This page documents all customer-facing changes to the DataGrail application made in April 2026. Additional entries will be added every week on Friday.

Week of April 27​

🚀 Features Added​

• Vera MCP write tools — Vera can now take action through external AI clients like Claude, Cursor, and Windsurf. Five new write tools let you add systems, create assessments, answer assessment questions, update assessments, and associate processing activities — all from your AI client. Write tools are off by default and require explicit admin enablement per user. A new MCP Logs page provides full visibility into every tool call.
• Bulk edit system profiles — you can now select multiple systems and edit processing activities, contacts, and assessment fields (legal basis, legal role, processing countries, data subjects, personal data categories) in a single operation.
• Assessment insights — AI-powered suggestions now surface potential risks and system data recommendations directly on assessments, helping you identify gaps faster.
• Local and session storage scanning — consent controls now extend beyond cookies to localStorage and sessionStorage. You can detect storage keys, review unmanaged storage activity alongside cookies, block storage reads and writes based on consent state, and apply Vera-suggested rules based on detected patterns.
• Global search by UUID and phone number — you can now search for tickets by pasting a UUID or typing a phone number in any format. Phone numbers are normalized automatically, so "(415) 555-1234", "+14155551234", and "4155551234" all find the same ticket.
• Readiness checks for custom direct contact integrations — you can now send automated readiness checks during request initialization to collect a response from an internal team before deciding how a request proceeds. Define a custom question, provide structured response options, and use the answer to drive conditional workflow logic.
• Delay execution workflow action — a new "Then delay execution" action node lets you insert a configurable pause (in hours) between workflow steps, giving upstream integrations time to finish processing before the next action runs.
• Assessments "Date Approved" column — the Assessments table now includes a sortable "Date Approved" column so you can see when each assessment was approved directly from the list view.

🛠 Changes Made​

• TSV download format options — when downloading request results as a TSV, you can now choose between rows (each record as a row) or columns (existing behavior), making large datasets easier to review and filter.
• Vera search history — removed the one-year lookback limit so Vera can search further back in your request and ticket history.
• Integration error banners — disconnected integration warnings now display as separate, clearer banners for transactional mailers and cloud storage, with improved error detection for sender issues.
• Released rm-agent:v1.0.5 - Fixed Valkey permissions in Docker container to enable deployments on Cloud Run and other container orchestration platforms with strict security contexts.

🐛 Bugs Squashed​

• Resolved an issue where Vera included closed and completed requests when answering questions about overdue privacy requests.
• Resolved an issue where deleted GTM tags still appeared in the consent banner tracking services shown to end users.
• Resolved an issue where DSR notification emails showed the wrong workflow state.
• Resolved an issue where policy names in the request modal dropdown didn't match the Policies page.
• Resolved an issue where the "Other" close reason was missing from the Bulk Close Requests modal.
• Resolved an issue where changing a consent tag's category didn't update in the UI.
• Resolved an issue where consent audit log CSV and TSV exports downloaded with the wrong file extension.
• Resolved an issue where a consent locale could not be re-enabled after being disabled.
• Resolved an issue where Privacy Request Center translation generation failed for certain locales.
• Resolved an issue where parent systems in the grouped inventory view showed the earliest child system's "date added" instead of the most recent.
• Resolved an issue where large cookie CSV exports timed out.
• Resolved an issue where data exports returned an error when integration data contained decimal numbers.

Week of April 20​

🚀 Features Added​

• Self-service SSO configuration — new customers can now configure their own SSO during onboarding. A secure link lets you choose your SSO provider (Google Workspace, Microsoft Entra ID, or custom SAML), enter your identity provider details, and activate SSO.
• Rokt integration — you can now connect Rokt in Request Manager to process deletions via API.
• Out-of-the-box consent layouts — new customers now start with three pre-configured consent layouts: GDPR (EU + UK), CPRA (California), and a Default fallback for all other locations. You can publish immediately and be compliant across the most common regulations from day one.

🛠 Changes Made​

• HubSpot integration upgrade — new HubSpot connections now default to v3 of the API. Existing v1 connections continue to work.
• "Mark as Verified" for request initialization — you can now mark a request as verified directly during the initialization phase without waiting for automated checks.
• Workflow automation deletion safeguard — you can no longer delete an unpublished workflow while requests are still actively running through it.
• Integrations table layout — the Integrations page now uses vertical space more efficiently, reducing excess whitespace.

