HMAC
SHA-256 signed every event
§6
DPDP Act compliant
1 line
JS embed — banner live
HMAC Audit Log
Consent records no auditor can challenge.
Every consent event — given, withdrawn, updated — is HMAC-SHA256 signed and written to an append-only log the moment it happens. No record can ever be modified or deleted, making it cryptographically tamper-evident. Exactly the kind of evidence a DPB auditor trusts.
- HMAC-SHA256 signed on every single consent event
- Append-only store — no deletion, no modification ever
- Cryptographic tamper-evidence verifiable by third parties
No-Code Banner Builder
Consent capture in one line of JavaScript.
Build a DPDP-compliant consent banner in the dashboard — choose purposes, set language, configure withdrawal options. Copy one JS snippet. Embed in your site. The banner renders, captures consent with full context, and writes a signed audit log entry. Automatically.
- Drag-and-drop banner builder — no developer needed
- One-line JS embed — live in under 10 minutes
- Multilingual: English, Hindi, Tamil, Telugu, Kannada, Bengali
Time bound functionalities
Lorem ipsum dolor sit amet, consectetur
adipiscing elit. Aliquam iaculis enim a
egestas. Quisque egestas mi.
Smooth operability
Lorem ipsum dolor sit amet, consectetur
adipiscing elit. Aliquam iaculis enim.
Hassle-free installation
Lorem ipsum dolor sit amet, consectetur
adipiscing elit. Aliquam iaculis.
Data Principal Trust Portal
A branded portal for every data principal.
Every data principal gets a white-labelled trust portal where they can view what data you hold, what purposes you process it for, and manage their own consents in real time. Transparency as required under DPDP Section 6.
- White-labelled with your company identity and domain
- Real-time consent management for every data principal
- Full audit trail of every principal action in the log
Children’s Consent Module
Section 9 guardian consent — fully handled.
DPDP Section 9 creates special obligations for processing data of minors. The Children's Module adds a verifiable guardian consent flow on top of your existing consent capture — compliant, auditable, and evidence-ready from day one.
- Guardian consent flow for all data principals under 18
- OTP-verified guardian identity before consent is logged
- Section 9 compliance evidence generated automatically per event
Time bound functionalities
Lorem ipsum dolor sit amet, consectetur
adipiscing elit. Aliquam iaculis enim a
egestas. Quisque egestas mi.
Smooth operability
Lorem ipsum dolor sit amet, consectetur
adipiscing elit. Aliquam iaculis enim.
Hassle-free installation
Lorem ipsum dolor sit amet, consectetur
adipiscing elit. Aliquam iaculis.
Cross-Channel Consent Sync
One consent state — across every touchpoint.
Consent captured on web, mobile app, WhatsApp, or email is synced to the same append-only audit log. A data principal who withdraws consent via WhatsApp sees their consent state update across your entire data stack within seconds.
- Web, mobile, WhatsApp, and email — all synced to one log
- Real-time propagation to all connected downstream systems
- Single source of truth for every principal’s consent state
WHY COMPLIANCE COPILOT
Built different.
For India's data law.
Cryptographically tamper-evident
HMAC-SHA256 on every event. Append-only storage. A consent log no one can modify — including your own team. DPB auditors have seen enough spreadsheets.
Live in 10 minutes
One JS snippet. No developer sprint required. Your consent capture is live, signed, and audit-ready before lunch.
Built for India's languages
Your data principals speak Hindi, Tamil, Telugu, Kannada, Bengali. Your consent banner should too. RuleExpert supports all major Indian regional languages.
Counsel-reviewed templates
Every purpose statement and consent template in RuleExpert has been reviewed by DPDP legal counsel. Your team uses, not drafts.
HOW IT WORKS
Three steps to compliance
Define your data processing purposes in the dashboard. Each purpose maps to a DPDP §6-compliant consent request.
Paste one JS snippet into your site or app. The consent banner renders, captures, and logs — automatically.
Every consent event is signed and stored. Your DPO and DPB auditors can inspect the full log at any time.
Get Started
Consent capture that stands up in an audit.
HMAC-signed. Append-only. Live in 10 minutes.
Client Testimonials
What Our Clients Speak About Us
"We always thought DPDP compliance was the client’s responsibility since we were only executing services. But the evaluation made it clear that how we handle client data also creates risk on our side. It changed how we approach data handling internally."
Founder, A Digital Services Firm
Founder, A Digital Services Firm
"We had a basic understanding of DPDP requirements, but the scorecard highlighted gaps we hadn’t identified internally — especially around consent handling and data visibility. It gave us a much clearer starting point."
Founder, A B2B SaaS Company
Founder, A B2B SaaS Company
"We had a basic understanding of DPDP requirements, but the scorecard highlighted gaps we hadn’t identified internally — especially around consent handling and data visibility. It gave us a much clearer starting point."
Founder, A Logistics Company
Founder, A Logistics Company
"The DPDP score was surprisingly insightful. Within minutes, we could see where we stood and what needed immediate attention. It simplified something that initially felt quite complex."
Product Head, A Fintech Platform
Product Head, A Fintech Platform
"After reviewing our score, we opted for a consultation. The discussion was very practical — we got clear direction on what to fix first and how to approach DPDP compliance in a structured way."
CTO, Food Delivery Tech Platform
CTO, Food Delivery Tech Platform
"What we found valuable was the focus on actual system-level gaps, not just policies. It helped us understand where compliance could break in real operations."
Engineering Lead, A SaaS Company
Engineering Lead, A SaaS Company
"As a CTO, I didn’t want my developers to become compliance experts. The SDK and APIs abstract a lot of the DPDP complexity into something the engineering team can actually implement. It makes compliance feel more like a system capability rather than a legal burden."
CTO, CPaaS Technologies
CTO, CPaaS Technologies