Preflight Check: Email Verification

DSR workflows submitted through the Privacy Center configured with email verification by default. This is a separate process from the Email Verification preflight check described below, and you can read more about the Privacy Center email verification process here. When using this default Privacy Center email verification, the DSRs show up in the Incoming Requests view only after the email the email has been verified.

The email verification preflight step is a configuration setting that is run whenever a request is submitted with unverified email addresses. There are 3 ways to submit a request with unverified email addresses:

  1. When Manually submit a Data Subject Request through the Admin Dashboard and selecting "Yes, ask the user to verify the request".
Admin Dashboard Email Verification.

  1. When submitting requests through Transcend's DSR API with 2FA Email Approval enabled.

  2. When using account login flows on the Privacy Center via JWT or OAuth while also indicating in the authentication payload that the user's email is not verified.

The "Transcend Email Verification" preflight step has the following configuration settings that are commonly customized:

  • Verification Template: Provide the template that should be sent to the identifier that is being verified. This same template will be sent for all verification attempts when the verification is set up as a drip campaign.
  • Expiration Duration: The amount of time (in hours) until the identifier will be considered not verified. After this verification window is hit, the default behavior is for the request to enter the "Failed Verification" status with no further communications sent to the data subject. Read the descriptions for the settings below to understand alternative workflows that can be configured.
  • Request Verification Failed Template: Provide an email template that should be sent to the primary email for a request after the "Expiration Duration" window passes. When a template is specified, the request will enter a "Verification Failed" status, and the request will have to be re-submitted by the data subject, or restarted by an admin. It is common to provide an email template that instructs the data subject that their request was canceled, with additional instructions explaining how to re-submit the request.

The default configuration is to send the Verification Template one time, and then silently expire the request after 24 hours, changing the request status to "Failed Verification".

Email Verification default flow.

By specifying the Request Verification Failed Template, you can notify the user that their request was canceled when the verification fails.

Email Verification expiration with notification.

You can additionally configure the "Transcend Email Verification" preflight step to send a "Drip Campaign" where the email specified by Verification Template is sent multiple times. In order to set up the "Drip Campaign", you will want to update the Expiration Duration to be longer enough to run the Drip Campaign, and then set the following settings to define the length of time between consecutive emails being sent.

  • Drip Campaign - Reminder Template 1 Duration: The amount of time (in hours) that should wait between first email and second email. Note that in order for this drip campaign email to be sent, the "Expiration Duration" settings must be greater than this duration.
  • Drip Campaign - Reminder Template 2 Duration — The amount of time (in hours) that should wait between second email and third email. Note that in order for this drip campaign email to be sent, the "Expiration Duration" settings must be greater than the sum of this duration and "Drip Campaign - Reminder Template 1 Duration".
  • Drip Campaign - Reminder Template 3 Duration: The amount of time (in hours) that should wait between third email and fourth email. Note that in order for this drip campaign email to be sent, the "Expiration Duration" settings must be greater than the sum of this duration, "Drip Campaign - Reminder Template 1 Duration" and "Drip Campaign - Reminder Template 2 Duration".

Below is an example where:

  • Email Verification template is sent for the first time immediately when request is received
  • A second Email Verification template is sent 24 hours later after the request is received but not verified
  • A third Email Verification template is sent 24 hours after the second email, 48 hours after the request was submitted.
  • A fourth Email Verification template is sent 24 hours after the third email, 72 hours after the request was submitted.
  • The Request Canceled template is sent 95 hours after the request is made and the Expiration Duration window is passed.
Email Verification expiration with notification.

Lastly, the following settings can be customized to only run the "Transcend Email Verification" preflight check for specific workflows:

  • Actions: Only run this preflight check for specific data actions types (e.g. Access, Erasure, etc.).
  • Preflight Dependency: Run this preflight check only after other preflight checks have been resolved.
  • Data Subjects: Which data subject types should trigger this preflight check. When not provided, this preflight step is run for all data subjects.