Skip to Content
DashboardSettings

DSAR settings

The DSAR settings page allows you to configure how files are stored, how long download links remain active, and other defaults for your DSAR workflow. To access these settings, navigate to the DSAR section in your dashboard and click Settings.

File retention

Controls how long disclosure files (the encrypted ZIP files delivered to data subjects) remain available for download after a request is completed.

  • Default: 14 days
  • Range: 1–365 days

After the retention period expires, the files are automatically purged from storage. If a data subject needs to re-download their data after expiration, you would need to reopen the request and complete it again.

Controls how long the secure download link included in the completion email remains active before it has to be regenerated.

  • Default: 180 minutes (3 hours)
  • Range: 15–1440 minutes (15 minutes to 24 hours)

Shorter validity periods are more secure but may be inconvenient if the data subject does not access the link promptly. If a link expires, the data subject can still download their files from the request status page as long as the file retention period has not passed — a fresh link will be generated.

Maximum upload size

Sets the maximum file size allowed when uploading files for individual systems during request processing.

  • Default: 50 MB
  • Range: 1–500 MB

This limit applies per file. Each system in a request allows one file upload.

Staging cleanup

Controls how long staged files (files uploaded during request processing on requests that have since been completed or rejected) are retained before automatic cleanup.

  • Default: 60 days
  • Range: 7–365 days

This setting helps manage storage by automatically removing files from old requests that no longer need their working files retained.

Resolution templates

Resolution templates are pre-written response notes that can be quickly applied when completing, rejecting, or responding to requests. You can customize templates per request type to ensure consistent and compliant responses.

To manage resolution templates:

  1. Navigate to the Resolution templates section on the DSAR settings page.
  2. Edit the template text for any request type (access, erasure, rectification, etc.).
  3. Save your changes.

Your custom templates are merged with the system defaults, so you only need to override the parts that are specific to your organization. When processing a request, the resolution note field will auto-fill with the appropriate template based on the request types selected. You can edit the note before completing the request.

Custom S3 vault

By default, all DSAR files (uploads and disclosure packages) are stored in CookieHub’s secure storage. If your organization requires files to be stored in your own infrastructure, you can configure a custom S3-compatible storage vault. Both Amazon S3 and S3-compatible providers (such as MinIO) are supported.

To configure a custom S3 vault:

  1. Navigate to the Custom S3 vault section on the DSAR settings page.
  2. Enter your bucket details:
    • Access key ID
    • Secret access key
    • Region
    • Bucket name
    • URL — public URL for the bucket (if applicable)
    • Endpoint — required for S3-compatible providers like MinIO
    • Use path-style endpoint — enable this for MinIO and similar providers
  3. Click Test connection to confirm the credentials are valid and the bucket is reachable.
  4. Save the configuration.

Your credentials are encrypted at rest before being stored. All files uploaded to your bucket will use server-side encryption (AES-256) on top of the encryption applied by CookieHub.

To stop using a custom vault and revert to the platform-managed storage, click the Clear button in the same section.

This is an optional feature intended for organizations with specific data residency or compliance requirements.

Automatic reminders

In addition to the configurable settings above, the DSAR system automatically sends reminder emails to help meet response deadlines. These reminders are not configurable, but it’s useful to know they exist:

  • Account owners receive deadline reminders 7, 3, and 1 days before a request’s due date, plus daily overdue notices once the deadline has passed.
  • Data subjects receive a reminder 3 days before their disclosure download link expires, but only if they have not yet downloaded the file.
Last updated on
Systems