Free Samples — PrivOptic

Free samples

Take a piece of each product — no email required

Real, usable excerpts from the catalog, free to use inside your organization today. No gate, no signup, no follow-up sequence — if the sample earns its keep, you know where the full version lives.

Sample letter: DSAR acknowledgment (GDPR)

One of nine lifecycle letters in the DSAR & Consumer Request Letter Pack. Copy it, adapt the bracketed fields, use it.

Subject: We've received your data request — reference [DSR-XXXX]

Dear [Name],

Thank you for your request dated [date], which we received on [date received]. We are treating it as a request for [access to / deletion of / correction of] your personal data under applicable data protection law.

To protect your information, we first need to confirm your identity. Please reply with [specify: e.g., the email address associated with your account, or a copy of one form of identification with sensitive elements redacted]. We ask only for what's necessary to verify it's you — nothing more.

Once your identity is confirmed, we will respond within one month of receiving your request. If your request is complex, the law permits us to extend this by up to two further months; if that becomes necessary, we will tell you within the first month and explain why.

There is no fee for this request. If you have questions in the meantime, reply to this message quoting reference [DSR-XXXX].

Kind regards,
[Name], [Title]
[Organization] Privacy Office

Get all nine letters — acknowledgment through refusal →

Sample tabletop inject: the Friday afternoon file

An opening sequence in the style of the Privacy Incident Response Tabletop Kit's four facilitated scenarios. Run it in your next team meeting — twenty minutes, no preparation.

Setup (read aloud): It's 4:47 p.m. on a Friday. Your service desk forwards a message from a customer: "I just received an export of what looks like other people's account data attached to my invoice email. Thought you'd want to know." The attachment contains 214 customer records — names, emails, and subscription details.

Inject 1 (hand out at minute 5): The invoicing platform is run by a third-party vendor. Their status page shows nothing. Your contract's breach notification clause is… somewhere.
Inject 2 (minute 12): A second customer posts a screenshot of the same attachment on social media, tagging your company.

Discussion prompts: Who declares this an incident, and on what authority? When did your notification clocks legally start — at the service desk email, or earlier? What do you need from the vendor in the next hour, and what does your contract actually entitle you to? Who owns the social media response, and what must they not say?

Facilitator's note: most teams discover two gaps in the first ten minutes — nobody is sure who declares, and nobody can produce the vendor contract. Both are fixable on Monday. That's the point of the exercise.

Get four full 90-minute scenarios with timed injects and scoring →

Sample poster: think before you click

In the style of the 13-poster Security & Privacy Awareness Bundle. Right-click to save; print at A4 or Letter.

THINK BEFORE YOU CLICK Three checks, three seconds: Who sent it? · Did I expect it? · Where does it really go? Not sure? Report it. You will never be in trouble for asking first. SECURITY AWARENESS · PRIVOPTIC
Get all 13 editable posters (SVG + PDF + PNG) →

These samples are free to use within your organization. They're simplified — the full products add jurisdictional variants, editable source files, facilitation guides, and the pieces that make the work defensible rather than just done. Try any product's live demo before buying. Not legal advice.