schema-mapped parameters.
Security and compliance teams
Govern automation access and auditing
Traceable automation changes
Admins restrict flow authoring with RBAC and review audit logs for run and configuration changes.
Best for: Fits when enterprises need governed, connector-based workflow automation across Microsoft and SaaS apps.
More related reading
Microsoft Purview
governance and auditImplements governance workflows for sensitive data using policy definitions, role-based controls, audit logs, and automation hooks for data access reporting and policy enforcement.
Sensitivity labels tied to governance policies with RBAC governed access and audit log traceability.
Microsoft Purview fits organizations that need end to end policy coverage from data discovery signals to enforcement actions across services like Microsoft 365 and Azure. The data model ties together scans, classifications, sensitivity labels, and governance events so administrators can reason about lineage, access, and policy state. Admin controls include role based access control and audit log review for governance activities. Integration depth is strongest inside Microsoft 365 and Azure, with connector support for external sources that still maps into Purview governance artifacts.
A key tradeoff is that some enforcement and automation paths depend on service specific capabilities, so policy outcomes vary by workload and target system. Purview works well when policy rules must be consistent across multiple sources and when governance teams need auditable change history for classification, labeling, and access decisions. It is less efficient when the main requirement is a single application specific rule engine with minimal cross system governance work.
- +Unified data model connects classification, sensitivity labels, and governance events
- +RBAC and governance audit log support traceable policy changes
- +Integration coverage spans Microsoft 365, Azure services, and supported external connectors
- +Schema and scan outputs can drive consistent labeling and policy decisions
- –Policy enforcement depends on target service capabilities and workload mapping
- –Operational complexity rises with multi source scanning and governance workflows
Data governance teams
Standardize sensitivity labels across sources
Consistent classification and enforcement
Security operations teams
Review governance changes with audit logs
Faster evidence for audits
Show 2 more scenarios
Enterprise data platform teams
Apply schema driven policy automation
Reduced manual labeling effort
Purview ingestion and scanning results feed governance decisions aligned to the catalog data model.
IT administrators
Control access using RBAC
Tighter governance access control
Purview governance roles restrict who can view, configure, and administer policy artifacts.
Best for: Fits when governance teams need auditable policy automation across Microsoft and external data sources.
Google Cloud Policy Intelligence
cloud governanceProvides policy-centric governance capabilities across Google Cloud with policy validation, audit signals, and API-driven configuration controls for organizational policy management.
Organization policy impact analysis with structured mappings from constraints to effective resources.
Google Cloud Policy Intelligence integrates with Google Cloud resources and policy definitions so evaluations map to specific services, constraints, and effective configurations. The data model centers on policy statements, assessment results, and lineage from source policy to affected resources. Automation and API surface support provisioning of policy evaluation requests and pulling results for operational reporting and governance workflows. RBAC gates access to policy intel artifacts while audit log trails support internal review and troubleshooting.
A tradeoff is that policy intelligence depth is tied to Google Cloud asset coverage, so non-Google Cloud inventory requires parallel controls. Teams often use it during org-wide policy rollout to validate impact before enforcement changes and to monitor drift after deployment. It also fits organizations that need repeatable policy assessments with consistent configuration inputs across environments.
- +Structured policy data model maps constraints to affected GCP resources
- +Automation via API enables repeatable assessments and report ingestion
- +RBAC and audit logs support controlled governance review
- –Coverage is strongest for Google Cloud assets, external inventories need integration
- –Policy evaluation granularity depends on available organization policy signals
Cloud governance teams
Assess org policy change impact
Fewer rollout surprises
Security engineering teams
Monitor policy drift and exceptions
Faster drift remediation
Show 2 more scenarios
Platform engineering teams
Standardize policy checks across projects
Consistent enforcement intent
Provision consistent policy evaluation requests and centralize results for operational review.
Audit and compliance teams
Produce evidence from evaluations
Clearer compliance evidence
Generate governance outputs with audit-friendly traces tied to source policy and results.
Best for: Fits when teams need API-driven policy assessment and audit-ready governance across GCP.
OPA
policy as codeEnforces authorization and compliance decisions by evaluating policy-as-code with a programmatic API surface, downloadable bundles, and strong test harnesses for policy schema and input modeling.
Policy evaluation via OPA’s HTTP API that returns allow and structured decision results.
OPA from openpolicyagent.org uses a declarative policy language to evaluate requests against data and schemas. Integration centers on an HTTP API and policy decisions delivered from running policy engines.
