Usage Examples
The following examples demonstrate how you can interact with DataGrail through an MCP-connected AI client. Each example shows a natural-language prompt, the tool that gets invoked behind the scenes, and a representative sample of what the response looks like.
You do not need to use these exact prompts. Vera's tools are invoked by your AI client based on intent — you can phrase your questions naturally and the client will select the appropriate tool and parameters.
Search Privacy Requests
Find open deletion requests from the last 30 days.
Prompt:
Show me all open deletion requests from the last 30 days
Tool invoked: search_tickets
Parameters used: kind = "Deletion", status = "Active", start_date = 30 days ago
What happens: The AI client calls search_tickets with the appropriate filters. Vera searches your organization's privacy request tickets and returns matching results scoped to your permissions.
Sample response:
{
"results": [
{
"uuid": "a1b2c3d4-5678-90ab-cdef-111111111111",
"email": "jane.doe@example.com",
"kind": "deletion",
"workflow_state": "pending_legal",
"due_date": "2026-04-10",
"created_at": "2026-03-05T09:15:00Z",
"via": "Intake Request Form",
"submitted_by": "Data Subject"
},
{
"uuid": "b2c3d4e5-6789-01bc-def0-222222222222",
"email": "john.smith@example.com",
"kind": "deletion",
"workflow_state": "pending_datagrail",
"due_date": "2026-04-15",
"created_at": "2026-03-10T14:30:00Z",
"via": "Email",
"submitted_by": "Data Subject"
}
],
"count": 2,
"total_matching": 2,
"truncated": false
}
Your AI client will typically summarize this data in natural language, such as: "You have 2 open deletion requests. One from jane.doe@example.com is pending legal review and due April 10. The other from john.smith@example.com is queued for DataGrail processing and due April 15."
Check Integration Health
Identify integrations that are currently experiencing errors.
Prompt:
What integrations have errors right now?
Tool invoked: fetch_integration_errors
Parameters used: days = 30 (default)
What happens: The AI client calls fetch_integration_errors to retrieve recent integration errors grouped by integration and error type. This gives you a quick overview of connection health across your configured integrations.
Sample response:
{
"error_groups": [
{
"integration": {
"name": "salesforce-prod",
"display_name": "Salesforce"
},
"error_type": "Authentication Error",
"count": 12,
"first_seen": "2026-02-20T08:00:00Z",
"last_seen": "2026-03-01T11:45:00Z",
"sample_errors": [
{
"timestamp": "2026-03-01T11:45:00Z",
"status_code": 401,
"error_message": "INVALID_SESSION_ID: Session expired or invalid",
"ticket_uuid": "c3d4e5f6-7890-12cd-ef01-333333333333"
}
]
},
{
"integration": {
"name": "zendesk-support",
"display_name": "Zendesk"
},
"error_type": "Rate Limit Error",
"count": 3,
"first_seen": "2026-02-28T16:00:00Z",
"last_seen": "2026-03-01T09:00:00Z",
"sample_errors": [
{
"timestamp": "2026-03-01T09:00:00Z",
"status_code": 429,
"error_message": "Rate limit exceeded"
}
]
}
]
}
Your AI client might summarize this as: "Two integrations have errors. Salesforce has 12 authentication errors since February 20 — the credentials may need to be refreshed. Zendesk has 3 rate limit errors that appear to be transient."
Risk Overview
Get a summary of high-severity risks that need attention.
Prompt:
Give me a summary of high-severity risks
Tool invoked: search_risks
Parameters used: overall_risk = "high"
What happens: The AI client calls search_risks filtering for high-severity entries in your risk register. The response includes risk descriptions, mitigation status, owners, and due dates.
Sample response:
{
"results": [
{
"id": 201,
"description": "Third-party analytics vendor processes PII without a signed DPA",
"overall_risk": "high",
"impact": "high",
"likelihood": "medium",
"mitigation_status": "in_progress",
"owner_email": "privacy-team@acme.com",
"due_date": "2026-04-30",
"risk_category": { "name": "Vendor Management" }
},
{
"id": 202,
"description": "Employee access to production database not governed by least-privilege policy",
"overall_risk": "high",
"impact": "very_high",
"likelihood": "low",
"mitigation_status": "not_started",
"owner_email": "security@acme.com",
"due_date": "2026-05-15",
"risk_category": { "name": "Data Security" }
}
],
"count": 2,
"total_matching": 2,
"truncated": false
}
Your AI client might respond: "You have 2 high-severity risks. The vendor management risk regarding a missing DPA is in progress with a deadline of April 30. The data security risk about database access controls has not been started yet and is due May 15 — you may want to prioritize this one."
Consent Banner Status
Check whether your consent banners are published and up to date.
Prompt:
Is my consent banner published? When was it last updated?
Tool invoked: get_banner_status
Parameters used: include_categories = true, include_domains = true
What happens: The AI client calls get_banner_status to retrieve the configuration status of all your consent containers, including publish timestamps, draft status, and deployed domains.
Sample response:
{
"containers": [
{
"id": 1,
"name": "Main Website",
"type": "standalone",
"managed": true,
"versions": {
"has_draft": true,
"has_published": true,
"last_published_at": "2026-02-20T16:00:00Z",
"draft_updated_at": "2026-03-01T10:30:00Z"
},
"categories": {
"total_categories": 4,
"categories": [
{ "primitive": "essential", "always_on": true },
{ "primitive": "performance", "always_on": false },
{ "primitive": "functional", "always_on": false },
{ "primitive": "marketing", "always_on": false }
]
},
"domains": [
{ "domain_name": "www.acme.com" },
{ "domain_name": "shop.acme.com" }
]
}
],
"summary": {
"total_containers": 1,
"managed_containers": 1
}
}
Your AI client might respond: "Yes, your consent banner is published. It was last published on February 20, 2026 and is deployed on www.acme.com and shop.acme.com. There is also a draft version with changes from March 1 that has not been published yet. You have 4 consent categories configured: Essential (always on), Performance, Functional, and Marketing."
Overdue Assessments
Find risk assessments that are past their deadline.
Prompt:
Are there any overdue risk assessments?
Tool invoked: search_assessments
Parameters used: deadline_status = "past_due"
What happens: The AI client calls search_assessments with the past-due deadline filter to find assessments that have exceeded their due date.
Sample response:
{
"results": [
{
"id": "assess-uuid-001",
"name": "DPIA - New Marketing Platform",
"status": "in_progress",
"due_date": "2026-02-15",
"assessment_template": { "name": "Data Protection Impact Assessment" },
"assessment_contributors": [
{ "email": "marketing@acme.com", "status": "not_started" },
{ "email": "legal@acme.com", "status": "complete" }
]
}
],
"count": 1,
"total_matching": 1,
"truncated": false
}
Your AI client might respond: "You have 1 overdue assessment. The DPIA for the new marketing platform was due February 15 and is still in progress. The legal team has completed their contribution, but the marketing team has not yet started. You may want to follow up with marketing@acme.com."
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.