🐛 Bugs Squashed​

• Resolved an issue where Pendo returned an error when a visitor was not found.
• Resolved an issue where the email template translations dropdown was missing for some customers.
• Resolved an issue where consent layouts returned an error when updating close behavior or creating new layouts with multi-layer link elements.
• Resolved an issue publishing consent cookie rules to live sites.
• Resolved an issue where adding contributors to assessments returned an error for certain assessment types.
• Resolved an issue where API key group assignment silently dropped the selected group on creation.
• Resolved an issue where consent publishing failed for customers with large Google Tag Manager containers due to API rate limits.
• Resolved an issue where Gladly deletion requests failed when a customer record had been merged.
• Resolved an issue where inbound call transcription incorrectly retried on authorization failures, eventually closing the request as spam.

Week of April 13​

🚀 Features Added​

• Configurable authorized agent verification — you can now choose whether data subjects must verify their identity when an authorized agent submits a request on their behalf. A new "agent only" option skips data subject verification when written authorization is sufficient.
• Customizable Opt-Out intake forms — you can now remove and restore the first name and last name fields on your Opt-Out intake form without affecting other privacy rights. Simplify your form when regulations don't require collecting a name for Do Not Sell requests.
• Vera inline chart visualizations — when you ask Vera questions about trends or distributions, she can now generate interactive charts — bar, line, pie, and scatter — displayed inline alongside her written response.
• Consent Subresource Integrity (SRI) — you can now enable Subresource Integrity for consent scripts, allowing browsers to verify that scripts haven't been tampered with before they run. Toggle SRI on in container settings, republish, and swap in the updated script tag.

🛠 Changes Made​

• Multiple user assignments in workflow automation — automation workflows now support multiple user assignment steps, so different stages of a request can be assigned to different team members.
• Safe workflow automation unpublishing — unpublishing a workflow no longer interrupts requests already in progress — they continue through the original workflow to completion.
• Risk register systems column — the Systems column now displays the system name directly for single-system risks and shows logos with hover labels for multi-system risks, making the register easier to scan.
• New Consent developer guides — two new guides for developers who need fine-grained control over how third-party content loads: Progressive Consent covers blocking embedded content behind a consent prompt, and Blocking Page Reloads documents three methods to prevent full-page refreshes when consent preferences change.

🐛 Bugs Squashed​

• Resolved an issue where editing a Merge! integration returned a 403 error.
• Resolved an issue where consent publishing failed for customers with large Google Tag Manager containers due to API rate limits.
• Resolved an issue where daily Okta user syncs timed out for customers with large tenants.
• Resolved an issue where deletion requests submitted via email or API incorrectly triggered verification emails.

Week of April 6​

🚀 Features Added​

• Email templates redesign — email templates have been rebuilt with a redesigned editing drawer, template duplication, language management with one-click translation regeneration, a review and publish flow with preview emails, and multiple template selection at send time.
• Ringside CRM integration — you can now connect Ringside CRM in Request Manager to retrieve personal data via API and process deletions via direct contact.

🛠 Changes Made​

• Customizable Additional Comments section — the Additional Comments section on intake forms is now fully optional. Remove it to eliminate noise from high-volume request queues, or re-add it anytime from the section drawer.
• RoPA CSV export by multibrand group — the RoPA CSV export now respects multibrand group permissions, so your export only includes processing activities and systems for the brand groups you have access to.

🐛 Bugs Squashed​

• Resolved an issue where consent publishing failed for customers with large Google Tag Manager containers (200+ tags) due to API rate limits.
• Resolved an issue where the Consent Mode settings page crashed for customers with incomplete category mappings.
• Resolved an issue where direct contact emails always included an SSO login link even when SSO was not required, blocking recipients without SSO from responding.
• Resolved an issue where users with the Live Data Map Admin role could not access the RoPA tab in Processing Activities.
• Resolved an issue blocking support access.

Week of March 30​

🚀 Features Added​

• Adobe Experience Platform Tags consent integration — you can now connect Adobe Experience Platform Tags (Adobe Launch) properties to manage consent and publish DataGrail.

🛠 Changes Made​

• Webhook data retrieval before deletion — webhook-connected integrations can now retrieve customer data before processing a deletion request.
• Group filter on Processing Activities — you can now filter the Processing Activities page by brand group.
• Multibrand Groups for Suggested Processing Activities — suggested processing activities are now scoped per brand group. A processing activity that exists for one brand no longer suppresses suggestions for another.
• Refactored the Request Manager Agent Terraform module for AWS ECS to support egress-only Agent versions.

