Use Case

Your DSAR response is only as complete
as your worst database

Under GDPR, CCPA, and similar regulations, individuals can demand every piece of data you hold about them — and have it deleted. If that data is scattered across fifteen systems, one request can take weeks, consume a team, and still miss records. Tilores gives you a single query that returns everything, and a single action that deletes it.

Book a Demo Get the Evaluation Build

The Problem

Fragmented data turns compliance into a fire drill

Without Tilores

A customer submits a DSAR. Your team now has to track down every system that might hold their data:

✗Manual requests to CRM, billing, support, analytics, data warehouse — each owned by a different team

✗A legacy database nobody fully remembers gets missed — the response is incomplete and non-compliant

✗Deletion requests generate tickets across eight teams, some taking months to close

✗No audit trail — if a regulator asks how you responded, you can't prove it

✗30-day deadline passes. Fines up to €20M or 4% of global annual turnover

With Tilores

One query. Every record. Every source. Every time:

✓Search by name, email, or any identifier — Tilores resolves the identity and returns all linked records, with source labels

✓No system gets missed — every connected source is queried in the same request

✓Deletion cascades to source systems via webhook — one action replaces eight tickets

✓Full audit log of every DSAR query, export, and deletion — regulator-ready by default

✓Retention rules enforce automatically — old records purge from specific sources on schedule

How It Works

Connect once, comply everywhere

Connect All Sources

CRM, billing, support, analytics, data warehouse — every system that holds personal data feeds into Tilores. New sources connect without touching existing ones.

Receive a DSAR

Query by name, email, phone, or any identifier. Tilores resolves the identity across all sources and returns every linked record in a single response — with source attribution on each.

Respond or Delete

Export the full record set for a right-of-access response, or trigger deletion. Deleting from Tilores fires a webhook to each source system — all deletions coordinated from one place.

Enforce Retention

Configure rules to automatically delete records from specific sources after defined time windows. Tilores enforces them on schedule — no manual intervention needed.

Capabilities

Every data subject right, handled from one layer

🔍

Right of Access (DSAR)

A single Tilores query returns every record held about an individual across all connected systems — with source labels so your response is fully documented. Answer in minutes, not weeks.

🗑

Right to Erasure

Delete a subject from Tilores and it fires webhooks to every connected source system, triggering deletion at the origin. Configurable — you decide which systems are wired and which aren't.

🔗

Cascading Deletion via Webhook

One deletion action in Tilores propagates to your source systems automatically. No engineering tickets. No coordinator. You define the guardrails; Tilores executes within them.

⏱

Automated Data Retention

Set retention windows per source and per data type. Tilores enforces them on schedule — records from system A purge after 12 months, records from system B after 7 years. No manual process required.

📦

Data Portability

The right to data portability requires you to provide personal data in a structured, machine-readable format. Tilores returns records from all sources in a single structured response — ready to export.

📋

Audit Trail

Every DSAR query, record export, and deletion is logged — who requested it, when, what was returned, and what was deleted. If a regulator asks, your evidence is already there.

Regulatory Coverage

The same obligation across
every major privacy regulation

GDPR, CCPA, UK GDPR, LGPD — every major data privacy regulation gives individuals the right to access the data you hold about them, and the right to have it deleted. The obligation is the same. The challenge is the same: you have to find everything, across every system, and respond within a legal deadline.

Tilores doesn't care which regulation you're complying with. It connects to your data sources, resolves identities across them, and gives you a complete picture on demand. One layer covers every jurisdiction you operate in.

Data subject rights — key obligations by regulation

GDPR (EU)

Right of access (Art. 15), erasure (Art. 17), portability (Art. 20) — respond within 30 days

UK GDPR

Identical to EU GDPR. ICO enforcement applies. Fines up to £17.5M or 4% of global turnover.

CCPA (California)

Right to know, right to delete, right to portability — respond within 45 days

LGPD (Brazil)

Right of access and erasure under Art. 18 — respond within 15 days

PDPA (Thailand/Singapore)

Right of access and correction — respond within 30 days

Technical Fit

Built for production compliance workflows

Latency

<150ms p99 — return a complete subject record in real time, fast enough for customer-facing portals

Data sources

CRM, billing, support, analytics, data warehouse, third-party enrichment — all connected in one identity graph

Deletion

Webhook-triggered cascade to source systems on deletion. Configurable per source — not all systems need to be wired into the cascade.

Retention rules

Configurable per source and data type. Define windows once; Tilores enforces them automatically on schedule.

Audit trail

Every query, export, and deletion logged with timestamps, matched records, and source attribution — regulator-ready by default

Compliance

SOC 2 certified. GDPR-compliant architecture. Deployable on AWS Marketplace or on-premise for data residency requirements.

Example — DSAR lookup by email, all sources

query DSARLookup($email: String!) {
  search(input: {
    parameters: {
      email: $email
    }
  }) {
    entities {
      id
      score
      hitScore
      records {
        id
        source
        name
        email
        address
        dateOfBirth
        createdAt
      }
    }
  }
}

Returns all records linked to this identity, with source label on each — ready to include in your DSAR response.

Explore