Vishwaas AI is built by Cross Identity — India's leading Identity & Access Management platform — to complete the privacy compliance picture. Together, they deliver the full lifecycle of digital identity governance: who your users are, what they can access, and what they have consented to.
India
Identity
Ecosystem
Cross Identity
IAM Platform
SSO · MFA · RBAC
SAML · AD · Device Trust
Vishwaas AI
Privacy Platform
Consent · DPR · DPIA
Breach · RFC 3161
Shared infra
AWS Mumbai
Shared auth
OTP · JWT
Identity & Access Management
Cross Identity Answers
"Who is this user? Are they authenticated? Are they authorised?"
Privacy & Consent Management
Vishwaas AI Answers
"Has this user consented to this data being processed? Can we prove that cryptographically? Have their rights been fulfilled?"
In the past, these were separate disciplines with separate tools. The DPDP Act 2023 changes that. It requires Data Fiduciaries to not only authenticate users and control their access — but to document, prove, and manage the consent underpinning every data processing action.
Cross Identity delivers both.
| Capability | Cross Identity (IAM) | Vishwaas AI (Privacy) |
|---|---|---|
| User authentication | Email OTP, MFA, SSO, SAML, OAuth | Email OTP (data principals + admin users) |
| Access control | RBAC, ABAC, policy-based | 11-role CASL RBAC — DPDP Act role model |
| Identity lifecycle | User provisioning, deprovisioning | Data principal unified identity (cross-system) |
| Audit and compliance | Access audit logs | Consent + rights + breach audit (hash-chained) |
| Regulatory compliance | Internal IAM regulations | DPDP Act 2023 + DPDP Rules 2025 |
| Device / session | Device trust, session management | Portal session (OTP-refreshed JWT) |
| API security | API gateway, token management | API key management (consent status API) |
Vishwaas AI extends your Cross Identity investment by adding the DPDP Act compliance layer that IAM alone cannot cover.
Cross Identity
Employee and contractor identity lifecycle management
Single Sign-On (SSO) across internal applications
SAML 2.0 / OAuth 2.0 federation
Multi-Factor Authentication
Active Directory and LDAP integration
Device trust and certificate-based authentication
Access governance and certification campaigns
Vishwaas AI
Customer (Data Principal) consent management
The people your IAM system does not govern
Privacy notice management
DPDP-compliant notices in 22 Indian languages
Data Principal Rights (DPR)
Access, correction, erasure, nomination, grievance
Breach incident management
72-hour DPBI notification workflow
DPIA & Vendor Governance
Risk assessments for high-risk processing activities
Identity unification
Resolve fragmented customer identities across all your systems
Non-repudiable consent ledger
Cryptographic proof (SHA-256 + RSA + RFC 3161) for DPBI proceedings
Cross Identity Platform Vishwaas AI Platform ──────────────────── ──────────────────── Employee Identity Customer Identity · SSO · Consent Management · MFA · Privacy Notices · SAML / OAuth · Data Principal Rights · AD Integration · Breach Management · Device Trust · DPIA & Vendor Governance SHARED INFRASTRUCTURE ───────────────────── AWS Mumbai (ap-south-1) AES-256-GCM Encryption Passwordless OTP Authentication Append-Only Audit Trail India Data Residency
Both platforms use passwordless email OTP as their authentication foundation — no separate credential store, the same zero-credential-theft security posture across both platforms.
Both platforms enforce identical encryption standards — no security disparity between IAM and privacy layers.
Vishwaas AI's 188 RESTful endpoints (OpenAPI 3.0) integrate with Cross Identity's API gateway and access management layer — consent as an access condition.
API-First Integration Flow
Cross Identity API Gateway
Validates JWT (issued by Cross Identity IdP)
Routes to Vishwaas AI API
GET /consent/status/:dpId/:purposeCode
Returns consent status
{ status: "active", purpose: "mkt_email" }
CI policy engine enforces
Consent = access condition. One policy decision.
Example policy rule
"User may access the marketing email service only if consent_status:mkt_email = active per Vishwaas AI."
Consent Propagation to Identity Provider
When a data principal withdraws consent on Vishwaas AI, the Consent Propagation engine triggers a webhook to Cross Identity to enforce the withdrawal at the IAM layer:
Revoke the user's session in applications governed by that consent
Flag the account for re-consent before next login
Trigger a deprovisioning step for access to systems that relied on that consent
// Webhook payload: consent.withdrawn event { "event": "consent.withdrawn", "data_principal_id": "dp_01HX...", "purpose_code": "mkt_email", "timestamp": "2026-03-15T09:44:10Z", "record_hash": "sha256:a3f2b1..." } // CI receives → revoke session + flag for re-consent
| Competitor Approach | Cross Identity + Vishwaas AI |
|---|---|
| Buy IAM from one vendor, privacy from another — then integrate manually | One ecosystem, built together, shared infrastructure — no integration gap |
| Pay GDPR-first platforms to adapt for DPDP — expensive, slow, imperfect | Purpose-built for Indian regulatory requirements on both sides |
| Manage separate audit trails for access events and consent events | Unified audit standard (hash-chained, append-only) across both platforms |
| Two vendor relationships, two support contracts | One Cross Identity relationship for full IAM + Privacy coverage |
Vishwaas AI is designed, built, and supported by the same team that builds Cross Identity. There is no integration gap, no API mismatch, no finger-pointing between vendors.
One platform. One team. One accountability.
About Cross Identity
Cross Identity (IdentityPlus Pvt. Ltd.) serves enterprises across BFSI, healthcare, government, and manufacturing sectors. Vishwaas AI is Cross Identity's privacy compliance product — built with the same engineering rigour and India-first design philosophy that Cross Identity customers have relied on for over a decade.
Learn more at crossidentity.inSee how Cross Identity and Vishwaas AI work together in a live joint demo — IAM and DPDP compliance in one session.