🐛 Bugs Squashed​

• Resolved an issue where PDF generation failed when content contained emoji or special Unicode characters.
• Resolved an issue preventing the System Inventory table from scrolling past a certain point for some customers.
• Resolved an error in the System Inventory grouped view for non-admin users.

This page documents all customer-facing changes to the DataGrail application made in March 2026. Additional entries will be added every week on Friday.

Week of March 23​

🚀 Features Added​

• Initialization phase for Workflow Automation — a new automated workflow phase that runs immediately when a Privacy Request is submitted. Branch logic based on request source (API, Intake Form, Request Queue), verify identity, send confirmation emails, and extract identifiers — all before processing begins.
• Privacy Inspector 6.0 — a redesigned Chrome extension with new diagnostic tabs for cookies, integrations (Google Consent Mode, Shopify, WordPress, and more), and settings, plus the ability to set consent preferences and open banners directly from the extension.
• Discuss assessments with Vera — after approving a Risk Assessment, you can now ask Vera about the questions, answers, and source documents used during the assessment.
• Group filter on Agents page — users with multiple brand groups can now filter the Agents page by group, matching existing behavior on Systems and Data Classification.
• Multibrand Groups for Processing Activities — you can now assign brand groups when creating processing activities.
• Clear answer selections on Risk Assessments — easily clear radio, dropdown, multi-select, and date answers before an assessment is approved.

🛠 Changes Made​

• Vera chat UI refresh — wider response container, reduced visual density, and improved spacing for a more readable conversation experience.

🐛 Bugs Squashed​

• Resolved an issue preventing Risk Assessment PDF downloads from completing.
• Resolved an issue where email intake misclassified access requests as deletions due to keywords in email footers.
• Resolved an error in Consent audit log exports.
• Resolved an issue where deletion integrations could fire simultaneously instead of following the configured tier order.

Week of March 16​

🚀 Features Added​

• Consent banner preview by location — you can now preview exactly what banner a visitor would see based on geographic location, directly from within DataGrail. No more VPN testing or location spoofing to validate banners across jurisdictions.
• Cross-container sharing for custom tags and services — custom tags are now automatically available across all Consent containers by default, eliminating repetitive manual setup in multi-container environments.
• Added a Gem Integration with access and deletion capabilities on Privacy Requests.

🛠 Changes Made​

• Improved the preview banner UX in Consent layouts.
• Improved Vera top bar responsiveness across different screen sizes.
• Disconnected integration notifications are now scoped to the relevant brand group.
• Integration webhook callbacks now return 409 Conflict for duplicate requests instead of 400, providing clearer signals for retry logic.
• Request Manager agent polling is now ~280x faster (p95 latency from ~3 min to 658ms), meaning Privacy Requests get picked up and processed significantly faster.

🐛 Bugs Squashed​

• Resolved an issue preventing RoPA PDF downloads from completing.
• Resolved an issue causing duplicate elements in Consent layers.

Week of March 9​

🚀 Features Added​

• Wildcard search has been added for Privacy Requests, Systems, Integrations, and Cookies, allowing for more advanced queries within DataGrail using ^ and +.
• The language picker for Consent is now its own asset, allowing you to place it anywhere on your banner.
• Added a Drip Integration with access and deletion capabilities on Privacy Requests.
• Added an MCP tool for DataGrail's Knowledgebase, allowing you to search DataGrail’s knowledgebase documentation from your favorite AI tools.

🛠 Changes Made​

• Multiple improvements to the Vera UI.
• Consent container settings now auto save.
• The third-party disclosures list can now be sorted flexibly.

🐛 Bugs Squashed​

• Resolved an issue preventing some Privacy Requests from moving forward, despite all integrations completing.
• Resolved an issue preventing the Consent Audit Log from downloading for some larger datasets.
• Resolved sporadic 500 errors from Persona Integration on Privacy Requests.

Week of March 2​

🚀 Features Added​

• Released DataGrail's Model Context Protocol (MCP) Server, allowing you to interact with DataGrail through AI tools like Claude and ChatGPT.
• Added OIDC support for DataGrail login.

🛠 Changes Made​

• Refreshed the Risk Assessments UI for easier navigation and readability.
• The language picker on the Privacy Request Center now shows translated language names.

