This page documents all customer-facing changes to the DataGrail application made in June 2026. Additional entries will be added every week on Friday.

Week of June 15​

🚀 Features Added​

• Assessment collaboration — two new permission-scoped roles control who can build and fill assessments: Creators build assessments and templates and manage the full lifecycle for assessments they own, while Contributors answer questions, upload documents, and request AI review on assessments they're a member of. You can also assign ownership of specific questions or sections to individual users, and read the full (view-only) comment history on approved assessments.
• Archive per-policy intake form customizations — admins can now revert a published per-policy Privacy Request Center form back to the default "All Policies" form with a single Archive action, directly in the customization editor. The live form immediately serves the All Policies content, new drafts pick up from the right starting point, and historical ticket answers still display the labels from when they were submitted.

🛠 Changes Made​

• Google Consent Mode Auditor — Consent Scanner has been renamed to Google Consent Mode Auditor. The navigation tab is now "GCM Auditor" and "scan" wording is now "audit" throughout.
• Brevo integration — the SendinBlue integration has been migrated to Brevo following the rebrand and API change. The existing direct-contact integration was also renamed to "Brevo Direct Contact."
• Consent scan errors — when a scan fails because a URL can't be resolved, the page now shows exactly which URL failed and why, and keeps your list open so you can fix and resubmit.
• Assessment context copy — the Assessment Context description now accurately explains that Vera uses your provided context and documents to suggest answers.

🐛 Bugs Squashed​

• Resolved an issue where large opt-out request exports could time out.
• Resolved an issue where privacy requests could silently get stuck in a pending state and never advance to completion.
• Resolved authentication failures in the Amplitude and Salesforce integrations that could cause access requests and processing to fail.
• Resolved an issue where first-time SAML/SSO logins in multibrand setups landed on a blank or forbidden page until a second login.
• Resolved an issue where the Create Assessment drawer lost system data after canceling and reopening, producing assessments with missing systems.
• Resolved several Consent issues on large accounts: cookies staying "Unmanaged" despite a matching rule, slow or incomplete cookie categorization, inaccurate counts in the bulk cookie-rule toast, and a consent banner that failed to render when its categories layer was missing.
• Resolved Consent Project scoping issues where records, publish errors, and policy categories could be saved to or surfaced from the wrong project.

Week of June 8​

🛠 Changes Made​

• Microsoft UET Consent Mode — new documentation walks you through configuring Consent Mode for the Microsoft Ad Platform.
• Arity — the Arity integration now supports Access (data disclosure) requests in addition to deletion.
• Consent Analytics — the analytics dashboard has a refreshed full-width layout with redesigned charts, clearer compliance tables, and CSV export.
• Accessibility — button keyboard-focus outlines now meet WCAG contrast requirements for clearer keyboard navigation.

🐛 Bugs Squashed​

• Resolved an issue where one invalid URL could fail an entire Consent scan batch; invalid URLs are now validated up front and automatically disabled after repeated failures.
• Resolved an issue where the bulk Process Requests action reset your view to "All Requests" instead of preserving your filters.
• Resolved an issue where integrations could not be deselected on deletion requests; the include/exclude list is now editable until deletion runs.
• Resolved an issue where re-adding a previously deleted Consent scan URL returned a "URL has already been taken" error.

Week of June 1​

🚀 Features Added​

• Assessments API — programmatically create assessments from templates, submit answers with validation, monitor progress, and download finished assessments as PDFs. Requires an API key with the new Assessment and AssessmentTemplate scopes.
• Assessment Change History — every edit, contributor action, document upload, AI suggestion, and status change is now automatically logged with a full audit trail. Filter by question, contributor, or activity type and export as CSV for audit documentation.
• Assessment approver assignment — restrict who can approve a Risk Monitor assessment by assigning a specific approver.
• Assessment @mention support in comments — tag contributors and admins directly in assessment comments to notify them of specific questions or discussions.
• Assessment # reference autocomplete — insert clickable cross-references to any question or section directly from within a comment.
• Assessment comment resolve/unresolve — close resolved comment threads to reduce noise; toggle a filter to view them again when needed.
• Assessment link support in comments — external links in assessment comments are now clickable, with a safety prompt before opening.
• Data Classification tab on System Profile — view Data Classification results scoped to a specific system directly from its profile page, with the same table, filters, and details drawer you already know from the main Data Classification page.
• Ironclad for Live Data Map — Ironclad is now available as a connectable integration for the Live Data Map.
• Self-service SAML/SSO domain management — add and remove email domains for SAML/SSO login directly from Settings > Additional Domains, without opening a support ticket. Supports bulk entry, real-time validation, and immediate effect.
• DG-hosted mailer custom domain setup — configure and validate custom email domains for DataGrail-hosted transactional mailers directly in settings, with step-by-step DNS configuration instructions.
• Vera Global Context — the Global Context editor is now available directly from the Vera home screen as its own dedicated tab.

🛠 Changes Made​

• Vera real-time agent steps — Vera now surfaces each tool she uses as a collapsible step in the conversation, showing what she searched, fetched, or analyzed and how long it took. Steps collapse by default so the answer stays front and center.
• Consent layouts — the layouts page is dramatically faster and more reliable, eliminating the failure mode that caused multi-minute load times under database pressure.
• Request Manager email search — searching for a data subject by email in the privacy request inbox is now over 100× faster.
• System Detection on new authentication — configuring a new System Detection-capable authentication now immediately triggers detection jobs, so systems appear in your inventory in under an hour instead of 24–48 hours.
• Bulk system edit marks assessments as reviewed — bulk-editing systems in the Live Data Map now automatically marks their linked assessments as reviewed.

