225 Features. 15 Modules.
One Platform.

Purpose Catalog

Define consent purposes with lawful basis, data categories, retention period, and explicit opt-in requirement

Per-purpose consent collection

Granular, unbundled consent; no pre-ticked boxes

Append-only ledger

DB-level REVOKE UPDATE, DELETE — not just an application guard

Consent text snapshot

Exact multilingual text shown to the data principal, captured immutably at the moment of consent

7-year retention

Enforced per DPDP Rules 2025 Rule 4; automated retention policy per purpose

Chain verification API

POST /api/v1/consent/verify-integrity/{id} — any record verifiable on demand

Consent Receipt PDF

RFC 3161-signed PDF generated on demand from the data principal's portal

Bulk consent collection

API and campaign-based bulk collection from existing customer bases

22 Indian languages + English

All Eighth Schedule languages supported natively in the platform

TipTap rich-text editor

Author notices in a Word-like interface; DPDP-compliant standalone format enforced

Multilingual completeness indicator

Flags incomplete translations before a notice can be published

Notice versioning

Every published version retained; content_hash on each version for integrity

DPO approval workflow

Notices require DPO sign-off before publication — required for SDFs

Legal review gate

Legal officer review step before DPO approval — recorded with name and timestamp

Delivery tracking

Per-principal sent_at, delivered_at, acknowledged_at timestamps

Historical access

All published versions accessible to data principals at any time in the portal

Auto-generated request numbers

DPR-YYYY-NNNNN format for all correspondence

SLA countdown with overdue alerts

Overdue requests highlighted; DPO alerts triggered before deadline passes

Identity verification

Email OTP, DigiLocker, or Aadhaar — documented per request before any data is disclosed

Append-only activity timeline

Every action on every request, immutable

DPBI escalation panel

One-click escalation for unresolved grievances with timestamp and DPO notification

Erasure job orchestration

Per-system deletion tasks based on unified identity graph; completion tracked

Self-service portal

Submit, track, and receive responses without admin mediation

Completion email with written response

Required by Rule 9 for grievances; dispatched with delivery confirmation

72-hour DPBI countdown clock

Starts at incident creation; on-time/late compliance indicator always visible

Structured breach intake

Captures all Rule 8(2) mandatory fields: nature, data categories, principal count, consequences, measures

DPBI notification editor

Guided notification draft with mandatory fields enforced

Principal notification panel

Bulk email dispatch to affected principals; per-principal delivery tracking

Remediation tracker

Per-step checklist with completion timestamps and DPO sign-off

Multi-authority notifications

DPBI + RBI / IRDAI / CERT-In workflow for BFSI organisations

Breach register export

Signed PDF for DPBI inspection; RFC 3161-timestamped at generation

Append-only activity timeline

Immutable incident record for post-incident review and DPBI submission

DPIA questionnaire

Processing description, data categories, necessity, proportionality, risks, safeguards

Likelihood × severity risk heatmap

Colour-coded matrix; risk levels auto-calculated

DPO approval workflow

DPO sign-off creates an immutable approval record with timestamp

DPIA register

Filterable by status (draft, under review, approved, rejected) and risk level

Signed PDF certificate

DPIA completion certificate with DPO signature and RFC 3161 timestamp

Risk register

All identified risks tracked with mitigation status; DPIA submitted-to-DPBI tracking (Rule 7(3))

Vendor onboarding

DPA upload, status tracking, and renewal reminders (active, expiring, expired, not signed)

Automated risk scoring

Risk score based on data categories shared, processing location, and DPA status

Cross-border transfer tracking

Flags transfers outside India; documents legal basis per transfer arrangement

Annual vendor assessments

Scheduled workflow with completion tracking and assessment history

Processor liaison role

Separate access level for vendor staff with scoped consent visibility

Vendor Risk Report

Signed PDF exportable for DPBI inspection in 30 seconds

Auto-link throughput

> 50,000 records/hour per tenant

Resolution latency

< 5 minutes for 10,000-record batch

Human review queue

Side-by-side comparison, confidence score display, bulk operations

Configurable resolution rules

Thresholds, field weights, auto-link controls per tenant

Event types

consent.granted · consent.withdrawn · consent.expired · consent.renewed

Exponential backoff retry

Immediate → +1s → +5s → +30s — no lost events

Dead-letter queue

Payload inspection, manual retry, and audit-log dismiss

Propagation delivery log

Timestamped, immutable record per delivery — DPBI evidence of withdrawal enforcement

Real-time KPI cards

Consent rate, pending DPR, active breaches, DPIA status, vendor risk — live

Compliance posture score

Aggregate risk score across all 15 modules

Trend analytics

Consent grant/withdrawal rates over time (TimescaleDB)

Risk heatmap

Data asset × processing risk matrix

Activity feed

Live stream of all compliance-significant events across all modules

Signed report generation

DPR Performance · Consent Analytics · Breach Register · DPIA Register · Vendor Risk · Training Completion — all signed PDF/Excel

Passwordless email OTP login

No passwords, no credential database

Per-purpose consent toggles

Identical UX for granting and withdrawing — §6(5) compliance

Active consents view

With notice version links for full transparency

Self-service rights requests

Access, correction, erasure, nomination, grievance — without admin mediation

Request status tracking

Full activity timeline visible to the data principal

Privacy notice library

All published versions accessible at any time

Cookie preference management

Category-level control from within the portal

Consent Receipt PDF

RFC 3161-signed PDF downloadable on demand

20 KB vanilla TypeScript banner

Single <script> tag embed — no dependencies

Category-level consent

Essential · analytics · marketing · personalisation

Ledger-connected

Cookie consent recorded in the main hash-chained, signed consent ledger

Admin-managed configuration

Colours, position, language, granularity — no code change required

Downstream propagation

Cookie consent changes propagated via the same webhook architecture

Public consent record lookup

Third-party verification API — no auth required

Campaign targeting

By data principal attributes, source system, or purpose status

Notice attachment

Privacy notice version delivered alongside consent request

Scheduled or immediate dispatch

Full scheduling control per campaign

Per-principal tracking

Sent · opened · responded · pending — per recipient

Campaign analytics

Response rate · consent granted % · declined % · pending %

Bulk consent collection

Via email link or embedded form

Super admin isolation

Platform-level management with zero access to any tenant's compliance data

Auto-provisioning

Roles, seed purposes, slug-based routing — fully automated on tenant creation

Per-tenant user management

Role assignments, invitations, deactivation — scoped to tenant

Slug-based routing

/{tenantSlug}/admin/ · /{tenantSlug}/portal/

Platform overview dashboard

Tenant count, overall consent volume, support tickets

Custom DPA management

Per-tenant DPA tracking and management

6 built-in DPDP Act compliance courses

Covering all major obligations under the Act and Rules 2025

Role-based course assignment

Assign specific courses to specific roles and users

Enrolment management

Track assigned, in-progress, and completed enrolments

Completion certificates

Generated and timestamped on module completion

Append-only hash-chained ledger

audit schema — INSERT + SELECT only at DB level; same SHA-256 chain design as consent

Universal coverage

Every mutation across all 14 modules writes an immutable audit event

Chain verification endpoint

GET /api/v1/audit/verify-chain?from=&to= — verify any date range in one call

Full-text search

Elasticsearch-powered search across all audit events

Audit log export

CSV + chain verification result — DPBI-ready package

Complete event capture

Actor, IP address, timestamp, and action on every event — no gaps