A hosted trust hub at privacy.yourdomain.com: unified DSR inbox, versioned policies, auto-updated sub-processor list, and an incident + certifications log. Customers see a serious operator. Regulators see a responsive one.
Enterprise buyers open privacy.yourco.com and half their questions are already answered — policies, sub-processors, certifications, incident log, all versioned and timestamped. Your sales cycle gets its week back.
Identity-verified requests land in a real inbox with SLA timers, language detection, and one-click responses. Nobody's Gmail thread. No missed deadlines. No "who's handling this?" Slack messages at 9pm.
The trust hub your CNIL case officer sees is the same one your largest prospect's procurement team sees. Consistent, archived, audit-ready — and the second layer of your compliance posture after representation.
A branded page at privacy.yourdomain.com — serves your policies, DSR intake and certificates from one surface.
Access, erasure, rectification, portability, restriction, and objection requests all route to one verified inbox with deadline tracking.
Store all your policies in one place, publish them to your Privacy Center, and maintain a full version history so you always know what changed, when, and why.
Publish your compliance certifications on your public Privacy Center so prospects can verify your status instantly, no more PDFs on request.
Fraudulent DSRs waste your team's time and expose you to risk. EU Presence verifies every requester's identity automatically so you only respond to legitimate requests.
See how many requests you've received, which regulations they fall under, and how quickly your team is responding, all in one dashboard.
Give your users a branded portal to submit data requests, verify their identity, and access your privacy policies while you stay compliant without lifting a finger.
Every request is verified before it reaches you — no impersonation, no drive-by deletions, no manual email ping-pong.
Art. 12's 30-day clock tracked per request, with early-warning at day 20 and automated escalation at day 27.
Route requests into Jira, Linear, or your data warehouse. Every state change fires a webhook; full audit log available via API.
Requests come in local language, routed to you with an English summary. Responses can go out in-language with one click.
Data residency in Frankfurt, SOC 2 Type II, ISO 27001, GDPR-native. Full sub-processor list on our own trust hub.
Request volume, response time, SLA compliance, regulation mix, and team workload — in one dashboard you can drop in front of your board or DPA without prep.
Route requests to the tools your privacy team lives in. 200+ native integrations on Pro, plus Zapier and a REST API for anything we don't cover.
Add one CNAME pointing to cname.eupresence.com. We provision the TLS certificate, the subdomain, and the cookie propagation automatically.
Paste an existing policy, import from a URL, or start from our template library. We version it, timestamp it, and serve it at your branded subdomain.
One script tag on your site. Visitors submit requests via a branded form; we verify identity, log the request, and route it to your inbox.
Publish your trust hub. Every request, policy revision, and sub-processor change is archived with an audit trail regulators can inspect.
// 1 · Drop-in embed for your marketing site <script src="https://cdn.eupresence.com/dsr.js" data-tenant="acme" data-lang="auto"></script> // 2 · REST API — for app-internal flows (Pro) POST https://api.eupresence.com/v1/dsr Authorization: Bearer $EUP_API_KEY Content-Type: application/json { "type": "erasure", "subject": { "email": "user@acme.com" }, "source": "in-app" }
From pre-launch startups to enterprise buyers, teams adopting a hosted trust hub ship faster, sell to bigger customers, and sleep better.
"Our security questionnaires used to eat a week per deal. Now enterprise buyers open privacy.ours.com and the conversation is already halfway done."
"We went from handling DSRs in Gmail threads to a real inbox with SLAs and verification. Night and day."
"CNIL asked for our privacy notice and ROPA. The trust hub had both versioned and timestamped. Ten-minute reply."
"The sub-processor auto-notify alone pays for this. Our customers stopped asking us who moved what, and when."
Everything a small team needs to publish a real privacy page and start handling DSRs on day one.
For growing companies with real volume — integrations, workflows, and a custom domain.
For scaled privacy ops — unlimited everything, 200+ integrations, and API access.
The standard compliance stack for US companies with real EU exposure. One onboarding, one invoice, one team.
Hosted trust hub, DSR inbox, versioned policies, sub-processor registry.
Article 27 coverage, 27 member states, named EU entity on record.
If users post or trade on your platform — Article 13 legal rep + notice endpoint.
It hosts, versions, and serves it. You can bring your existing policy, start from our template, or we can redline yours. The difference is every visitor is served the version that applied on their visit date — and that archive is regulator-ready.
Email challenge plus optional stronger signals (magic link, phone OTP, or enterprise-SSO for B2B). You can tune the verification level per request type — access requests are lighter, erasure requires stronger proof.
You use your own subdomain (privacy.yourcompany.com) by default — one CNAME. Fully self-hosted is available on Enterprise for regulated-industry customers who need it.
Not yet. Cookie consent is on the roadmap but isn't live today. Most of our customers run a dedicated CMP — Cookiebot, Usercentrics, OneTrust — alongside Privacy Center and we integrate with any of them. The four surfaces we do cover today (DSR inbox, sub-processor registry, policy library, incident log) are where most compliance work actually lives.
If you also have our GDPR Representative engagement, yes — we respond in-language to every DPA inquiry and log it in your trust hub. Privacy Center alone gives you the surface and archive; representation is a separate product.
Full export of every policy version, DSR record, sub-processor change, and incident entry — plus a JSON dump of your raw data. 30-day termination, no punitive clauses, you keep everything.
30-minute discovery call. Trust hub provisioned inside a day. A real privacy page, DSR inbox, and sub-processor registry, live by end of week.