🐛 Bugs Squashed​

• Resolved an issue creating inconsistencies when sorting or using filters on the System Inventory.
• Resolved an issue causing some managed trackers to appear in the New Uncategorized Trackers email.
• Resolved a PDF encoding issue when exporting content from DataGrail.
• Resolved an issue creating some inconsistencies with the Risk Assessment Contributor status.
• Resolved an issue preventing the Risks table from being visible on System Profiles.

This page documents all customer-facing changes to the DataGrail application made in February 2026. Additional entries will be added every week on Friday.

Week of February 23​

🚀 Features Added​

• Policies can now be added directly through the DataGrail app, giving your team full control of policies within DataGrail.
• Released a Shopify System Detection Integration, allowing your team to automatically surface systems from connected Shopify instances.
• Vera now features a unified search bar that lets you search across the entire platform. Type a query and instantly see results from Requests, Opt-Outs, Integrations, Assessments, Data Map, Workflows, Policies, Agents, and Processing Activities.

🛠 Changes Made​

• Risk Register risks can now be deleted.
• Vera responses are now streamed, so you can see answers formed in real time.
• When test mode is enabled for Consent, events are logged so you can validate behavior and confirm events are firing as expected.
• Agents can now be deleted.

🐛 Bugs Squashed​

• Resolved an issue causing some downloaded PDFs to display a missing font error.
• Resolved an issue preventing detected risks from being sorted correctly in the table.
• Resolved an issue preventing categories from being autoselected on Access Categories requests.

Week of February 16​

🛠 Changes Made​

• Multiple Vera UI improvements to make interacting with the search bar easier.
• Children of Internal System Integrations now inherit the multibrand group of the parent.

🐛 Bugs Squashed​

• Resolved an issue blocking Appsflyer deletion for some customers.
• Resolved an issue causing Salesforce to show as disconnected for some customers, despite a successful connection.
• Resolved an issue causing some invalid direct contacts to show in the Expired Direct Contact Summary email.
• Resolved an issue causing Marketo to show as disconnected for some customers, despite a successful connection.

Week of February 9​

🚀 Features Added​

• Direct Contact Integration duration can now be adjusted per Request Policy, allowing for specific control of processor SLA by location.
• Privacy Request start time can now be configured by Request Policy, allowing you to "start the clock" either when the request is created or verified.

🐛 Bugs Squashed​

• Resolved an issue preventing some assessment PDFs from being downloaded.
• Resolved an issue preventing some Shopify Integration deletions from completing.
• Resolved an issue blocking some Privacy Requests from moving to the next workflow step after all integrations were complete.
• Resolved an issue installing the GitHub Integration.
• Resolved an issue requiring some Privacy Requests to enter the wizard step, despite having an automation setting to skip it.

Week of February 2​

🚀 Features Added​

• You can now detect systems through the new Cisco Umbrella Integration.
• You can now opt out data subjects through the Salesforce Integration.

🛠 Changes Made​

• Privacy Request voicemails can now be downloaded at any stage of the workflow.
• The Discovered Integrations page now includes a filter for detected risk level.
• Migrated the Shopify Integration to the GraphQL Admin API.

This page documents all customer-facing changes to the DataGrail application made in January 2026. Additional entries will be added every week on Friday.

Week of January 26​

🚀 Features Added​

• Added support for the following languages in Request Manager and Consent: Indonesian, Hindi, Arabic, Korean, Malay, Thai, and Chinese (Simplified & Traditional).
• Added anonymization support for the Oracle Opera Cloud Integration on deletion requests.
• The Tracking Details asset can now group entries by name or vendor, allowing for better organization when many tracking services are listed.
• Tracking services can now be exported from DataGrail as JSON to support programmatically generated cookie policies.

🛠 Changes Made​

• Multiple System Inventory performance optimizations, resulting in a 98% speed improvement.
• System Inventory items are now grouped by system to make larger inventories more manageable.
• Multi-Brand users will now only see integrations associated with their group/brand, except for the Super Admin role.
• New integration processing options in Workflow Automations
  • Skip all - Don't process any remaining integrations
  • Process all - Process every integration
  • Process by brand - Only process global integrations + integrations assigned to the request's brand/group

🐛 Bugs Squashed​

• Resolved formatting issues when filtering the integration list by a multi-brand group.
• Resolved an issue processing identifiers for some multi-brand groups.
• Resolved an issue preventing the specific location for Opt Out Requests from showing.