🐛 Bugs Squashed​

• Resolved an issue where Consent Analytics CSV downloads were failing.
• Resolved an issue where the System Inventory page could time out under cold-cache conditions.
• Resolved an issue where dates in the Processing Activities table were displaying in an incorrect format.
• Resolved several UI issues in the Invite New User dialog.
• Resolved an issue where the Vera MCP Write Access toggle appeared to revert visually after being enabled.
• Resolved issues where cloned Consent Projects could have corrupted layer data or missing group assignments.
• Resolved an issue where the base taxonomy root node displayed "DataGrail Base Taxonomy" instead of the customer's account name.
• Resolved an issue where verification reminder emails were not sent for requests stuck in an initializing workflow state.
• Resolved an issue where direct contact requests remained stuck in a queued state after ticket closure.

This page documents all customer-facing changes to the DataGrail application made in May 2026. Additional entries will be added every week on Friday.

Week of May 26​

🚀 Features Added​

• Consent Projects — create and manage multiple, fully isolated consent configurations within a single account. Each project gets its own banner layouts, cookie rules, privacy policies, categories, and locales — and publishes independently, so changes to one brand never touch another.
• Consent Analytics (Beta) — a new Analytics tab provides real-time visibility into consent banner performance, including opt-in/opt-out rates, geographic breakdowns, consent trends over time, and per-category insights.
• Sender Alias self-service configuration — you can now configure your transactional mailer sender name and from address directly in integration settings, without opening a support ticket.
• Assessment collaboration suite — leave comments on assessment questions and sections with markdown formatting, edit your own comments, see comment counts per card, and assign questions or sections to specific team members or external contributors.
• Phone number search in Request Manager — search the request queue by phone number from the sidebar. Supports full numbers, formatted numbers, or partial matches like the last few digits.
• A/B testing integration guides and pattern library — 6 new guides (Optimizely, VWO, LaunchDarkly, AB Tasty, Convert, Kameleoon) with pre-built cookie and storage blocking templates you can apply to gate experimentation tools behind consent.
• Email Template Publisher diff view — review exact inline diffs of template changes (red for previous, green for updated) before publishing, so you can see precisely what will change.
• Monetate integration for Request Manager — connect Monetate to process access and deletion requests via the Data Privacy API.
• Phaedon Tally integration for Request Manager — connect Phaedon Tally to process access and deletion requests via the Tally Platform API.

🛠 Changes Made​

• Vera drawer coexistence — drawers now open alongside the Vera assistant instead of covering it, so you can reference Vera while working in any drawer.
• iOS Consent SDK 1.5.0 — includes fix for banner open event parameter handling.
• Android Consent SDK 1.5.0 — includes consent container version tracking, policy UUID support, and rich text banner rendering.

🐛 Bugs Squashed​

• Resolved an issue where "Block All" or "Allow All" could not be saved as the default cookie handling behavior.
• Resolved an issue where recategorized scripts could be incorrectly blocked after a "Reject All" action when categories changed between published versions.
• Resolved an issue where opt-out submissions via custom intake forms were not processed correctly.
• Resolved an issue where the "Cookies Matched" count always displayed 0 when viewing cookie rule details.
• Resolved an issue where the BambooHR integration was failing due to an API URL migration.
• Resolved an issue with consent configuration version handling during publishing.

Week of May 19​

🚀 Features Added​

• Stream integration for Request Manager — you can now connect Stream (getstream.io) to process access and deletion requests. The integration retrieves user profiles, chat messages, and moderation reports, and supports asynchronous deletion with completion polling.
• Bulk "Process Request" action — you can now select multiple pending requests in the Request Manager list view and process them all at once, eliminating the need to open each ticket individually.
• Consent banner preview mode — a new "Preview" button lets you see exactly how your unpublished banner changes will look and behave on any URL before publishing. Preview configs auto-expire and never affect your live banner.
• Change History tab for System Reports and Processing Activities — a dedicated Change History tab on System Data Report and Processing Activity drawers shows a chronological timeline of every versioned export, grouped by date with direct links to PDF snapshots.
• Readiness Checks for Webhook integrations — you can now configure Webhook integrations to send automated Readiness Check requests, receive structured responses via callback, and drive conditional workflow logic — all without manual coordination.
• Vera integration performance insights — you can now ask Vera about historical integration outcomes, including failure trends over time, per-phase breakdowns (e.g., access vs. deletion), direct-contact responder behavior, and rankings by failure rate.
• Cookie Store API enforcement in Consent — DataGrail Consent now intercepts the modern Cookie Store API on both the main page and inside Service Workers, blocking unconsented cookie writes through the newer browser API that bypasses traditional document.cookie enforcement.
• Consent banner accessibility improvements — category toggle checkboxes now include proper ARIA labels in every supported language, ensuring screen readers can announce what is being toggled. Automated WCAG 2.1 Level AA checks now run on every update to catch regressions in color contrast, keyboard navigation, and focus management.

🛠 Changes Made​

• Assessment version indicators — versioned assessments now display their version number (Version 2, Version 3, etc.) directly in the assessments table, overview page, and question view as clean dot-separated metadata.
• Inbound assessment creator attribution — inbound assessments now display the actual contributor's name instead of a generic "Inbound" chip, giving you better visibility into who submitted each assessment.
• Assessment Analysis UI improvements — the insights drawer now features simplified copy, improved checkbox styling, larger system logos, a "New Insights" chip on the assessments table, and a "View Insights" button on the overview status card. Terminology has been updated from "Insights" to "Analysis" throughout.
• Assessment file upload size guidance — the attachment upload area now displays "Maximum file size: 10MB" and shows a more actionable error message when a file exceeds the limit.
• System Profile responsive layout — the System Profile page now adapts gracefully to smaller viewports, with buttons that wrap cleanly, a two-column layout that stacks vertically, and a fluid sidebar that scales with screen width.
• GA4 deletion API migration — the Google Analytics 4 integration now uses Google's new Admin API for user deletion, replacing the deprecated endpoint.

