Free compliance check

Is your database actually legal?

India's Digital Personal Data Protection Act is in force, and it applies to your side project too. If you collect a name, email or phone number, you have obligations — and most AI-generated backends meet none of them. We'll show you exactly where you stand.

₹250 cr

Maximum DPDP penalty

Check my compliance See pricing →

AI built your backend. It didn't read the law.

The DPDP Act, 2023 treats you as a 'Data Fiduciary' the moment you store someone's personal data. It demands consent, security, and a way for users to be forgotten. Vibe-coded apps almost always skip all three.

✕Personal data collected with no record of consent

✕No way for a user to request deletion of their data ('right to erasure')

✕Weak or missing row-level security — any logged-in user can read everyone's data

✕PII sitting in plaintext logs, analytics and third-party tools

✕No data-retention policy and no breach-notification plan

What our compliance check covers.

A practical, engineer-led review of how your app actually handles personal data — not a generic legal PDF.

✓ PII inventory

Map exactly what personal data you collect, where it's stored, and who can access it.

✓ Consent flow

Check whether consent is captured, specific, and recorded — as the Act requires.

✓ Right to erasure

Verify a real, working path for users to request and receive data deletion.

✓ Row-level security

Audit RLS and access controls so users can only ever see their own data.

✓ Data minimisation

Flag data you collect but don't need — a core DPDP principle and a liability if breached.

✓ Retention & breach plan

Review how long you keep data and whether you can respond to a breach in time.

Why this is worth fixing now.

Compliance isn't just about avoiding fines — though those are severe. It's increasingly a requirement to close enterprise deals, raise funding, and earn user trust.

→Penalties up to ₹250 crore per violation under the DPDP Act

→Enterprise customers now demand a data-protection posture before they sign

→Investors run data diligence — gaps here can stall or kill a round

→A single breach of unprotected PII can end a young company's reputation

How we get you compliant.

Audit & gap report

A prioritised, plain-English report of where you stand against each DPDP requirement.

Lock down access

Implement proper row-level security and access controls so data can't leak between users.

Build consent & deletion

Add real consent capture and a working data-deletion flow your users can actually use.

Policy & retention

Set up retention rules, minimise stored PII, and document a breach-response plan.

Find out if your app is a liability — free check, clear answers, fixes if you want them.

Check my compliance Or email us →