What it does
GDPR Data Subject Request Handler helps legal and operations teams process GDPR Data Subject Access Requests (access, deletion, portability) within the 30-day Article 12(3) deadline. It parses incoming DSAR emails, queries Postgres and HubSpot for subject data, builds a per-system data inventory, determines deletion scope with legal-hold awareness, and generates GDPR-compliant response drafts referencing the relevant articles. Deletion requests always require human approval before execution — a non-negotiable guardrail. All operations are logged for audit. Works offline with mock fixtures for evaluation; connects to live Postgres, HubSpot, and SMTP credentials for production use.
Example prompts
- Run the full DSAR pipeline for this request email
- Parse this DSAR email and tell me the request type and requester
- Query all systems for data belonging to this email address
- Determine the deletion scope for this data subject
Tools (8)
Tools the agent exposes — your AI client calls them automatically when it needs them.
- run_full — Run the GDPR DSAR agent end-to-end: parse the request email, query all systems, analyze findings, synthesize an LLM narrative, return the full DsarResult.
- parse_dsar_email — Parse a DSAR email to extract the request type (access/deletion/portability) and requester identity.
- query_data_inventory — Query all connected systems (Postgres, HubSpot, Stripe) for data belonging to the given email address.
- generate_response_draft — Generate a GDPR-compliant response email draft for a processed DSAR, including legal references.
- get_deletion_scope — Determine exactly which systems can and cannot have data deleted for a given subject. Always requires human approval.
- list_capabilities — List the agent's tools, credential slots, and guardrails.
- plan_inputs — Plan/brainstorm the inputs for a tool: returns questions, schema and a ready-to-edit example.
- discover_intent — Understand your goal and co-design the exact input via clarifying questions before running.
What you'll need to connect
This agent will ask you for the following. You enter them when you connect — they're encrypted and never shared with the creator.
- Postgres Connection URL (DSAR role) · optionalRead+selective-delete Postgres connection URL for the dsar_role account. Company-specific host, set at install time. Leave blank for mock fixtures.Get this from *'s account or API settings.Paste the value as a single line.Only sent to: *
- HubSpot API Key · optionalHubSpot Private App token with contacts:read scope.Get this from hubapi.com's account or API settings.Paste the value as a single line.Only sent to: api.hubapi.com
- Service account JSON · optionalGet this from *'s account or API settings.Paste the full JSON of your service-account key file (not a file path). FindAgent stores it securely and gives the agent a file path to it.Only sent to: *
- Anthropic API Key · optionalOptional. Leave blank on a sampling-capable client to use the host model with no key.Create a key on the Anthropic Console API keys page (console.anthropic.com → API keys).Paste the value as a single line.Only sent to: api.anthropic.com
How you're protected
FindAgent runs these safety checks on every agent automatically. They're always on and can't be turned off.
- Prompt-injection scanning
Every request is checked for known prompt-injection and jailbreak attempts before the agent runs. This is always on.
- Secret-leak scanning
Every response is scanned for leaked API keys, tokens, and other secrets before it reaches you. This is always on.