Email Intake
When your company receives an email at a specified address (e.g., privacy@company.com), forwarding rules can be set up to automatically forward that email to DataGrail, where the message and sender information will be parsed and converted into a Privacy Request.
When an email is received, DataGrail will extract all email addresses found within the message — including those in the from and reply-to headers, as well as any addresses identified in the subject line or body text.
All discovered addresses are then de-duplicated and filtered to remove any that match the customer’s domain or DataGrail’s own domain. From the remaining results, the system selects the first valid email address and uses it as the Data Subject’s identifier for request creation.
The email’s subject and body are then scanned for specific deletion-related keyword such as delete, remove, erase, forget, or forgotten.
-
If one or more of these keywords are found, the request is classified as a Deletion request.
-
If none are found, the system defaults to an Access request.
This email-based intake method currently supports only Access and Deletion privacy request types.
Examples
Scenario 1: Single Data Subject Email
From: user123@gmail.com
Subject: Please delete my data
Body: Hi, I’d like my personal data removed from your systems.
✅ The system extracts user123@gmail.com → matches deletion keywords → creates a Deletion request.
Scenario 2: Multiple Emails in Message
From: request@thirdparty.com
Body: Please delete data for john.doe@example.com and jane.doe@example.com.
✅ The system extracts all addresses, filters out customer or DataGrail domains, and takes the first valid email (john.doe@example.com) as the Data Subject.
⚠️ Only one request is created, even if multiple data subject emails are present in the message.
Scenario 3: No Deletion Keywords Found
From: user456@yahoo.com
Subject: Requesting a copy of my data
Body: Hi, I’d like to review all personal information your company has about me.
✅ The system extracts user456@yahoo.com → no deletion-related keywords detected → creates an Access request.
The customer-configured forwarding configuration determines how these email headers are preserved, and whether DataGrail can make any inferences about the request.
Verification
By submitting a Privacy Request via email, the Data Subject is proving their ownership of that address, so it is automatically treated as verified within DataGrail and will open in Pending Wizard.
However, a verification email can still be sent by selecting the Verify email option in Step 6 of the Request Wizard. This will allow you to preview and send a verification email to the data subject.
If you choose this option, the request will move to Pending Verification and then to Active: Extracting Personal Data once verified by the data subject.
Configuring Email Forwarding
For DataGrail to automatically parse email requests, you’ll need to forward emails to (hereafter referred to as the intake address):
<subdomain>@emailapi.datagrail.io
In the intake address, <subdomain> represents the subdomain of your DataGrail URL. If you log in at acme.datagrail.io, then you’d forward emails to acme@emailapi.datagrail.io
Forwarded emails must be authenticated with SPF to be accepted by DataGrail.
Example Configurations
Email forwarding configuration for common mail providers is documented below.
Google Workspace (Gmail)
A Google Workspace administrator can set up an email group that can be identified by an email address (such as privacy@company.com), and can include the intake address as a member of the group. With an email group, when the privacy@company.com group receives an email, it redirects the message to all members. For instructions on how to set up email intake with an email group, see: Forward Setup - Google Groups.
Note: For email redirection with Google Groups to work, you will need to ensure that you have the following settings set for the group: allow external members checked and who can post set to anyone on the web.
You can also forward your emails directly to the intake address using the following instructions: Forward your emails.
Office 365 (Outlook)
Outlook has a convenient mechanism to preserve email headers by using email redirecting versus forwarding. If you need to, consult your email administrator to confirm which version of Outlook you’re using.
- Outlook Web App - see Redirect all messages to another account
- Outlook on the web
You can also create a distribution group, and include the intake address.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.