🐛 Bugs Squashed​

• Resolved an issue where Salesforce token refresh could fail under concurrent requests due to a race condition.
• Resolved an issue where the deny request flow for phone-submitted tickets did not render the email input field, blocking operators from sending denial notifications.
• Resolved an issue where request modal inputs displayed incorrectly after the recent icon migration.
• Resolved an issue where attempting to add an integration with a name already in use showed a generic error instead of a specific message.

Week of May 12​

🚀 Features Added​

• Vera source citations — every answer Vera gives in web chat that draws on our knowledge base or privacy laws now includes a Sources section with direct links.
• Global search for all tenants — the top navigation bar with global search is no longer gated behind Vera. All tenants now get the search bar with Cmd+K / Ctrl+K shortcut and results popover, making it easy to find pages, systems, and requests without digging through the sidebar.
• Risk assessment IDs in global search — assessment identifiers like "RA-729" are now recognized by both global search and Vera. Type an ID to get instant access with key details including template, status, creation date, and contributors.
• Search history in global search — your recent searches are now saved and displayed in a merged History tab, making it easy to revisit previous queries across search and Vera.
• Assessment contributor names — contributors are no longer just email addresses. You can now add a first and last name when inviting contributors, and names display on contributor cards throughout the assessment workflow.
• AI auto-categorization for consent tags — when the scanner detects scripts on your site, the system now automatically categorizes them, identifies the vendor, writes a description, and links to the vendor's privacy policy. Auto-classified tags show an AI badge and live on the draft until you publish.
• Vera support tickets and feedback — you can now ask Vera to create support tickets, submit product feedback, or check the status of existing tickets directly in chat.

🛠 Changes Made​

• Assessments table redesign — the assessments table now matches the modern system inventory design with column customization, smart sizing, pinned columns with horizontal scroll, a three-dot action menu, and a new product type filter.

🐛 Bugs Squashed​

• Resolved an issue where the Last Updated filter on the Policies page returned a TypeError.
• Resolved an issue where cookie rules showed as uncategorized on published consent sites.
• Resolved an issue where "Mark as Reviewed" was not working on system reports.
• Resolved an issue where discovered integrations were accessible without the Request Manager product.

Week of May 5​

🚀 Features Added​

• IAB TCF support in Consent — you can now enable the IAB Europe Transparency & Consent Framework directly in DataGrail Consent. Align your consent experience with the industry-standard framework used across the ad-tech ecosystem, including standardized purposes, vendor disclosures, and consent signals — all without needing an external CMP.
• Rich text formatting in consent layouts — the layout builder now includes a built-in rich text editor for body text and category descriptions. Bold, italic, underline, hyperlinks, and bulleted or numbered lists are all supported and render consistently across web, iOS, and Android. Formatting is preserved through translations, and all content is sanitized on save for security. Target rich text elements with CSS selectors for additional customization.
• Sub-Processor legal role in Live Data Map — you can now designate systems as "Sub-Processor" in your data inventory, a legally distinct role from "Processor" under GDPR. This distinction is available across system profiles, assessment templates, and system data reports.
• Assessment insights on System Profile — AI-powered risk and data suggestions from assessments are now surfaced directly on the System Profile page. A banner shows pending suggestions across all assessments for that system, and you can accept or dismiss them without navigating into the assessment.
• System Data Report to RoPA auto-sync — changes saved on a System Data Report now automatically propagate to all linked Records of Processing Activities, keeping RoPA data in sync without manual updates.
• Vera search processing activities — you can now ask Vera about processing activities in the Live Data Map. Search by name, filter for stale or incomplete RoPAs, and view associated systems, contacts, and status.

🛠 Changes Made​

• Vera auto-pagination — Vera now automatically pages through large result sets when searching tickets, risks, inventory items, assessments, and other records, so you get complete answers without asking for more results.

🐛 Bugs Squashed​

• Resolved an issue where multi-paragraph rich text in consent banners collapsed into a single line after saving.
• Resolved an issue where inserting a link in the rich text editor placed it at the beginning of the text block instead of wrapping the selected text. You can now also click an existing link to edit it.
• Resolved an issue where assessment due date edits were blocked even when the date hadn't changed.
• Resolved an issue where assessments with no questions returned an error.
• Resolved an issue preventing unverified requests from being closed if they were submitted via the app.
• Resolved an issue where consent scan submissions failed for URLs that couldn't be resolved.

This page documents all customer-facing changes to the DataGrail application made in April 2026. Additional entries will be added every week on Friday.