Week of January 19​

🚀 Features Added​

• Suggested Processing Activities can now be dismissed.
• Discovered Integrations can now be filtered by type.
• Terraform module to support deploying Request Manager Agents in AWS Elastic Container Service (ECS).

🛠 Changes Made​

• Improved error message UI on the login page.

🐛 Bugs Squashed​

• Resolved an issue causing some scanned cookie domains to show as obfuscated.
• Resolved an issue blocking some Amplitude Integration deletions when the provided User ID is an email address.
• Resolved an issue preventing some users from being identified with the Cordial Integration.

Week of January 12​

🚀 Features Added​

• Risks that are created within assessments are now available on a new Risks tab on the Assessment Overview page for an easy overview.
• Released Consent Plugins for WordPress and Shopify, allowing consent preferences to be sent to the platform from DataGrail automatically.

🐛 Bugs Squashed​

• Resolved an issue preventing some months from being included on the Consent Dashboard and Audit Logs.

Week of January 5​

🚀 Features Added​

• Enhanced wildcard rules have been added for Cookie Management, allowing you to better categorize consistent cookie patterns.
• Released Unmanaged Cookie Behavior controls for Consent, allowing you to treat unmanaged cookies as classified under a category, or even block and delete all unmanaged cookies.
• The complete Consent Audit Log is now available by month directly within the DataGrail app.

🛠 Changes Made​

• Readability improvements to the integration list.
• Added the ability to archive unmanaged cookies that are not relevant or adding noise to the list.
• Introduced batch deletion for the MailChimp Integration, offering better processing efficiency for high-volume customers.

🐛 Bugs Squashed​

• Resolved an issue causing the Inspectlet Integration to fail on some Privacy Requests.

This page documents all customer-facing changes to the DataGrail application made in December 2025. Additional entries will be added every week on Friday.

Week of December 15​

🚀 Features Added​

• Introduced the Browser Signal Notice Asset and new layout behavior to ensure CCPA compliance.
• Failed integrations on privacy requests can now be retried directly within the app.

🛠 Changes Made​

• Performance optimizations for the AirTable Integration to support better privacy request throughput.
• Added an option to enable whole-record deletion on the Braze Integration to better support high-volume processors.
• Activity Logs on privacy requests more precisely indicate when an integration is skipped vs. when no data is found.

🐛 Bugs Squashed​

• Resolved an issue preventing the consent audit log from being downloaded for some customers.
• Resolved an issue preventing category selections from saving when suggested cookie rules were added.
• Resolved an issue causing the PayPal Integration to fail on some privacy requests.
• Resolved an issue causing the consent publish status to show "In Progress", despite publishes completing successfully.

Week of December 8​

🚀 Features Added​

• Share the services and cookies that are running on your site using the new Tracking Details Asset on the Consent Banner.
• Quickly identify and configure integrations using the new Discovered Integrations page.
• Scan your Mixpanel instance with newly-released Responsible Data Discovery capabilities.

🛠 Changes Made​

• Redesigned the SSO login page for Google and Microsoft SSO users.
• Updated the Webflow Integration for Consent to support the new Webflow API.
• Direct Contact Integrations now use the user-defined integration name in emails to the processor.

Week of December 1​

🚀 Features Added​

• Added new state-specific policies for Rhode Island, Kentucky, and Indiana to ensure your team stays compliant.

🛠 Changes Made​

• Enhanced Live Data Map System metadata, so your team has better context on what systems do and how they process data.
• Improved deletion logic for the Airtable Integration to better support a high volume of privacy requests.
• Standardized all integration names to create better parity between Live Data Map Systems and Request Manager Integrations.

This page documents all customer-facing changes to the DataGrail application made in November 2025. Additional entries will be added every week on Friday.

Week of November 24​

🚀 Features Added​

• Control access to the DataGrail platform through Multibrand Group Permissions, which allows you to map your Okta users to the Multibrand groups within the DataGrail app.

🛠 Changes Made​

• Integration connection attempt errors are now surfaced on the Integration Errors page.
• Released Request Manager Agent v0.14.0 which improves transaction commit handling for deletion requests.

Week of November 17​

🚀 Features Added​

• Configure request policies directly with Self-Service Policy Management. Your team can enable and disable specific policies, edit available privacy rights and durations on policies, and update policy locations.
  • Optionally enable or disable automated policy updates from DataGrail in your Settings.
• Monitor API errors across all integrations via the Integration Errors dashboard, so you can identify trends and take action quickly.

