How It Works

From sign-up to DPDP-ready, end-to-end.

Seven steps. Each one builds on the previous. Most teams finish steps 1-6 in their first week.

Start your 30 daysBook a guided walkthrough

Seven steps to live

1

Sign up (5 minutes)

Create your tenant. Multi-tenant by default — invite teammates with role-based access from the topbar. Tenant data lives in AWS Mumbai (ap-south-1) from the first byte. No data migration needed to switch tiers later.

2

Onboard (15 minutes)

Fill the organisation profile: industry, processor / fiduciary role, employee count, data categories you process. This unlocks the right Protect Pro and Protect Max banks, policy templates, and scanner weights for your sector. Healthcare and BFSI get specialised banks out of the box.

3

Pre-assessment (10 minutes)

Run the L1 readiness check. ~30 questions, multiple choice, no evidence required. Output: a 0-100 readiness score, a heatmap across DPDP §s, and a prioritised remediation backlog. This is the Protect Pro tier.

4

AI policy generation (1 hour)

Generate your DPDP-grounded policy pack — Privacy Notice, Cookie Policy, Data Retention, Breach Response Plan, Vendor Agreement, and 25 more. AI drafts from your org profile and the live DPDP spec. Review, edit, sign-off by named roles, publish on a hosted URL or export as PDF.

5

Consent capture (2-3 hours)

Drop the widget.js tag in your <head> and the banner appears. Set up the hosted preference centre at consent.yourbrand.com or use the platform-hosted version. Per-purpose granular consent, OTP-gated withdrawal, returning-principal recognition, 22-language notice — all live.

6

DSR + grievance handling (30 minutes)

Publish your principal portals at /rights/[org] and /grievance/[org]. Configure auto-routing so requests land with the right team. The SLA timer starts when a request arrives; AI drafts the response letter; refusal-must-state-reasons is enforced at the contract layer.

7

Continuous monitoring (always on)

Schedule recurring website scans. Run the L3 DeepDive assessment quarterly. Maintain the RoPA and TPRM registers. When a breach happens, the 72h-detect / 24h-notify lifecycle kicks in, and the Board form pre-fills from the breach record.

Production-ready in under 30 days

From a fresh tenant to live consent capture, principal portal, and quarterly assessment cadence — typically in three to four weeks.