Week of April 27​

🚀 Features Added​

• Vera MCP write tools — Vera can now take action through external AI clients like Claude, Cursor, and Windsurf. Five new write tools let you add systems, create assessments, answer assessment questions, update assessments, and associate processing activities — all from your AI client. Write tools are off by default and require explicit admin enablement per user. A new MCP Logs page provides full visibility into every tool call.
• Bulk edit system profiles — you can now select multiple systems and edit processing activities, contacts, and assessment fields (legal basis, legal role, processing countries, data subjects, personal data categories) in a single operation.
• Assessment insights — AI-powered suggestions now surface potential risks and system data recommendations directly on assessments, helping you identify gaps faster.
• Local and session storage scanning — consent controls now extend beyond cookies to localStorage and sessionStorage. You can detect storage keys, review unmanaged storage activity alongside cookies, block storage reads and writes based on consent state, and apply Vera-suggested rules based on detected patterns.
• Global search by UUID and phone number — you can now search for tickets by pasting a UUID or typing a phone number in any format. Phone numbers are normalized automatically, so "(415) 555-1234", "+14155551234", and "4155551234" all find the same ticket.
• Readiness checks for custom direct contact integrations — you can now send automated readiness checks during request initialization to collect a response from an internal team before deciding how a request proceeds. Define a custom question, provide structured response options, and use the answer to drive conditional workflow logic.
• Delay execution workflow action — a new "Then delay execution" action node lets you insert a configurable pause (in hours) between workflow steps, giving upstream integrations time to finish processing before the next action runs.
• Assessments "Date Approved" column — the Assessments table now includes a sortable "Date Approved" column so you can see when each assessment was approved directly from the list view.

🛠 Changes Made​

• TSV download format options — when downloading request results as a TSV, you can now choose between rows (each record as a row) or columns (existing behavior), making large datasets easier to review and filter.
• Vera search history — removed the one-year lookback limit so Vera can search further back in your request and ticket history.
• Integration error banners — disconnected integration warnings now display as separate, clearer banners for transactional mailers and cloud storage, with improved error detection for sender issues.
• Released rm-agent:v1.0.5 - Fixed Valkey permissions in Docker container to enable deployments on Cloud Run and other container orchestration platforms with strict security contexts.

🐛 Bugs Squashed​

• Resolved an issue where Vera included closed and completed requests when answering questions about overdue privacy requests.
• Resolved an issue where deleted GTM tags still appeared in the consent banner tracking services shown to end users.
• Resolved an issue where DSR notification emails showed the wrong workflow state.
• Resolved an issue where policy names in the request modal dropdown didn't match the Policies page.
• Resolved an issue where the "Other" close reason was missing from the Bulk Close Requests modal.
• Resolved an issue where changing a consent tag's category didn't update in the UI.
• Resolved an issue where consent audit log CSV and TSV exports downloaded with the wrong file extension.
• Resolved an issue where a consent locale could not be re-enabled after being disabled.
• Resolved an issue where Privacy Request Center translation generation failed for certain locales.
• Resolved an issue where parent systems in the grouped inventory view showed the earliest child system's "date added" instead of the most recent.
• Resolved an issue where large cookie CSV exports timed out.
• Resolved an issue where data exports returned an error when integration data contained decimal numbers.

Week of April 20​

🚀 Features Added​

• Self-service SSO configuration — new customers can now configure their own SSO during onboarding. A secure link lets you choose your SSO provider (Google Workspace, Microsoft Entra ID, or custom SAML), enter your identity provider details, and activate SSO.
• Rokt integration — you can now connect Rokt in Request Manager to process deletions via API.
• Out-of-the-box consent layouts — new customers now start with three pre-configured consent layouts: GDPR (EU + UK), CPRA (California), and a Default fallback for all other locations. You can publish immediately and be compliant across the most common regulations from day one.

🛠 Changes Made​

• HubSpot integration upgrade — new HubSpot connections now default to v3 of the API. Existing v1 connections continue to work.
• "Mark as Verified" for request initialization — you can now mark a request as verified directly during the initialization phase without waiting for automated checks.
• Workflow automation deletion safeguard — you can no longer delete an unpublished workflow while requests are still actively running through it.
• Integrations table layout — the Integrations page now uses vertical space more efficiently, reducing excess whitespace.

🐛 Bugs Squashed​

• Resolved an issue where Pendo returned an error when a visitor was not found.
• Resolved an issue where the email template translations dropdown was missing for some customers.
• Resolved an issue where consent layouts returned an error when updating close behavior or creating new layouts with multi-layer link elements.
• Resolved an issue publishing consent cookie rules to live sites.
• Resolved an issue where adding contributors to assessments returned an error for certain assessment types.
• Resolved an issue where API key group assignment silently dropped the selected group on creation.
• Resolved an issue where consent publishing failed for customers with large Google Tag Manager containers due to API rate limits.
• Resolved an issue where Gladly deletion requests failed when a customer record had been merged.
• Resolved an issue where inbound call transcription incorrectly retried on authorization failures, eventually closing the request as spam.

Week of April 13​

🚀 Features Added​

• Configurable authorized agent verification — you can now choose whether data subjects must verify their identity when an authorized agent submits a request on their behalf. A new "agent only" option skips data subject verification when written authorization is sufficient.
• Customizable Opt-Out intake forms — you can now remove and restore the first name and last name fields on your Opt-Out intake form without affecting other privacy rights. Simplify your form when regulations don't require collecting a name for Do Not Sell requests.
• Vera inline chart visualizations — when you ask Vera questions about trends or distributions, she can now generate interactive charts — bar, line, pie, and scatter — displayed inline alongside her written response.
• Consent Subresource Integrity (SRI) — you can now enable Subresource Integrity for consent scripts, allowing browsers to verify that scripts haven't been tampered with before they run. Toggle SRI on in container settings, republish, and swap in the updated script tag.

🛠 Changes Made​

• Multiple user assignments in workflow automation — automation workflows now support multiple user assignment steps, so different stages of a request can be assigned to different team members.
• Safe workflow automation unpublishing — unpublishing a workflow no longer interrupts requests already in progress — they continue through the original workflow to completion.
• Risk register systems column — the Systems column now displays the system name directly for single-system risks and shows logos with hover labels for multi-system risks, making the register easier to scan.
• New Consent developer guides — two new guides for developers who need fine-grained control over how third-party content loads: Progressive Consent covers blocking embedded content behind a consent prompt, and Blocking Page Reloads documents three methods to prevent full-page refreshes when consent preferences change.