OPA’s data model supports structured inputs and reusable rule sets for consistent access control and validation. Automation is driven through REST and dynamic configuration patterns, with extensibility for custom data and checks.
- +Declarative policy language with clear inputs and rule outputs
- +HTTP API supports decision automation in services and gateways
- +Reusable modules support consistent policy across teams
- +Extensible data and input wiring supports varied integration patterns
- +RBAC and attribute checks can be modeled from request and data
- –Policy debugging can require learning rule evaluation semantics
- –High throughput needs careful caching and deployment design
- –Admin governance depends on external workflows for change control
- –Complex policy sets may need disciplined module structure
Best for: Fits when organizations need auditable, API-driven policy decisions with strong schema control.
Cerbos
authorization policy engineCentralizes authorization policy evaluation with a policy data model, admin workflows, and an API-first decision service for RBAC-like controls and audit integration.
Policy decision API that emits structured deny reasons tied to evaluated policy rules.
Cerbos evaluates authorization requests against policy files and returns allow or deny with reason codes. Its core value comes from a declarative policy data model, role and group based access control, and first-class schema conventions for resources and actions.
The policy runtime exposes an API and automation hooks for policy provisioning, versioning, and policy updates across environments. Governance control centers on auditability of decisions and change management for policy sets.
- +Declarative policy files map directly to actions, resources, and RBAC roles
- +Policy evaluation API returns decisions plus structured reasons for debugging
- +Built-in provisioning workflow supports policy versioning across environments
- +Extensibility via custom checks and data shape controls improves fit for complex domains
- +Audit-friendly decision outputs help track authorization behavior over time
- –Policy data modeling needs careful schema planning to avoid brittle resource hierarchies
- –Large policy sets can require tuning for evaluation throughput and latency targets
- –Complex attribute-based rules may increase review overhead for policy authors
- –Operational workflows for high-frequency policy changes can add coordination effort
Best for: Fits when teams need policy-as-code authorization with automation and a clear API surface.
AuthZ
authorization policyUses model-driven authorization with a configurable policy schema, supports policy administration at runtime, and provides programmatic enforcements for throughput-oriented checks.
Casbin model plus matcher configuration with adapters for policy storage and runtime enforcement.
AuthZ builds authorization policies around Casbin’s policy engine and data model, using a schema that maps to RBAC, ABAC, and relationship-based patterns. Its integration depth comes from Casbin-compatible abstractions, letting apps call enforcement and policy management through a documented API surface and middleware patterns.
Policy automation and extensibility are driven by rule storage adapters and model configuration, which support provisioning, versioning workflows, and runtime updates. Governance relies on auditable policy changes via adapter and application-level logging hooks rather than a closed admin UI.
- +Casbin policy model supports RBAC, ABAC, and domain-role patterns
- +Adapter-driven policy storage enables provisioning from external systems
- +API supports runtime enforcement and policy updates without redeploy
- +Extensibility via model and matcher configuration enables custom semantics
- +Audit logging can be implemented around policy writes and enforcement
- –Admin and governance features require app-level UI or workflows
- –Complex models can increase configuration and testing workload
- –Throughput depends on adapter performance and matcher evaluation cost
- –Policy lifecycle management is not a full ticketing workflow
Best for: Fits when teams need policy enforcement and automation via API-backed storage adapters.
Kyverno
Kubernetes policyApplies Kubernetes admission and background policy enforcement with YAML-based rules, generates audit events, and offers CLI and API patterns for automation and CI integration.
Mutating policies with generate and background enforcement for admission-time and drift control.
Kyverno enforces Kubernetes policy using declarative rules that map directly to Kubernetes resources and admission flows. It supports mutation and validation, and it can also generate resources through policy-driven background processing and controllers.
Kyverno integrates deeply with Kubernetes APIs via its custom policy engine and supports extensibility through webhooks, custom resources, and external data fetch patterns. Automation covers both admission-time enforcement and ongoing reconciliation, giving a controllable data model around policy, subjects, and outcomes.
- +Admission-time validate and mutate policies reduce manual manifest review
- +Background processing enforces drift control across existing workloads
- +RBAC scoping binds policy execution to service accounts and namespaces
- +Audit-friendly reporting captures rule matches, denials, and mutations
- –Policy debugging can be slow when multiple rules overlap
- –Throughput can degrade under high rule counts and large clusters
- –External data patterns increase operational complexity and failure modes
- –Complex schemas can require careful handling of JSON paths
Best for: Fits when Kubernetes governance needs admission and reconciliation with a rule-based API surface.
