PrivacyOps is the operational layer for privacy programs. Automated database discovery and classification, GDPR Article 30 RoPA generated on demand, end-to-end DSAR automation through a public privacy center, retention policy enforcement, consent state propagation. The same data inventory feeds every downstream surface — privacy ops, marketing list construction, and the regulatory evidence package.
The data inventory is a spreadsheet that goes stale within weeks. The Article 30 RoPA is rebuilt by hand each year for the regulator. DSARs are tickets that route to engineers who run ad-hoc queries against production. Consent state lives in a marketing tool that nobody trusts. Each piece works in isolation; together they produce a privacy posture nobody can fully defend.
PrivacyOps replaces the collection with a single inventory, a single workflow, and a single audit trail.
Connect production databases, data warehouses, and SaaS exports through seven native adapters — Postgres, SQL Server, Azure SQL, MySQL, Oracle, MongoDB, Snowflake. Connector credentials encrypted at rest with tenant-specific keys.
The platform discovers tables, columns, and approximate row counts; samples values for classification; never persists raw samples as a foundational privacy guarantee. A multi-strategy classifier scores every column against a curated master schema of 241 attributes across 23 categories — Personal Identifiable Information, Financial & Payment, Biometric, Genetic, Health Insurance, Cookies & Browsing, Geolocation, Workplace Welfare, and 15 more.
High-confidence matches auto-bind. Medium-confidence matches land in the classification queue for operator review; the platform learns from every confirmation, accelerating subsequent runs. Nine regulatory classifications inherit automatically — PHI, PCI, SPI, PII, Restricted-Confidential, Internal Use, Public, Unknown, No data.
Article 30 RoPA, CCPA/CPRA disclosure, and a framework-agnostic global RoPA all derive from the same data flow inventory. Inbound, outbound, and internal data flows are auto-derived from the catalogue: vendor data-handling rows, SaaS export inferences, schema-similarity inference between datastores.
Every flow carries a confidence score and a deriver-source signature — any RoPA row can be traced back to its origin in seconds. Flows are active by default, so the RoPA is populated immediately, not after a backlog review. The audit log captures every auto-derivation, edit, disable, and re-enable.
Subjects authenticate to the public privacy center and request access, rectification, erasure, restriction, objection, or portability. The platform searches every catalogued datastore using the subject's identity keys (encrypted at rest with a tenant-specific key); results flow into the DSAR workflow without an engineer touching production.
"Download my data" requests fulfill automatically for the most common request types — no human ticket, no engineering involvement. Erasure and rectification execute on operator confirmation through a deletion runbook that respects retention policy and legal-hold constraints. Article 12-aligned tracking and timeline preserved automatically.
Branded portal at a tenant-specific URL. Data subjects submit rights requests, check status, and manage consent — no account required. Linked from the organisation's website footer or cookie banner. Multi-language support; tenant-customisable copy and branding. Subjects track their request in real time without contacting the tenant.
Pre-defined retention policies anchored to regulatory citations: GDPR Articles 6(1)(b), 6(1)(c), 6(1)(f), 7; HIPAA 45 CFR § 164.530(j); SOX § 404 / IRS retention; CCPA/CPRA Cal. Civ. Code § 1798.105; ePrivacy Directive Article 5(3). Assignable per-datastore or per-master-attribute. Notifications fire before expiry. Marketing-class data eligible for auto-deletion; sensitive categories require operator approval through the deletion runbook.
See the retention policy library →
Legal basis tagging on every flow against the GDPR Article 6(1) bases — consent, contract, legal obligation, vital interests, public task, legitimate interest. CCPA-equivalent labels produced automatically by the export adapter. Consent withdrawal propagates through downstream marketing list exports — a withdrawn subject is suppressed everywhere, not just in the consent tool.
241 master attributes in the seeded schema across 23 PII categories. Three RoPA frameworks — GDPR Article 30, CCPA/CPRA, framework-agnostic global — from one inventory. 72-hour breach SLA tracked automatically. DSAR fulfilment without human intervention for the most common request types.
PrivacyOps is included in Enterprise. RoPA Plus tier provides Privacy Reviews and Retention Policy Library; full discovery, DSAR automation, RoPA generation, and consent-aware marketing lists are Enterprise-only.