🐛 Bugs Squashed​

• Resolved an issue where editing a Merge! integration returned a 403 error.
• Resolved an issue where consent publishing failed for customers with large Google Tag Manager containers due to API rate limits.
• Resolved an issue where daily Okta user syncs timed out for customers with large tenants.
• Resolved an issue where deletion requests submitted via email or API incorrectly triggered verification emails.

Week of April 6​

🚀 Features Added​

• Email templates redesign — email templates have been rebuilt with a redesigned editing drawer, template duplication, language management with one-click translation regeneration, a review and publish flow with preview emails, and multiple template selection at send time.
• Ringside CRM integration — you can now connect Ringside CRM in Request Manager to retrieve personal data via API and process deletions via direct contact.

🛠 Changes Made​

• Customizable Additional Comments section — the Additional Comments section on intake forms is now fully optional. Remove it to eliminate noise from high-volume request queues, or re-add it anytime from the section drawer.
• RoPA CSV export by multibrand group — the RoPA CSV export now respects multibrand group permissions, so your export only includes processing activities and systems for the brand groups you have access to.

🐛 Bugs Squashed​

• Resolved an issue where consent publishing failed for customers with large Google Tag Manager containers (200+ tags) due to API rate limits.
• Resolved an issue where the Consent Mode settings page crashed for customers with incomplete category mappings.
• Resolved an issue where direct contact emails always included an SSO login link even when SSO was not required, blocking recipients without SSO from responding.
• Resolved an issue where users with the Live Data Map Admin role could not access the RoPA tab in Processing Activities.
• Resolved an issue blocking support access.

Week of March 30​

🚀 Features Added​

• Adobe Experience Platform Tags consent integration — you can now connect Adobe Experience Platform Tags (Adobe Launch) properties to manage consent and publish DataGrail.

🛠 Changes Made​

• Webhook data retrieval before deletion — webhook-connected integrations can now retrieve customer data before processing a deletion request.
• Group filter on Processing Activities — you can now filter the Processing Activities page by brand group.
• Multibrand Groups for Suggested Processing Activities — suggested processing activities are now scoped per brand group. A processing activity that exists for one brand no longer suppresses suggestions for another.
• Refactored the Request Manager Agent Terraform module for AWS ECS to support egress-only Agent versions.

🐛 Bugs Squashed​

• Resolved an issue where PDF generation failed when content contained emoji or special Unicode characters.
• Resolved an issue preventing the System Inventory table from scrolling past a certain point for some customers.
• Resolved an error in the System Inventory grouped view for non-admin users.

This page documents all customer-facing changes to the DataGrail application made in March 2026. Additional entries will be added every week on Friday.

Week of March 23​

🚀 Features Added​

• Initialization phase for Workflow Automation — a new automated workflow phase that runs immediately when a Privacy Request is submitted. Branch logic based on request source (API, Intake Form, Request Queue), verify identity, send confirmation emails, and extract identifiers — all before processing begins.
• Privacy Inspector 6.0 — a redesigned Chrome extension with new diagnostic tabs for cookies, integrations (Google Consent Mode, Shopify, WordPress, and more), and settings, plus the ability to set consent preferences and open banners directly from the extension.
• Discuss assessments with Vera — after approving a Risk Assessment, you can now ask Vera about the questions, answers, and source documents used during the assessment.
• Group filter on Agents page — users with multiple brand groups can now filter the Agents page by group, matching existing behavior on Systems and Data Classification.
• Multibrand Groups for Processing Activities — you can now assign brand groups when creating processing activities.
• Clear answer selections on Risk Assessments — easily clear radio, dropdown, multi-select, and date answers before an assessment is approved.

🛠 Changes Made​

• Vera chat UI refresh — wider response container, reduced visual density, and improved spacing for a more readable conversation experience.

🐛 Bugs Squashed​

• Resolved an issue preventing Risk Assessment PDF downloads from completing.
• Resolved an issue where email intake misclassified access requests as deletions due to keywords in email footers.
• Resolved an error in Consent audit log exports.
• Resolved an issue where deletion integrations could fire simultaneously instead of following the configured tier order.

Week of March 16​

🚀 Features Added​

• Consent banner preview by location — you can now preview exactly what banner a visitor would see based on geographic location, directly from within DataGrail. No more VPN testing or location spoofing to validate banners across jurisdictions.
• Cross-container sharing for custom tags and services — custom tags are now automatically available across all Consent containers by default, eliminating repetitive manual setup in multi-container environments.
• Added a Gem Integration with access and deletion capabilities on Privacy Requests.

🛠 Changes Made​

• Improved the preview banner UX in Consent layouts.
• Improved Vera top bar responsiveness across different screen sizes.
• Disconnected integration notifications are now scoped to the relevant brand group.
• Integration webhook callbacks now return 409 Conflict for duplicate requests instead of 400, providing clearer signals for retry logic.
• Request Manager agent polling is now ~280x faster (p95 latency from ~3 min to 658ms), meaning Privacy Requests get picked up and processed significantly faster.

🐛 Bugs Squashed​

• Resolved an issue preventing RoPA PDF downloads from completing.
• Resolved an issue causing duplicate elements in Consent layers.

Week of March 9​

🚀 Features Added​

• Wildcard search has been added for Privacy Requests, Systems, Integrations, and Cookies, allowing for more advanced queries within DataGrail using ^ and +.
• The language picker for Consent is now its own asset, allowing you to place it anywhere on your banner.
• Added a Drip Integration with access and deletion capabilities on Privacy Requests.
• Added an MCP tool for DataGrail's Knowledgebase, allowing you to search DataGrail’s knowledgebase documentation from your favorite AI tools.

