Usage Examples

The following examples demonstrate how you can interact with DataGrail through an MCP-connected AI client. Each example shows a natural-language prompt, the tool that gets invoked behind the scenes, and a representative sample of what the response looks like.

Prompt Flexibility

You do not need to use these exact prompts. Vera's tools are invoked by your AI client based on intent — you can phrase your questions naturally and the client will select the appropriate tool and parameters.

---

Search Privacy Requests

Find open deletion requests from the last 30 days.

Prompt:

Show me all open deletion requests from the last 30 days

Tool invoked: search_tickets

Parameters used: kind = "Deletion", status = "Active", start_date = 30 days ago

What happens: The AI client calls search_tickets with the appropriate filters. Vera searches your organization's privacy request tickets and returns matching results scoped to your permissions.

Sample response:

{
  "results": [
    {
      "uuid": "a1b2c3d4-5678-90ab-cdef-111111111111",
      "email": "jane.doe@example.com",
      "kind": "deletion",
      "workflow_state": "pending_legal",
      "due_date": "2026-04-10",
      "created_at": "2026-03-05T09:15:00Z",
      "via": "Intake Request Form",
      "submitted_by": "Data Subject"
    },
    {
      "uuid": "b2c3d4e5-6789-01bc-def0-222222222222",
      "email": "john.smith@example.com",
      "kind": "deletion",
      "workflow_state": "pending_datagrail",
      "due_date": "2026-04-15",
      "created_at": "2026-03-10T14:30:00Z",
      "via": "Email",
      "submitted_by": "Data Subject"
    }
  ],
  "count": 2,
  "total_matching": 2,
  "truncated": false
}

Your AI client will typically summarize this data in natural language, such as: "You have 2 open deletion requests. One from jane.doe@example.com is pending legal review and due April 10. The other from john.smith@example.com is queued for DataGrail processing and due April 15."

---

Check Integration Health

Identify integrations that are currently experiencing errors.

Prompt:

What integrations have errors right now?

Tool invoked: fetch_integration_errors

Parameters used: days = 30 (default)

What happens: The AI client calls fetch_integration_errors to retrieve recent integration errors grouped by integration and error type. This gives you a quick overview of connection health across your configured integrations.

Sample response:

{
  "error_groups": [
    {
      "integration": {
        "name": "salesforce-prod",
        "display_name": "Salesforce"
      },
      "error_type": "Authentication Error",
      "count": 12,
      "first_seen": "2026-02-20T08:00:00Z",
      "last_seen": "2026-03-01T11:45:00Z",
      "sample_errors": [
        {
          "timestamp": "2026-03-01T11:45:00Z",
          "status_code": 401,
          "error_message": "INVALID_SESSION_ID: Session expired or invalid",
          "ticket_uuid": "c3d4e5f6-7890-12cd-ef01-333333333333"
        }
      ]
    },
    {
      "integration": {
        "name": "zendesk-support",
        "display_name": "Zendesk"
      },
      "error_type": "Rate Limit Error",
      "count": 3,
      "first_seen": "2026-02-28T16:00:00Z",
      "last_seen": "2026-03-01T09:00:00Z",
      "sample_errors": [
        {
          "timestamp": "2026-03-01T09:00:00Z",
          "status_code": 429,
          "error_message": "Rate limit exceeded"
        }
      ]
    }
  ]
}

Your AI client might summarize this as: "Two integrations have errors. Salesforce has 12 authentication errors since February 20 — the credentials may need to be refreshed. Zendesk has 3 rate limit errors that appear to be transient."

---

Risk Overview

Get a summary of high-severity risks that need attention.

Prompt:

Give me a summary of high-severity risks

Tool invoked: search_risks

Parameters used: overall_risk = "high"

What happens: The AI client calls search_risks filtering for high-severity entries in your risk register. The response includes risk descriptions, mitigation status, owners, and due dates.