Atlassian Confluence
policy documentationStores versioned policy documents with content permissions, integrates with Jira via REST, and supports automation for publishing and review cycles.
Confluence REST APIs with webhooks and Connect or Forge apps for extensible page and macro workflows.
Atlassian Confluence connects documentation, knowledge bases, and team spaces with deep Atlassian integration into Jira and Bitbucket. Its data model centers on content types, page trees, and permissions that map to RBAC-style access controls.
Automation and extensibility come through REST APIs, webhooks, and app frameworks that support external workflows and custom macros. Administration emphasizes governance through global permissions, audit visibility, and org-level controls for users, groups, and space access.
- +Tight Jira linking with issues, backlinks, and smart metadata rendering
- +Strong RBAC with space-level permissions and inheritance controls
- +REST API plus webhooks support external automation and indexing
- +App framework supports custom content macros and UI modules
- –Granular governance is harder when organizations span many spaces
- –Automation throughput depends on API quotas and asynchronous job behavior
- –Schema flexibility is limited to content and macro models
- –Cross-system consistency needs custom rules and disciplined conventions
Best for: Fits when teams need controlled knowledge management with Jira-linked pages and API-driven automation.
How to Choose the Right Policies Software
This buyer's guide covers Power Automate, Microsoft Purview, Google Cloud Policy Intelligence, OPA, Cerbos, AuthZ, Kyverno, and Atlassian Confluence for policy automation, policy enforcement, and policy document governance.
The guide focuses on integration depth, data model fit, automation and API surface, and admin and governance controls across Microsoft, Google Cloud, Kubernetes, authorization engines, and Atlassian knowledge workflows.
Each section connects evaluation criteria to the concrete capabilities listed for these tools, including RBAC enforcement paths, audit log traceability, and API-driven automation patterns.
Policy automation and enforcement systems that map rules to governed actions
Policies Software covers systems that define rules in a structured form and then enforce, evaluate, or automate actions when requests, data flows, or infrastructure resources match those rules. Power Automate executes policy automation flows with Microsoft Dataverse connectors and event-driven triggers, while OPA evaluates requests via an HTTP API that returns allow decisions and structured results.
Microsoft Purview connects policy definitions to sensitivity labels, RBAC governed access, and audit log visibility across ingestion and processing. Teams use these tools to control access, standardize compliance intent, and generate auditable governance events across Microsoft 365, Azure services, Google Cloud assets, Kubernetes workloads, or Jira-linked documentation.
Evaluation criteria mapped to integration, schema, automation, and governance controls
For policy tools, integration depth determines whether rules can be fed by real systems of record like Microsoft 365, Kubernetes APIs, or cloud policy inventories. Data model clarity determines whether the same classification, resource mapping, or RBAC structure can travel from policy definition to enforcement and audit.
Automation and API surface determine whether policy changes can be provisioned, validated, and tested in CI or orchestrated by workflow systems. Admin and governance controls determine whether RBAC scoping, environment separation, and audit log traceability exist for both policy authors and policy operators.
API-driven policy decisions with structured outputs
OPA returns allow decisions and structured decision results over an HTTP API so services can automate authorization and validation logic. Cerbos returns allow or deny with reason codes so policy debugging and governance reporting can use structured evidence rather than logs.
Provisioning workflows tied to policy lifecycle and versioning
Cerbos includes a built-in provisioning workflow that supports policy versioning across environments, which helps coordinate change management for authorization policy sets. Kyverno supports admission-time enforcement plus background processing for drift control, which extends the policy lifecycle beyond deploy-time decisions.
RBAC scoping and audit log traceability for governed changes
Power Automate supports RBAC via Microsoft Entra ID and exposes run audit logs to trace workflow governance actions. Microsoft Purview ties sensitivity labels to governance policies with RBAC governed access and audit log traceability across ingestion and processing.
Data model mapping from policy constraints to effective resources
Google Cloud Policy Intelligence uses a structured data model that maps constraints to affected Google Cloud resources so governance reports reflect real impact. Kyverno maps YAML rules to Kubernetes resources and admission flows so policy subjects and outcomes are grounded in Kubernetes APIs.
Extensibility surface for new systems and custom evaluation data
Power Automate uses custom connectors that define authentication and connector schemas so new enterprise systems can participate in governed flows. OPA supports extensibility through data and input wiring so custom schemas and checks can plug into evaluation inputs.