🛠 Changes Made​

• Multiple improvements to the Vera UI.
• Consent container settings now auto save.
• The third-party disclosures list can now be sorted flexibly.

🐛 Bugs Squashed​

• Resolved an issue preventing some Privacy Requests from moving forward, despite all integrations completing.
• Resolved an issue preventing the Consent Audit Log from downloading for some larger datasets.
• Resolved sporadic 500 errors from Persona Integration on Privacy Requests.

Week of March 2​

🚀 Features Added​

• Released DataGrail's Model Context Protocol (MCP) Server, allowing you to interact with DataGrail through AI tools like Claude and ChatGPT.
• Added OIDC support for DataGrail login.

🛠 Changes Made​

• Refreshed the Risk Assessments UI for easier navigation and readability.
• The language picker on the Privacy Request Center now shows translated language names.

🐛 Bugs Squashed​

• Resolved an issue creating inconsistencies when sorting or using filters on the System Inventory.
• Resolved an issue causing some managed trackers to appear in the New Uncategorized Trackers email.
• Resolved a PDF encoding issue when exporting content from DataGrail.
• Resolved an issue creating some inconsistencies with the Risk Assessment Contributor status.
• Resolved an issue preventing the Risks table from being visible on System Profiles.

This page documents all customer-facing changes to the DataGrail application made in February 2026. Additional entries will be added every week on Friday.

Week of February 23​

🚀 Features Added​

• Policies can now be added directly through the DataGrail app, giving your team full control of policies within DataGrail.
• Released a Shopify System Detection Integration, allowing your team to automatically surface systems from connected Shopify instances.
• Vera now features a unified search bar that lets you search across the entire platform. Type a query and instantly see results from Requests, Opt-Outs, Integrations, Assessments, Data Map, Workflows, Policies, Agents, and Processing Activities.

🛠 Changes Made​

• Risk Register risks can now be deleted.
• Vera responses are now streamed, so you can see answers formed in real time.
• When test mode is enabled for Consent, events are logged so you can validate behavior and confirm events are firing as expected.
• Agents can now be deleted.

🐛 Bugs Squashed​

• Resolved an issue causing some downloaded PDFs to display a missing font error.
• Resolved an issue preventing detected risks from being sorted correctly in the table.
• Resolved an issue preventing categories from being autoselected on Access Categories requests.

Week of February 16​

🛠 Changes Made​

• Multiple Vera UI improvements to make interacting with the search bar easier.
• Children of Internal System Integrations now inherit the multibrand group of the parent.

🐛 Bugs Squashed​

• Resolved an issue blocking Appsflyer deletion for some customers.
• Resolved an issue causing Salesforce to show as disconnected for some customers, despite a successful connection.
• Resolved an issue causing some invalid direct contacts to show in the Expired Direct Contact Summary email.
• Resolved an issue causing Marketo to show as disconnected for some customers, despite a successful connection.

Week of February 9​

🚀 Features Added​

• Direct Contact Integration duration can now be adjusted per Request Policy, allowing for specific control of processor SLA by location.
• Privacy Request start time can now be configured by Request Policy, allowing you to "start the clock" either when the request is created or verified.

🐛 Bugs Squashed​

• Resolved an issue preventing some assessment PDFs from being downloaded.
• Resolved an issue preventing some Shopify Integration deletions from completing.
• Resolved an issue blocking some Privacy Requests from moving to the next workflow step after all integrations were complete.
• Resolved an issue installing the GitHub Integration.
• Resolved an issue requiring some Privacy Requests to enter the wizard step, despite having an automation setting to skip it.

Week of February 2​

🚀 Features Added​

• You can now detect systems through the new Cisco Umbrella Integration.
• You can now opt out data subjects through the Salesforce Integration.

🛠 Changes Made​

• Privacy Request voicemails can now be downloaded at any stage of the workflow.
• The Discovered Integrations page now includes a filter for detected risk level.
• Migrated the Shopify Integration to the GraphQL Admin API.

This page documents all customer-facing changes to the DataGrail application made in January 2026. Additional entries will be added every week on Friday.

Week of January 26​

🚀 Features Added​

• Added support for the following languages in Request Manager and Consent: Indonesian, Hindi, Arabic, Korean, Malay, Thai, and Chinese (Simplified & Traditional).
• Added anonymization support for the Oracle Opera Cloud Integration on deletion requests.
• The Tracking Details asset can now group entries by name or vendor, allowing for better organization when many tracking services are listed.
• Tracking services can now be exported from DataGrail as JSON to support programmatically generated cookie policies.

🛠 Changes Made​

• Multiple System Inventory performance optimizations, resulting in a 98% speed improvement.
• System Inventory items are now grouped by system to make larger inventories more manageable.
• Multi-Brand users will now only see integrations associated with their group/brand, except for the Super Admin role.
• New integration processing options in Workflow Automations
  • Skip all - Don't process any remaining integrations
  • Process all - Process every integration
  • Process by brand - Only process global integrations + integrations assigned to the request's brand/group

🐛 Bugs Squashed​

• Resolved formatting issues when filtering the integration list by a multi-brand group.
• Resolved an issue processing identifiers for some multi-brand groups.
• Resolved an issue preventing the specific location for Opt Out Requests from showing.

Week of January 19​

🚀 Features Added​

• Suggested Processing Activities can now be dismissed.
• Discovered Integrations can now be filtered by type.
• Terraform module to support deploying Request Manager Agents in AWS Elastic Container Service (ECS).

