DSAR Overhaul — Account-Level Data Subject Access Requests

We've completed a major redesign of how Data Subject Access Requests (DSARs) are created, configured, and managed.

What's changed:

• Account-level DSAR entity — DSARs are now fully decoupled from domain policies. A single DSAR can be assigned to multiple domains, and a designated responsible person (DPO or equivalent) can be linked at the account level rather than per policy.
• Flexible request routing — The DPO configuration has been redesigned as a routing step. Choose to route submissions via email (to an internal user or an external contact) or connect directly to your governance platform for advanced handling.
• Embedded DSAR forms, no domain attachment required — DSAR forms can now be embedded on any page without needing to be tied to a domain banner. All submissions are recorded and manageable (mark as Processed / Pending / Unprocessed) directly in the platform.
• Public APIs for DSAR submissions — New public APIs allow external integrations to record and manage DSAR submissions programmatically.
• Visitor geolocation on submissions — The DSAR form now infers and displays the visitor's country via IP (read-only), supporting regulation mapping and governance workflows.
• Governance platform integration — DSAR submissions in CMP now include a link to manage advanced cases in the governance platform, with DPOs loadable from governance.
• Streamlined setup defaults — The DSAR label now pre-populates with your company name. All fields are optional except Request Type. New accounts receive a pre-built DSAR with full translations.
• Refreshed "DSAR on a Page" experience — Updated UI/UX based on the new Privacy Portal design: revised icons, custom logo support, default language assignments, and cleaner notification styles.
• Product-aware visibility — Mobile App and TV App DSAR settings are now hidden from accounts that don't have those products activated, reducing clutter.

CAPTCHA on DSAR Forms

• CAPTCHA protection — External DSAR submission forms now support CAPTCHA. Customers can enable it with a on▎ DSAR Reimagined: Account-Level Forms, CAPTCHA Protection & Mobile Self-Servee-click setupby entering their API keys in the CMP settings.
• Rate limiting with user-facing validation — A limit of 1 DSAR submission per domain per 24 hours is enforced, with a clear message shown to visitors when the limit is reached.

Mobile SDK — Plans, Billing & Self-Serve Enablement

• Mobile plans and billing UI — A consolidated plans and billing experience for Mobile SDK is now available in the CMP, enabling clearer tier management and self-serve upgrades.
• Sticky banner for missing package assignments — Mobile app configurations with no packages assigned now surface a persistent in-app notification, prompting users to complete setup before going live.