Throughput and change-control controls for high-frequency policy operations
OPA needs careful caching and deployment design when throughput is high, which affects how decisions scale under load. AuthZ relies on adapter-driven policy storage and matcher evaluation, so adapter performance and evaluation cost govern enforcement throughput.
Decision framework for selecting a policy tool by enforcement target and automation path
Start with the enforcement target and choose a tool whose data model matches that target. OPA and Cerbos focus on request or authorization decisioning, while Kyverno focuses on Kubernetes admission and background reconciliation, and Microsoft Purview focuses on sensitivity labeling and governance workflows.
Then validate that automation and governance controls cover policy change and policy operation. Power Automate provides environment RBAC and run audit logs for workflow governance, while Microsoft Purview provides audit log traceability for governance events and RBAC governed access.
Match the tool to the enforcement surface you must control
Choose OPA or Cerbos when authorization or access decisions must be returned as an API response with structured allow or deny evidence. Choose Kyverno when Kubernetes admission-time validation and mutation or ongoing drift control against existing workloads must be governed.
Confirm the data model can represent your policy objects and subjects
Use Google Cloud Policy Intelligence when governance intent must map organization policy constraints to effective Google Cloud resources for audit-ready impact analysis. Use Microsoft Purview when sensitivity labels and governance policies must be connected to RBAC access and audit log visibility across ingestion and processing.
Assess the automation and API surface for policy change and orchestration
Select Power Automate when policy workflows must run across Microsoft 365 and other enterprise systems through a consistent connector model with triggers and scheduled runs. Select OPA or Cerbos when policy evaluation must be called from services over an HTTP API and delivered as structured decision results.
Verify admin governance controls for operational traceability
Use Power Automate when environment separation, RBAC through Microsoft Entra ID, and run audit logs must cover operational governance of workflow execution. Use Microsoft Purview when audit log traceability must connect RBAC governed access and sensitivity label governed policy decisions.
Plan extensibility and maintainability for complex schemas and mappings
Choose Power Automate custom connectors when new authentication and connector schemas are required for governance workflows across SaaS apps. Choose OPA or AuthZ when authorization semantics must be modeled with reusable rule sets or model and matcher configuration, then tuned for caching and evaluation cost.
Which teams get the most value from policy automation and enforcement tools
Policies Software fits teams that need rules to become controlled actions with auditability. The best fit depends on whether governance is centered on data classification, authorization decisions, cloud constraint impact, or Kubernetes admission and drift control.
The segments below map to the stated best-for fit for each tool and the concrete mechanisms that each tool provides.
Microsoft-first enterprises orchestrating governed workflows across apps
Power Automate fits teams that need policy automation flows built from Microsoft Dataverse connectors, event-driven triggers, and Microsoft Entra ID RBAC. Environment RBAC plus run audit logs support governance for approvals, ticketing, and workflow changes.
Governance teams standardizing sensitivity labeling with auditable enforcement signals
Microsoft Purview fits when sensitivity labels tied to governance policies must be governed by RBAC and traceable through audit log visibility. The unified policy and data catalog data model connects classification and governance events across Microsoft 365, Azure services, and supported external connectors.
Cloud governance teams needing API-driven policy assessment on Google Cloud assets
Google Cloud Policy Intelligence fits teams that must run organization policy impact analysis with structured mappings from constraints to affected resources. API-driven configuration controls and audit-ready outputs support repeatable assessments across projects.
Application teams needing API calls that return authorization decisions and reason codes
OPA fits organizations that want auditable, API-driven policy decisions with strong schema control via an HTTP API that returns allow and structured results. Cerbos fits teams that need an authorization policy decision API that emits structured deny reasons tied to evaluated policy rules.
Platform teams enforcing Kubernetes resource correctness and drift control
Kyverno fits when admission-time validation and mutation must apply directly to Kubernetes resources through YAML rules. Background processing enables drift control by reconciling existing workloads with policy-driven outcomes.
Pitfalls that derail policy automation and enforcement programs across tools
Many policy projects fail due to mismatches between policy schema needs and the enforcement or governance surface the tool actually supports. Other failures come from operational governance gaps where policy changes cannot be traced or tested.
The pitfalls below are derived from recurring constraints across the reviewed tools and the concrete ways teams can avoid them.
Overbuilding policy mappings that are hard to maintain
Power Automate can become hard to maintain when complex approvals require heavy data mapping work and frequent revisions. Cerbos and Kyverno also require careful schema planning when policy data modeling or JSON path handling grows complex.