🛠 Changes Made​

• Refreshed the settings page UI, allowing your team to better navigate DataGrail settings.
• Added an optional include_identifiers field to the V2 privacy_requests endpoint.
• Added API deletion to the TeamUp Integration.

Week of November 10​

🚀 Features Added​

• Updates to the Privacy Dashboard that help provide better data for your team:
  • New time filters
  • New Requests by Type chart
  • New Requests by Source chart
• Added a Local Session/Storage blocking plugin for Consent that can block local storage using the Cookie Rules table.
• Custom risk types can now be created in Risk Register.

🛠 Changes Made​

• The title style on the consent banner now publishes as an h2 for SEO, effective the next time you publish.
• Added date filters for Opt Outs Requests.

🐛 Bugs Squashed​

• Resolved an issue preventing requests from exiting "Extracting Identifiers" after identifiers were manually populated.
• Resolved an issue preventing the dashboard from loading when certain filters were applied.

Week of November 3​

🚀 Features Added​

• Risk Register is now connected to Risk Assessments, enabling you to:
  • Flag Risks from Assessments: You can now log a risk directly from an assessment question without disrupting your workflow. Risk Register will display the risk with a source link to the assessment.
  • Prioritize Assessments by Risk: Sort and filter the Assessments table by the number of associated risks.
• US Privacy Strings (whether a user has opted out of data sales) can now be retrieved through the following consent browser console command: window.DG_BANNER_API.getUSPrivacyString()
• New Inflection Integration for Request Manager with API access capabilities.
• Added a search bar to the Opt Out Requests page, allowing you to quickly find requests by email, first name, and last name.

🛠 Changes Made​

• Extracted identifiers are now included in the response to the privacy_requests endpoint on the V2 API.

🐛 Bugs Squashed​

• Resolved an issue preventing custom systems from being edited in System Inventories.
• Resolved an issue causing the publishing status to persist in the Consent UI, despite the process completing successfully.
• Resolved an issue causing the Dropbox and Arity Integrations to sporadically return a 409 error during data extraction or deletion.

This page documents all customer-facing changes to the DataGrail application made in October 2025. Additional entries will be added every week on Friday.

Week of October 27​

🛠 Changes Made​

• Improved performance of the Persona Integration on Privacy Requests.

🐛 Bugs Squashed​

• Resolved an issue preventing unverified Opt Out Requests from showing when filters were applied to the table.
• Resolved a timeout error preventing the NetSuite Integration from completing on some Privacy Requests.
• Resolved an issue causing the Entra ID Integration to disconnect for some customers.

Week of October 20​

🚀 Features Added​

• Released the Webhook Integration, which sends notifications of new Privacy Requests, allowing you to process requests in your own systems and report results back to DataGrail.

🛠 Changes Made​

• Daily integration health checks now test email deliverability for Transactional Mailer Integrations.
• Added support for U.S. Government tenants with the Entra ID Integration.
• Added the ability to define and automatically remove certain Hubspot Integration fields from Privacy Request results.

🐛 Bugs Squashed​

• Resolved an issue preventing some systems from being tagged with newly-added Processing Activities.

Week of October 13​

🚀 Features Added​

• Released the Oracle Opera Cloud Integration with access and deletion capabilities in Request Manager.

🛠 Changes Made​

• Improved backend processing of Opt Out Requests to allow requests to be processed more quickly.
• Privacy Requests created via phone are now automatically closed if the Data Subject does not leave a voicemail.
• Long data file strings now wrap in the TSV viewer in Request Manager.
• Released Request Manager Agent v0.10.2, which updates dependencies.
• Released Data Discovery Agent v0.9.1, which updates dependencies.

🐛 Bugs Squashed​

• Updated API endpoints utilized by the Typeform Integration.

Week of October 6​

🚀 Features Added​

• Access Request Results emails can now be resent to Data Subject from the Data Subject Request Details page.
• You can now suppress the final notification email for Privacy Requests from the Data Subject Request Details page or the V2 API.

🛠 Changes Made​

• All actions to close a Privacy Request have been rolled up under the new Close Request action, allowing you to indicate a specific "close reason" and email the Data Subject, if desired.
• Improved the System Detection model to increase breadth and quality of detected systems.
• Token Based Authentication for the Oracle Netsuite Integration is no longer supported. OAuth 2.0 authentication is now required.

🐛 Bugs Squashed​

• Resolved an issue preventing some cookies set on subdomains from being surfaced by the Cookie Scanner.

