Subject Access Request Management
From receipt to closure — track every SAR with deadline precision and a full audit trail.
How it works
From first contact to closed record
Receive & log the request
Log the SAR with the data subject's contact details and identifier. The deadline clock starts automatically from the date received (or date ID was verified, if later).
Track, verify & gather
Manage status through the full lifecycle: pending → in progress → awaiting ID → awaiting info → under review → ready to send. Track third-party contacts and scope items.
Respond & close
Issue the response and close the request with a documented reason. Withdrawals and DPC-initiated closures are tracked separately for audit purposes.
What you get
Built for the full SAR lifecycle
ICO-compliant deadline engine
Calculates the 30-day (or 3-month for complex requests) deadline per UK GDPR / EU GDPR / JDPA. Clock starts from receipt or ID verification.
Identity verification workflow
Structured ID check with audit timestamps. Optionally required before the response deadline clock starts.
Scope management
Define exactly what data is in scope for each SAR. AI-suggested scope items with confidence scoring and human review.
Full audit trail
Every status change, contact, and decision logged with user ID and timestamp. Exportable as PDF with cover letter.
Be first to use the DSAR Module
The DSAR Module is coming Q3 2026 for Pro+ plans. Join the beta to get early access and shape the product.