Create your tenant. Multi-tenant by default — invite teammates with role-based access from the topbar. Tenant data lives in AWS Mumbai (ap-south-1) from the first byte. No data migration needed to switch tiers later.
Fill the organisation profile: industry, processor / fiduciary role, employee count, data categories you process. This unlocks the right Protect Pro and Protect Max banks, policy templates, and scanner weights for your sector. Healthcare and BFSI get specialised banks out of the box.
Run the L1 readiness check. ~30 questions, multiple choice, no evidence required. Output: a 0-100 readiness score, a heatmap across DPDP §s, and a prioritised remediation backlog. This is the Protect Pro tier.
Generate your DPDP-grounded policy pack — Privacy Notice, Cookie Policy, Data Retention, Breach Response Plan, Vendor Agreement, and 25 more. AI drafts from your org profile and the live DPDP spec. Review, edit, sign-off by named roles, publish on a hosted URL or export as PDF.
Drop the widget.js tag in your <head> and the banner appears. Set up the hosted preference centre at consent.yourbrand.com or use the platform-hosted version. Per-purpose granular consent, OTP-gated withdrawal, returning-principal recognition, 22-language notice — all live.
Publish your principal portals at /rights/[org] and /grievance/[org]. Configure auto-routing so requests land with the right team. The SLA timer starts when a request arrives; AI drafts the response letter; refusal-must-state-reasons is enforced at the contract layer.
Schedule recurring website scans. Run the L3 DeepDive assessment quarterly. Maintain the RoPA and TPRM registers. When a breach happens, the 72h-detect / 24h-notify lifecycle kicks in, and the Board form pre-fills from the breach record.
From a fresh tenant to live consent capture, principal portal, and quarterly assessment cadence — typically in three to four weeks.