Phase 1 LiveDPDP Section 11 · Phase 1 Live

DSAR Portal

Accept, verify, review, and fulfill Data Principal access, correction, and erasure requests without losing the evidence trail.

Try live demoOpen admin console
Public portal
Customer-branded request form with email OTP verification.
Admin workflow
Pending, verified, fulfilled, and rejected tabs with SLA countdown.
Connector scan
Postgres query-template scan returns matching principal records.

DPDP Section 11

Data Principal access request workflow

DPDP Section 12

Correction and erasure request intake

Hash-chained ledger

Every DSAR action written to trust ledger

Verified deliverability
OTP email verified from privacy@crewcheck.in
May 8, 2026: a fresh DSAR request email arrived in a real Gmail inbox from privacy@crewcheck.in and the OTP verified against the live API.

What happens when a Data Principal submits a request

01
Submission
The public portal records email, request type, and description against the workspace.
02
OTP verification
A 6-digit email OTP must be verified before the request enters admin review.
03
Admin review
Workspace admins see pending and verified requests with a 30-day SLA timer.
04
Connector scan
Postgres connectors run customer-defined query templates by principal email.
05
Fulfillment + audit
Fulfill or reject actions append evidence and write to the hash-chained ledger.
Phase 1 Live
See it working
The demo portal is wired to the live API. Use an @example.com email during testing and CrewCheck will expose a non-production OTP in the response UI.
Try live demoAdmin dashboard
Reality Check
What is live, and what is still in build
  • Live: public DSAR submission, OTP verification, admin list/detail, fulfillment/rejection, Postgres connector test and scan.
  • Live: DSAR events write into the same hash-chained trust ledger used by gateway evidence.
  • Partial: S3 connector records can be configured, but object listing is Phase 2 Q2 2026 until storage credentials are isolated per workspace.
  • In build: SLA reminder emails at 7 days / 3 days / due date are scheduled for the background worker pass.

Phase roadmap

Phase 1 Live
Phase 1 Live
  • Public portal
  • Email OTP verification
  • Admin review
  • Postgres connector scans
  • Ledger evidence
Phase 2 · Q2 2026
Phase 2 Q2 2026
  • S3 object listing
  • Daily SLA reminder worker
  • Customer-branded email templates
  • Connector evidence attachments
Phase 3 · Q3 2026
Phase 3 Q3 2026
  • CRM connectors
  • Bulk DSAR exports
  • Delegated processor fulfillment workflows
Pricing integration
Included in Early Access and Growth. Free workspaces see an upgrade gate in the API and app.

Free

Upgrade required

Early Access

25 requests/month · 2 connectors

Growth

200 requests/month · 5 connectors

FAQ

Does the portal verify the Data Principal before admin review?

Yes. Phase 1 requires a 6-digit email OTP before the request status changes from submitted to verified.

Which connectors are live?

Postgres connector testing and principal-email scans are live. S3 connector configuration is stored, while object listing is Phase 2 Q2 2026.

Is the DSAR workflow written to the audit log?

Yes. Submission, verification, fulfillment, and rejection actions write DSAR events to CrewCheck's hash-chained trust ledger.

Which DPDP rights does this cover?

Phase 1 covers Section 11 access intake and Section 12 correction and erasure intake. Fulfillment evidence remains admin-controlled.