Sample response:

{
  "results": [
    {
      "id": 201,
      "description": "Third-party analytics vendor processes PII without a signed DPA",
      "overall_risk": "high",
      "impact": "high",
      "likelihood": "medium",
      "mitigation_status": "in_progress",
      "owner_email": "privacy-team@acme.com",
      "due_date": "2026-04-30",
      "risk_category": { "name": "Vendor Management" }
    },
    {
      "id": 202,
      "description": "Employee access to production database not governed by least-privilege policy",
      "overall_risk": "high",
      "impact": "very_high",
      "likelihood": "low",
      "mitigation_status": "not_started",
      "owner_email": "security@acme.com",
      "due_date": "2026-05-15",
      "risk_category": { "name": "Data Security" }
    }
  ],
  "count": 2,
  "total_matching": 2,
  "truncated": false
}

Your AI client might respond: "You have 2 high-severity risks. The vendor management risk regarding a missing DPA is in progress with a deadline of April 30. The data security risk about database access controls has not been started yet and is due May 15 — you may want to prioritize this one."

---

Consent Banner Status

Check whether your consent banners are published and up to date.

Prompt:

Is my consent banner published? When was it last updated?

Tool invoked: get_banner_status

Parameters used: include_categories = true, include_domains = true

What happens: The AI client calls get_banner_status to retrieve the configuration status of all your consent containers, including publish timestamps, draft status, and deployed domains.

Sample response:

{
  "containers": [
    {
      "id": 1,
      "name": "Main Website",
      "type": "standalone",
      "managed": true,
      "versions": {
        "has_draft": true,
        "has_published": true,
        "last_published_at": "2026-02-20T16:00:00Z",
        "draft_updated_at": "2026-03-01T10:30:00Z"
      },
      "categories": {
        "total_categories": 4,
        "categories": [
          { "primitive": "essential", "always_on": true },
          { "primitive": "performance", "always_on": false },
          { "primitive": "functional", "always_on": false },
          { "primitive": "marketing", "always_on": false }
        ]
      },
      "domains": [
        { "domain_name": "www.acme.com" },
        { "domain_name": "shop.acme.com" }
      ]
    }
  ],
  "summary": {
    "total_containers": 1,
    "managed_containers": 1
  }
}

Your AI client might respond: "Yes, your consent banner is published. It was last published on February 20, 2026 and is deployed on www.acme.com and shop.acme.com. There is also a draft version with changes from March 1 that has not been published yet. You have 4 consent categories configured: Essential (always on), Performance, Functional, and Marketing."

---

Overdue Assessments

Find risk assessments that are past their deadline.

Prompt:

Are there any overdue risk assessments?

Tool invoked: search_assessments

Parameters used: deadline_status = "past_due"

What happens: The AI client calls search_assessments with the past-due deadline filter to find assessments that have exceeded their due date.

Sample response:

{
  "results": [
    {
      "id": "assess-uuid-001",
      "name": "DPIA - New Marketing Platform",
      "status": "in_progress",
      "due_date": "2026-02-15",
      "assessment_template": { "name": "Data Protection Impact Assessment" },
      "assessment_contributors": [
        { "email": "marketing@acme.com", "status": "not_started" },
        { "email": "legal@acme.com", "status": "complete" }
      ]
    }
  ],
  "count": 1,
  "total_matching": 1,
  "truncated": false
}

Your AI client might respond: "You have 1 overdue assessment. The DPIA for the new marketing platform was due February 15 and is still in progress. The legal team has completed their contribution, but the marketing team has not yet started. You may want to follow up with marketing@acme.com."

---

Look Up Documentation

Find out how a DataGrail feature works without leaving your AI client.

Prompt:

How does Vera's cookie classification work?

Tool invoked: search_knowledgebase_docs

Parameters used: query = "how does Vera cookie classification work", limit = 5 (default)

What happens: The AI client calls search_knowledgebase_docs to retrieve the most relevant documentation excerpts using semantic search. The results are documentation chunks that the AI synthesizes into a direct answer.

Sample response:

{
  "results": [
    {
      "text": "Vera's cookie classification operates in two layers. The first uses DataGrail's house rule library to match common patterns using wildcarding (e.g., _ga* matches all Google Analytics cookies). When enabled, the second layer uses AI to analyze remaining unmanaged cookies and generate additional categorization suggestions...",
      "score": 0.94
    },
    {
      "text": "Each AI-generated suggestion pre-fills the category, vendor, description, domain, and retention period. You review suggestions in the Suggested Rules tab and can accept them individually or in bulk...",
      "score": 0.88
    }
  ]
}

Your AI client might respond: "Vera's cookie classification works in two layers. The first applies DataGrail's house rule library using wildcard patterns for well-known cookies. The second layer — when enabled — uses AI to analyze any remaining unmanaged cookies and generate suggested rules including category, vendor, and retention period. You review and approve all suggestions before they are applied."