Two paths. Logged-in users are verified by their session, with the chatbot recognising their WordPress user ID. Anonymous requestors enter their email, receive a 6-digit code, and confirm. The system prompt refuses to log a deletion request without one of these. For high-risk accounts (admin, large customer), a second-factor email or phone confirmation can be required, configurable per role.

The bot explains the exception in plain English. The most common cases: order history retained for tax and accounting (typically 6-10 years depending on jurisdiction), data subject to an active legal proceeding (litigation hold), or data needed for a contract still in force. The user is told what is retained, on what legal basis, and for how long. The retained data is flagged for re-evaluation at the retention boundary.

No. The bot captures the verified, scoped, deadline-stamped request and routes it to a human DPO or to your erasure tooling. Actually executing deletion across all systems (database, search index, CDN caches, analytics, marketing tools, third-party processors) is the DPO's job, possibly through a dedicated tool or workflow. The bot is the intake layer, not the executor, and is honest with the user about that timing.

Set the bot to the user's preferred language based on browser or account setting. The model handles natural-language understanding across major languages. Your privacy notice and lawful-basis statements should be available in each language you operate in. For audit purposes the ticket is stored with both the original-language conversation and an English translation, so the DPO can review without depending on translator availability.

Specially. Requests from accounts flagged as minors, or from accounts with guardian-relationship metadata, are routed straight to the DPO without auto-acknowledging. Children's data deletion under GDPR-K, COPPA, and equivalents is high-stakes and requires guardian verification beyond what a chatbot can reliably perform. The system prompt explicitly defers these cases and captures the request as 'minor account, manual review required'.

Yes. Each ticket gets a reference like DSR-2026-0517 that the user can use to ask for status. The bot reads the ticket state (received, in progress, awaiting clarification, completed) from your DSR log and gives a clear answer. Status changes are also pushed via email automatically when the DPO updates the ticket. No 'I emailed two weeks ago and heard nothing' frustration.

Handled by the same bot with a separate intake flow. CCPA opt-out of sale or sharing does not require identity verification at the same level (it is a global opt-out, not a deletion), and the bot routes it to your privacy-engineering team to flag the user record across analytics, ad platforms, and any other data-sharing pipelines. The audit trail is the same shape as the GDPR equivalent.

No. The bot is the intake, triage, and status-tracking layer. A DPO is still required by GDPR for many organisations and is the human accountable for actually executing requests, evaluating exceptions, and signing off on completion notices. The bot makes the DPO's day better, not unnecessary. For very small organisations without a formal DPO, the privacy lead plays the same role and the bot's structured ticketing is even more valuable.