This page documents all customer-facing changes to the DataGrail application made in September 2025. Additional entries will be added every week on Friday.

Week of September 29​

🚀 Features Added​

• Retry failed integrations for any data subject request with the push of a button.
• Webhooks Integrations notify your internal systems when a privacy request is ready for processing.

🛠 Changes Made​

• Policies can now be searched and filtered.
• Privacy Policy Link now displayed for both Cookies and Tracking Services.
• Added policy to support the Maryland Online Data Privacy Act.
• Risks within Data Protection Impact Assessments (DPIA) now support adding optional comments.

🐛 Bugs Squashed​

• Improved error verbiage when attempting to remove an integration currently used in an automation.
• Resolved an issue preventing the Yotpo Integration from successfully reconnecting.

Week of September 22​

🚀 Features Added​

• Ensure requests reach the right systems with a data subject relationship field that can be customized and defined per privacy request policy in the Privacy Request Center, then used in Automations.
• Group Privacy Request Data Files by data category using a new datagrail_category field in your Internal Systems Integration.

🛠 Changes Made​

• Location is now included when exporting Opt Out Requests from within the app.
• Improved performance on the Cookie Management page.
• The group dropdown is no longer required on the Privacy Request Center if the group is passed through the URL.

Week of September 15​

🚀 Features Added​

• Added a Salesforce B2C Commerce Integration to support access requests against Salesforce Commerce Cloud orders.
• Released the Privacy To-Do List, which provides an actionable list of tasks to set up your DataGrail instance.

🛠 Changes Made​

• Updated the Aftership API version to 2025-07.

Week of September 8​

🚀 Features Added​

• Active Direct Contact emails can now be resent to the processor.
• Added support to manually verify Privacy Requests in the "Pending Verification" state.

🛠 Changes Made​

• Consent will no longer throw an error if the site contains an uncategorized data-consent-id on an inline script.

🐛 Bugs Squashed​

• Resolved an issue where some Marketo API calls were malformed.

Week of September 1​

🚀 Features Added​

• Updated the ServiceNow Integration to support customers without the customer_contact table. The sys_user table can now be queried on Privacy Requests.
• Released the Integration Files API Endpoint.
• Added support for custom Entity IDs for Microsoft Entra ID SSO.

🛠 Changes Made​

• The Marketo Integration has been updated to use the Authorization header.
• Opt-Out Requests no longer require the first and last name field.

🐛 Bugs Squashed​

• Resolved an issue preventing the Algolia Integration from extracting data in some cases.
• Fixed a UI issue on the API Keys page.

This page documents all customer-facing changes to the DataGrail application made in August 2025. Additional entries will be added every week on Friday.

Week of August 25​

🚀 Features Added​

• Released support to configure default consent categories by policy.
• Released support to configure Do Not Track (DNT) and Global Privacy Control (GPC) signal behavior by policy.
• Released support to honor an Opt Out Request from Request Manager in DataGrail Consent.

🛠 Changes Made​

• Updated the Jira integration to use a new search endpoint under the V3 API.
• Improved retry handling for failed Opt Out Request integrations.

🐛 Bugs Squashed​

• Resolved an issue preventing PayPal data extraction from completing in some cases.
• Resolved an issue preventing DataDog data extraction from completing in some cases.

Week of August 18​

🚀 Features Added​

• Released a Workday Recruiting Integration with access capabilities in Request Manager.
• Released an HR Cloud Recruiting Integration with access capabilities in Request Manager.

🛠 Changes Made​

• User names can now be edited from the DataGrail settings page.
• Improved the performance of the Data Subject Requests page.
• Added alerts for System Profile pages that have newly surfaced data categories from Responsible Data Discovery.
• Systems can now be added to the inventory without an associated Processing Activity.

🐛 Bugs Squashed​

• Resolved an issue preventing some direct contact integrations from being selectable in the "Pending Legal" state.
• Resolved an issue preventing the final notification email from sending on requests denied by a workflow automation.
• Resolved an issue preventing Dropbox from completing data extraction on some Privacy Requests.

Week of August 11​

🚀 Features Added​

• Released a Junction Integration with access and deletion capabilities in Request Manager.

