Shield turns data subject requests (access, deletion, correction, opt-out) from an inbox scramble into a tracked workflow with automatic legal deadlines and an audit trail regulators can read.
14-day free trial. No credit card required.
The moment someone asks for their data, a response deadline starts: 30 days under GDPR, 45 under CCPA. Most teams track these requests in a shared inbox and hope nothing slips.
DSARs arrive by email, contact form, or word of mouth. Without a single intake point, requests sit unread while the deadline runs.
GDPR, PIPEDA, and Quebec Law 25 give you 30 days. CCPA, VCDPA, CPA, and CTDPA give you 45. Tracking which clock applies to which request is manual work that invites mistakes.
When a regulator asks how a request was handled, an email thread is not evidence. You need a timestamped record of every action, by whom, and when.
Build a form with your logo, colors, and custom fields, then publish it to a global CDN. It loads instantly, needs no login to submit, and stays up independently of anything else. Drop the link in your privacy policy or Do Not Sell page.
Every valid submission automatically becomes a tracked request. No manual triage. Shield detects the requester's jurisdiction from their country and state, sets the legal response deadline, emails the requester an acknowledgment with a reference number, and alerts your team.
Move each case through a clear workflow: New, Acknowledged, In Progress, Complete or Rejected. Review uploaded identity documents and mark them verified. Add internal notes. Shield warns you at 7 and 3 days before the deadline, and flags anything overdue.
Every action writes to an immutable audit trail: status changes, notes, emails, identity checks, document accesses. Export it as a CSV evidence packet whenever a regulator, auditor, or lawyer asks. Closed requests auto-purge after your retention window.
CDN-hosted public forms with your branding, custom fields (text, dropdowns, checkboxes, file uploads), and built-in bot protection. Run multiple forms for different brands, jurisdictions, or employee vs consumer requests.
Shield detects the applicable law from the requester's location: 30 days for GDPR, PIPEDA, and Quebec Law 25; 45 days for CCPA, VCDPA, CPA, and CTDPA. Unknown jurisdictions fall back to a default you set.
Requesters can upload a JPEG, PNG, or PDF ID (up to 10 MB). Files live in private storage, viewable only through 5-minute expiring links. An admin reviews and attests, and every verification or revocation is logged.
Acknowledgment on submission, completion notice on close, and rejection notices that carry your written reason. Your team gets new-request alerts, deadline warnings at 7 and 3 days, and an overdue flag.
Every action is recorded with actor and precise timestamp: submissions, status changes, notes, identity checks, document accesses, emails. One click exports a standards-compliant CSV, and even exports themselves are logged.
Closed requests are automatically purged after a retention window you control (90 days by default), including any identity documents. You keep proof of process without hoarding personal data.
Requesters check their own progress with a reference number and email address. No login, no support tickets, and the lookup is designed so outsiders cannot fish for other people's requests.
Shield will not let a request be rejected without a written reason. The reason is saved, audited, and sent to the requester verbatim, so every decision is defensible.
All plans billed annually. Monthly billing available at a higher rate. One-time setup fee applies.
14-day free trial on every plan. No credit card required. Questions about tier limits or bundles? .
Publish your intake form today and never chase a DSAR through your inbox again.