The Data Empowerment & Protection Architecture is India's framework for principal-controlled data sharing. Rule 4 of the DPDP Rules (2025) operationalises the DEPA Consent Artefact format — a structured, machine-readable, tamper-evident consent record that can flow between Data Fiduciaries, Account Aggregators, and consented data fabrics. ProtectComply issues and verifies these artefacts as a first-class output of the Consent module.
Issue and verify Consent Artefacts in the DEPA format. Plug-and-play with Account Aggregators and consented data fabrics.
Send a one-line revoke link via WhatsApp or email. Principal taps once — withdrawal recorded, downstream sharing halted.
Banner, preference centre, and revoke flow auto-translated to every official Indian language. First Schedule covered.
consent.yourbrand.com served from our infra. Your brand, our compliance plumbing.
Every record carries IP, user-agent, fingerprint, and per-tenant principal cookie. Returning principals don't see the banner twice.
Use ProtectComply consent even if you have your own assessment, RoPA, or grievance stack. Webhooks push records into your existing systems.
Keep your existing GRC or governance stack. Bolt on ProtectComply Consent for the DPDP §6 piece your platform doesn't cover.
DEPA Rule-4 interop means your Consent Artefacts plug into AA flows without you building the spec yourself.
Cookie banner + per-purpose granular consent that respects withdrawal. Your tag-management stack honours the flags via our JS SDK.
Run only the consent module — Indian data residency, 22-language notices, and a DPDP-compliant withdrawal flow.