🛠 Changes Made​

• Updated the Mixpanel Integration to use service account authentication.
• Improved the retry logic for failed integrations on Opt Out Requests.
• Released Request Manager Agent v0.10.0
  • Improved APIProxy Connector retry handling for requests when a response status code is not listed in the valid_response_codes or fail_retry_response_codes arrays.
• Released Data Discovery Agent v0.9.0
  • Introduces Bring Your Own Integration (BYOI) adapter which allows integrating data sources via a RESTful API service.
  • Smart Scans enabled which will only scan new tables or tables with new attributes (schemaless not supported).
  • Improved schema scanning by identifying tables by the fully qualified name, including database/catalog and/or schema.

🐛 Bugs Squashed​

• Resolved an issue preventing Privacy Requests from being created using email webhooks.
• Resolved an issue blocking new OAuth integration connections.
• Resolved issues in the Responsible Data Discovery Agent:
  • Fixes syntax error on scientific notation values upon sampling of Databricks datasets.
  • Handles EmptyDataFrame responses for Athena partition queries.
  • Scans only MySQL base tables to avoid scanning views, and others with no table_rows resulting in exceptions.
  • Properly escapes tables with names that are SQL keywords (e.g., group, order, delete) to avoid SQL exceptions.
  • Handles empty collections in MongoDB.

Week of August 4​

🚀 Features Added​

• The Marketo Integration now supports setting custom fields for Deletion and Opt Out Requests.
• Added an option to export individual Processing Activities as a PDF.
• Responses to custom Privacy Request Center questions can now be included on Direct Contact forms.

🐛 Bugs Squashed​

• Resolved an issue blocking Twilio data extraction for some phone numbers.

This page documents all customer-facing changes to the DataGrail application made in July 2025. Additional entries will be added every week on Friday.

Week of July 28​

🚀 Features Added​

• Released Intelligent Processing Activities, allowing DataGrail's AI Agent to automatically recommend relevant Processing Activities.
• Added a method to the V2 API to retrieve Opt Out Integrations.
• Added a toggle for Risk Assessment email notifications on the Settings Page.

🛠 Changes Made​

• Increased the expiration time of Risk Assessment contributor links from 24 hours to 7 days.
• Improved rate limit handling for the Facebook Marketing Integration.

🐛 Bugs Squashed​

• Resolved an issue causing some deleted systems to be surfaced again through System Detection.
• Resolved an issue where the Consent Management Admin role could not see the DataGrail Dashboard.

Week of July 21​

🚀 Features Added​

• Launched RoPA Management for Live Data Map.

🛠 Changes Made​

• Updated the Salesforce Integration API to version 62.0 and improved visualization of errors within DataGrail.
• Opt Out Requests that are not verified within 7 days now automatically move to Canceled.
• Improved retry logic for failed integrations on Opt Out Requests.

🐛 Bugs Squashed​

• Resolved an issue preventing additional links from being added to Consent Layouts.
• Resolved an issue preventing the domain filter from working on the Cookie Management page.
• Resolved an issue preventing the Entrata Integration from extracting data on Privacy Requests.

Week of July 14​

🚀 Features Added​

• Released support for custom tables with the ServiceNow Integration. If you would like to include custom ServiceNow tables in Privacy Requests, please reach out to support@datagrail.io.
• Custom Privacy Request Center question responses can now be utilized in Workflow Automations.

🛠 Changes Made​

• Refactored analytics for Consent on the Dashboard, allowing interaction metrics to be filterable by Consent Policy.
• Improved the load time of the Systems page.
• Updated the Segment Integration to handle the "partial success" deletion status.
• Updated the UI for the Privacy Request Details view on an Access Categories request to provide a clearer call to action.

🐛 Bugs Squashed​

• Resolved an issue preventing users provisioned via SCIM from logging in.
• Resolved an issue preventing new images from being added to Email Templates.

Week of July 7​

🚀 Features Added​

• Released the Kount Connect Integration with Access and Deletion capabilities in Request Manager.
• Released the Sift Integration with Access and Deletion capabilities in Request Manager.

🛠 Changes Made​

• The integration list on a Privacy Request is now grouped by Integration Status: integrations with errors are shown at the top, processing in the middle, and complete at the bottom.
• Improved integration error visualization for non-HTTP errors for integrations such as Marketo, SendGrid, and Slack.
• Integrations on deletion requests that do not find data in the "Extracting Personal Data" state will now show Complete: Nothing to Delete instead of Complete: Deletion skipped.
• Improved handling of international phone numbers for data subject verification.
• The "General" Processing Activity can now be removed from Systems.

🐛 Bugs Squashed​

• Resolved an issue preventing custom favicons from showing on the Privacy Request Center.