Data export
Pull a machine-readable copy of the tenant data on request.
Govern
Data Subject Rights
Self-service export and erasure, with dual control
Answer data-subject requests without a manual scramble. A tenant owner can export their data or trigger a right-to-be-forgotten deletion, which runs an auditable saga and produces a record, with a confirmation step so an erasure is never a single accidental click.
- Data subject requests handled without a manual scramble across systems
- Every erasure confirmed by a person and recorded before it runs
- Regulator-ready evidence produced automatically, not reconstructed after the fact
The problem
When a data subject request arrives, the work falls on your team as an unstructured manual process. You have to locate the data, coordinate any deletion, document that it happened, and then prove it to a regulator, all with no reliable way to confirm nothing was missed or done by mistake.
Without IntegraCI
- Manual search across systems to find tenant data
- Deletions run ad hoc with no confirmation gate
- No durable record to show a regulator
- One person can trigger an irreversible action by accident
With IntegraCI
- Self-service export produced on request, machine-readable
- Erasure runs as a durable, confirmed workflow with dual control
- Every request logged as tamper-evident evidence of action
- An explicit confirmation required before any irreversible deletion
What you get
Right to be forgotten
Trigger an auditable deletion that runs as a controlled saga.
Dual control
Erasure requires an explicit confirmation so it is never accidental.
Evidence of action
Each request is recorded, so you can show a regulator it was honoured.
How it works
- 1
Make the request
A tenant owner requests an export or a deletion.
- 2
Confirm erasure
A deletion is confirmed, then runs as an auditable saga.
- 3
Keep the record
The action is logged as evidence the request was met.
How it stays governed
The same gates everyone passes, applied here.
Gated by policy
Policy as code governs which roles can initiate a data subject request and enforces that no erasure can proceed until an explicit confirmation is supplied. The deletion cannot be triggered in a single step, so the control is built into the workflow itself rather than relying on an operator remembering to check.
Recorded, tamper-evident
Each export and erasure request writes once to a tamper-evident audit trail, recording the request, the confirmation, and the outcome. That record is your durable evidence that the request was received and honored, available for a regulator without reconstructing what happened.
A human in the loop
Erasure requires an explicit confirmation from a tenant owner before the deletion workflow runs. A person must take a deliberate second action before any irreversible removal of data, keeping a human in the loop at the point of no return.
Works with your stack
Connect the tools you already run.
Identity connectors establish who is authorized to initiate a request; ITSM connectors can receive evidence records; security connectors carry compliance evidence downstream.
- Aqua Security
- DefectDojo
- Elastic
- Google Cloud
- Greenbone
- HashiCorp
- IBM QRadar
- Isovalent / Cilium
- Mend
- Microsoft Azure
- Open Policy Agent / CNCF
- OpenBao
- OWASP ZAP
- PlexTrac
- ProjectDiscovery
- Prowler
- ScanCode
- Snyk
- +19 more
Who it’s for
Where teams reach for it.
Responding to a GDPR access request
When a customer or employee asks what data you hold, a tenant owner triggers an export directly from IntegraCI without routing the request through engineering. The machine-readable output goes to the person who asked, and the action is recorded.
Actioning a right-to-be-forgotten request
When a former user asks to have their data removed, the tenant owner initiates the deletion, supplies a confirmation to satisfy the dual-control requirement, and the erasure runs as a durable auditable workflow. The record remains as proof the request was honored.
Preparing evidence for a privacy audit
Before a compliance review, a team can point an auditor to the tamper-evident audit trail showing every data subject request that was received, who confirmed it, and when the action completed, without needing to reconstruct events from emails or spreadsheets.
Questions, answered.
What data does the export cover?
The export covers the tenant data IntegraCI holds for your organization. It does not reach into external systems or tools you have connected. The output is machine-readable so you can pass it directly to the person who made the request.
Can one person both request and confirm an erasure?
The dual-control step is there to prevent a single click from triggering an irreversible deletion. A tenant owner initiates the request, then must supply an explicit confirmation before the deletion workflow runs. The two steps are intentionally separate.
Is a deletion reversible?
Erasure is designed to be permanent. The dual-control confirmation exists so no deletion runs without deliberate intent. The tamper-evident audit trail records that the action was taken and when, but the data itself is not recovered after an erasure completes.
How do I show a regulator that a request was honored?
Every export and erasure writes once to a tamper-evident audit trail, producing a durable record of what was done and when. That record is your evidence of action for a privacy review or regulatory inquiry, without needing to reconstruct events after the fact.
Put Data Subject Rights on your stack.
Request a demo, or read the docs to see how it fits the tools you already run.