To communicate with requesters from your dedicated privacy@ email alias, the DataGrail Platform will integrate with your Transactional Email system.
This transactional email system (i.e. a service that sends an email when a user completes an action, such as a purchase or password reset), will need to be able to send emails within the DataGrail Platform when a user makes a privacy request.
The email templates will be set by your team; DataGrail will never send an email without explicit approval and the opportunity to edit what is sent, and the chance to cancel. Copies of the emails are stored by DataGrail so that your user examining the request can see all communications.
Those will be purged upon your chosen schedule (typically 2 years for CCPA; can be any number of days you require after completion of the ticket).
Currently Supported Transactional Mailers
SendGrid (If you are creating an account, we recommend the SendGrid Essentials plan)
Most secure option; allows the customer to lock down DataGrail to only send from a specific email address
No ability to change the mailer
If there is a mailer not listed above, DataGrail will scope a possible integration.
Connecting Your Transactional Mailer to DataGrail
The first step in setting up your transactional mailer is to create the API connection with DataGrail:
- Select the "Integrations" page from DataGrail's top menu.
- Select "Configure New Integration"
- Search for the mailer you would like to connect and select "Configure"
- Follow the instructions from the "Get Help" button and enter the credentials for your mailer.
- Click "Save Connection"
Once connected, please email email@example.com with the Sender Email ("firstname.lastname@example.org") and Sender Name ("My Company Privacy Team") you would like to use with DataGrail. The DataGrail Support Team will work to configure your mailer and will test deliverability.
In order for the DataGrail platform to function as intended, it is crucial that the messages sent from your transactional mailer are delivered consistently to your users. For this reason, DataGrail performs a deliverability test when you connect your mailer.
The goal of the deliverability test is to confirm the following:
- DataGrail can trigger outbound emails from your transactional mailer successfully
- Emails sent by your mailer to your users are properly signed and not delivered to spam
DataGrail will inform you with the status of the deliverability test once your mailer is connected.
Ensuring Successful Deliverability
Since your transactional mailer is sending on behalf of your company (and your domain), it is important emails are properly authenticated to avoid appearing malicious or as spam to recipients. As a result DataGrail recommends customers configure the following:
- Sender Identity: Many transactional mailers, like SendGrid, offer the ability to verify a Sender Identity. This is often required and serves to uphold legitimate sending behavior. Setting this up usually requires domain verification and access to DNS records.
- SPF (Sender Policy Framework): SPF is a form of email authentication that lets you to define what mail servers are allowed to send on behalf of your domain. It is highly recommended to configure SPF records for your transactional mailer with your domain to ensure successful deliverability. This will also require access to DNS records.
- DKIM (DomainKeys Identified Mail): DKIM is another form of email authentication that uses a digital signature to verify an email was sent by the authorized owner of a domain. This is also an important step to ensuring that mail sent on your behalf is delivered reliably to your users.
Customer runs an email alias, typically email@example.com or firstname.lastname@example.org. To this list, they add email@example.com. That service is run by DataGrail’s instance of SendGrid.
All customers intake emails go to [customername]@emailapi.datagrail.io. It receives emails. Right now, DataGrail only listen to text (not images, attachments, etc.).
Separately, communication from DataGrail (on behalf of requester) to requester is entirely separate. This is where the Customer’s Transactional Mailer comes in.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.