🛠 Changes Made​

• Improved error message UI on the login page.

🐛 Bugs Squashed​

• Resolved an issue causing some scanned cookie domains to show as obfuscated.
• Resolved an issue blocking some Amplitude Integration deletions when the provided User ID is an email address.
• Resolved an issue preventing some users from being identified with the Cordial Integration.

Week of January 12​

🚀 Features Added​

• Risks that are created within assessments are now available on a new Risks tab on the Assessment Overview page for an easy overview.
• Released Consent Plugins for WordPress and Shopify, allowing consent preferences to be sent to the platform from DataGrail automatically.

🐛 Bugs Squashed​

• Resolved an issue preventing some months from being included on the Consent Dashboard and Audit Logs.

Week of January 5​

🚀 Features Added​

• Enhanced wildcard rules have been added for Cookie Management, allowing you to better categorize consistent cookie patterns.
• Released Unmanaged Cookie Behavior controls for Consent, allowing you to treat unmanaged cookies as classified under a category, or even block and delete all unmanaged cookies.
• The complete Consent Audit Log is now available by month directly within the DataGrail app.

🛠 Changes Made​

• Readability improvements to the integration list.
• Added the ability to archive unmanaged cookies that are not relevant or adding noise to the list.
• Introduced batch deletion for the MailChimp Integration, offering better processing efficiency for high-volume customers.

🐛 Bugs Squashed​

• Resolved an issue causing the Inspectlet Integration to fail on some Privacy Requests.

This page documents all customer-facing changes to the DataGrail application made in December 2025. Additional entries will be added every week on Friday.

Week of December 15​

🚀 Features Added​

• Introduced the Browser Signal Notice Asset and new layout behavior to ensure CCPA compliance.
• Failed integrations on privacy requests can now be retried directly within the app.

🛠 Changes Made​

• Performance optimizations for the AirTable Integration to support better privacy request throughput.
• Added an option to enable whole-record deletion on the Braze Integration to better support high-volume processors.
• Activity Logs on privacy requests more precisely indicate when an integration is skipped vs. when no data is found.

🐛 Bugs Squashed​

• Resolved an issue preventing the consent audit log from being downloaded for some customers.
• Resolved an issue preventing category selections from saving when suggested cookie rules were added.
• Resolved an issue causing the PayPal Integration to fail on some privacy requests.
• Resolved an issue causing the consent publish status to show "In Progress", despite publishes completing successfully.

Week of December 8​

🚀 Features Added​

• Share the services and cookies that are running on your site using the new Tracking Details Asset on the Consent Banner.
• Quickly identify and configure integrations using the new Discovered Integrations page.
• Scan your Mixpanel instance with newly-released Responsible Data Discovery capabilities.

🛠 Changes Made​

• Redesigned the SSO login page for Google and Microsoft SSO users.
• Updated the Webflow Integration for Consent to support the new Webflow API.
• Direct Contact Integrations now use the user-defined integration name in emails to the processor.

Week of December 1​

🚀 Features Added​

• Added new state-specific policies for Rhode Island, Kentucky, and Indiana to ensure your team stays compliant.

🛠 Changes Made​

• Enhanced Live Data Map System metadata, so your team has better context on what systems do and how they process data.
• Improved deletion logic for the Airtable Integration to better support a high volume of privacy requests.
• Standardized all integration names to create better parity between Live Data Map Systems and Request Manager Integrations.

This page documents all customer-facing changes to the DataGrail application made in November 2025. Additional entries will be added every week on Friday.

Week of November 24​

🚀 Features Added​

• Control access to the DataGrail platform through Multibrand Group Permissions, which allows you to map your Okta users to the Multibrand groups within the DataGrail app.

🛠 Changes Made​

• Integration connection attempt errors are now surfaced on the Integration Errors page.
• Released Request Manager Agent v0.14.0 which improves transaction commit handling for deletion requests.

Week of November 17​

🚀 Features Added​

• Configure request policies directly with Self-Service Policy Management. Your team can enable and disable specific policies, edit available privacy rights and durations on policies, and update policy locations.
  • Optionally enable or disable automated policy updates from DataGrail in your Settings.
• Monitor API errors across all integrations via the Integration Errors dashboard, so you can identify trends and take action quickly.

🛠 Changes Made​

• Refreshed the settings page UI, allowing your team to better navigate DataGrail settings.
• Added an optional include_identifiers field to the V2 privacy_requests endpoint.
• Added API deletion to the TeamUp Integration.

Week of November 10​

🚀 Features Added​

• Updates to the Privacy Dashboard that help provide better data for your team:
  • New time filters
  • New Requests by Type chart
  • New Requests by Source chart
• Added a Local Session/Storage blocking plugin for Consent that can block local storage using the Cookie Rules table.
• Custom risk types can now be created in Risk Register.

🛠 Changes Made​

• The title style on the consent banner now publishes as an h2 for SEO, effective the next time you publish.
• Added date filters for Opt Outs Requests.

🐛 Bugs Squashed​

• Resolved an issue preventing requests from exiting "Extracting Identifiers" after identifiers were manually populated.
• Resolved an issue preventing the dashboard from loading when certain filters were applied.

Week of November 3​

🚀 Features Added​

• Risk Register is now connected to Risk Assessments, enabling you to:
  • Flag Risks from Assessments: You can now log a risk directly from an assessment question without disrupting your workflow. Risk Register will display the risk with a source link to the assessment.
  • Prioritize Assessments by Risk: Sort and filter the Assessments table by the number of associated risks.
• US Privacy Strings (whether a user has opted out of data sales) can now be retrieved through the following consent browser console command: window.DG_BANNER_API.getUSPrivacyString()
• New Inflection Integration for Request Manager with API access capabilities.
• Added a search bar to the Opt Out Requests page, allowing you to quickly find requests by email, first name, and last name.