Ignoring throughput behavior for policy evaluation and workflow execution
OPA requires careful caching and deployment design when throughput is high to keep policy evaluation stable. AuthZ enforcement throughput depends on adapter performance and matcher evaluation cost, so slow adapters can degrade runtime enforcement.
Relying on policy enforcement targets that do not support the intended control
Microsoft Purview depends on target service capabilities for policy enforcement and workload mapping, so enforcement outcomes can be constrained by how workloads interpret sensitivity labels. Google Cloud Policy Intelligence coverage is strongest for Google Cloud assets, so external inventories require integration work to achieve consistent reporting.
Treating policy governance as documentation only
Atlassian Confluence provides versioned policy documents and RBAC permissions for content and spaces, but it does not evaluate authorization requests the way OPA or Cerbos does. Confluence REST APIs and webhooks support automation for publishing and review cycles, so enforcement must be implemented in the actual enforcement tools rather than document storage alone.
Skipping an explicit change-control and audit strategy
AuthZ governance leans on adapter and application-level logging around policy writes rather than a closed admin UI, so teams must implement audit and change workflows in their surrounding systems. Power Automate and Microsoft Purview provide run audit logs and governance audit log visibility, so those audit capabilities should be wired into operations from the start.
How We Selected and Ranked These Tools
We evaluated Power Automate, Microsoft Purview, Google Cloud Policy Intelligence, OPA, Cerbos, AuthZ, Kyverno, and Atlassian Confluence using editorial scoring across features, ease of use, and value, with features carrying the largest share of the overall rating. We then used the published overall and feature ratings to anchor comparisons, and we treated ease of use and value ratings as secondary ordering signals. This ordering reflects criteria-based scoring from the capability set described for each tool, not hands-on lab testing or private benchmark experiments.
Power Automate separated from lower-ranked tools through a concrete governance automation surface that combines Microsoft Dataverse connector integration, custom connector schemas, Microsoft Entra ID RBAC, and run audit logs, which lifted the features and supported strong value for governed workflow orchestration.
Frequently Asked Questions About Policies Software
Which tool fits policy automation across Microsoft 365 when integrations and authentication schemas matter?
How do OPA and Cerbos differ in how policy decisions are returned to applications?
What product supports API-driven policy enforcement using RBAC, ABAC, and relationship-based patterns via a configurable data model?
Which option is better for Kubernetes mutation and ongoing drift control rather than only admission-time validation?
What tool is designed around a unified data model for classification, sensitivity labeling, RBAC, and audit visibility?
Which platform supports policy-as-code authorization with resource and action schema conventions?
How does Google Cloud Policy Intelligence handle policy change awareness and audit-ready outputs across projects?
What option is used to automate governance workflows that include ingestion controls and exportable metadata for downstream policy operations?
Which tool is best for integrating policy-related documentation with Jira-linked access control and API-driven automation?
How should teams approach data migration when moving policy definitions into an API-enforced authorization model?
Conclusion
After evaluating 8 policy government matters, Power Automate stands out as our overall top pick — it scored highest across our combined criteria of features, ease of use, and value, which is why it sits at #1 in the rankings above.
Use the comparison table and detailed reviews above to validate the fit against your own requirements before committing to a tool.
Tools reviewed
Primary sources checked during evaluation.
Referenced in the comparison table and product reviews above.
Keep exploring
Comparing two specific tools?
Software Alternatives
See head-to-head software comparisons with feature breakdowns, pricing, and our recommendation for each use case.
Explore software alternatives→In this category
Policy Government Matters alternatives
See side-by-side comparisons of policy government matters tools and pick the right one for your stack.
Compare policy government matters tools→FOR SOFTWARE VENDORS
Not on this list? Let’s fix that.
Our best-of pages are how many teams discover and compare tools in this space. If you think your product belongs in this lineup, we’d like to hear from you—we’ll walk you through fit and what an editorial entry looks like.
Apply for a ListingWHAT THIS INCLUDES
Where buyers compare
Readers come to these pages to shortlist software—your product shows up in that moment, not in a random sidebar.
Editorial write-up
We describe your product in our own words and check the facts before anything goes live.
On-page brand presence
You appear in the roundup the same way as other tools we cover: name, positioning, and a clear next step for readers who want to learn more.
Kept up to date
We refresh lists on a regular rhythm so the category page stays useful as products and pricing change.