🛠 Changes Made​

• Extracted identifiers are now included in the response to the privacy_requests endpoint on the V2 API.

🐛 Bugs Squashed​

• Resolved an issue preventing custom systems from being edited in System Inventories.
• Resolved an issue causing the publishing status to persist in the Consent UI, despite the process completing successfully.
• Resolved an issue causing the Dropbox and Arity Integrations to sporadically return a 409 error during data extraction or deletion.

This page documents all customer-facing changes to the DataGrail application made in October 2025. Additional entries will be added every week on Friday.

Week of October 27​

🛠 Changes Made​

• Improved performance of the Persona Integration on Privacy Requests.

🐛 Bugs Squashed​

• Resolved an issue preventing unverified Opt Out Requests from showing when filters were applied to the table.
• Resolved a timeout error preventing the NetSuite Integration from completing on some Privacy Requests.
• Resolved an issue causing the Entra ID Integration to disconnect for some customers.

Week of October 20​

🚀 Features Added​

• Released the Webhook Integration, which sends notifications of new Privacy Requests, allowing you to process requests in your own systems and report results back to DataGrail.

🛠 Changes Made​

• Daily integration health checks now test email deliverability for Transactional Mailer Integrations.
• Added support for U.S. Government tenants with the Entra ID Integration.
• Added the ability to define and automatically remove certain Hubspot Integration fields from Privacy Request results.

🐛 Bugs Squashed​

• Resolved an issue preventing some systems from being tagged with newly-added Processing Activities.

Week of October 13​

🚀 Features Added​

• Released the Oracle Opera Cloud Integration with access and deletion capabilities in Request Manager.

🛠 Changes Made​

• Improved backend processing of Opt Out Requests to allow requests to be processed more quickly.
• Privacy Requests created via phone are now automatically closed if the Data Subject does not leave a voicemail.
• Long data file strings now wrap in the TSV viewer in Request Manager.
• Released Request Manager Agent v0.10.2, which updates dependencies.
• Released Data Discovery Agent v0.9.1, which updates dependencies.

🐛 Bugs Squashed​

• Updated API endpoints utilized by the Typeform Integration.

Week of October 6​

🚀 Features Added​

• Access Request Results emails can now be resent to Data Subject from the Data Subject Request Details page.
• You can now suppress the final notification email for Privacy Requests from the Data Subject Request Details page or the V2 API.

🛠 Changes Made​

• All actions to close a Privacy Request have been rolled up under the new Close Request action, allowing you to indicate a specific "close reason" and email the Data Subject, if desired.
• Improved the System Detection model to increase breadth and quality of detected systems.
• Token Based Authentication for the Oracle Netsuite Integration is no longer supported. OAuth 2.0 authentication is now required.

🐛 Bugs Squashed​

• Resolved an issue preventing some cookies set on subdomains from being surfaced by the Cookie Scanner.

This page documents all customer-facing changes to the DataGrail application made in September 2025. Additional entries will be added every week on Friday.

Week of September 29​

🚀 Features Added​

• Retry failed integrations for any data subject request with the push of a button.
• Webhooks Integrations notify your internal systems when a privacy request is ready for processing.

🛠 Changes Made​

• Policies can now be searched and filtered.
• Privacy Policy Link now displayed for both Cookies and Tracking Services.
• Added policy to support the Maryland Online Data Privacy Act.
• Risks within Data Protection Impact Assessments (DPIA) now support adding optional comments.

🐛 Bugs Squashed​

• Improved error verbiage when attempting to remove an integration currently used in an automation.
• Resolved an issue preventing the Yotpo Integration from successfully reconnecting.

Week of September 22​

🚀 Features Added​

• Ensure requests reach the right systems with a data subject relationship field that can be customized and defined per privacy request policy in the Privacy Request Center, then used in Automations.
• Group Privacy Request Data Files by data category using a new datagrail_category field in your Internal Systems Integration.

🛠 Changes Made​

• Location is now included when exporting Opt Out Requests from within the app.
• Improved performance on the Cookie Management page.
• The group dropdown is no longer required on the Privacy Request Center if the group is passed through the URL.

Week of September 15​

🚀 Features Added​

• Added a Salesforce B2C Commerce Integration to support access requests against Salesforce Commerce Cloud orders.
• Released the Privacy To-Do List, which provides an actionable list of tasks to set up your DataGrail instance.

🛠 Changes Made​

• Updated the Aftership API version to 2025-07.

Week of September 8​

🚀 Features Added​

• Active Direct Contact emails can now be resent to the processor.
• Added support to manually verify Privacy Requests in the "Pending Verification" state.

🛠 Changes Made​

• Consent will no longer throw an error if the site contains an uncategorized data-consent-id on an inline script.

🐛 Bugs Squashed​

• Resolved an issue where some Marketo API calls were malformed.

Week of September 1​

🚀 Features Added​

• Updated the ServiceNow Integration to support customers without the customer_contact table. The sys_user table can now be queried on Privacy Requests.
• Released the Integration Files API Endpoint.
• Added support for custom Entity IDs for Microsoft Entra ID SSO.

🛠 Changes Made​

• The Marketo Integration has been updated to use the Authorization header.
• Opt-Out Requests no longer require the first and last name field.

🐛 Bugs Squashed​

• Resolved an issue preventing the Algolia Integration from extracting data in some cases.
• Fixed a UI issue on the API Keys page.