Answer 15 questions about your product. See your exact penalty exposure in rupees. Get AI-generated policies, a visual data map, breach tracker, and evidence locker — all self-serve, no lawyers needed.
Calculator: no signup · 2 minutes · see your number in rupees
Who the DPDPA applies to — Section 3
Any organisation that collects, stores, or processes personal data of individuals in India — including organisations headquartered outside India that offer goods or services to people in India.
Source: Section 3, Digital Personal Data Protection Act 2023
Reality check
Each of these is an active DPDPA violation. The Data Protection Board is operational.
Free. No signup. 2 minutes.
Free tools
No account required. Both tools run entirely on publicly available information.
Tool 01 — No signup
Scans your website for undisclosed third-party data processors, missing privacy notices, forms without consent mechanisms, and cross-border data transfers. Results in under 60 seconds.
Run a free scan →Tool 02 — No signup
Five questions about your organisation. Returns your penalty exposure in rupees based on the DPDPA penalty methodology. The number that makes you act.
Calculate your risk →Key obligations under DPDPA 2023
The following become mandatory from May 13, 2027. The Data Protection Board is operational and accepting complaints.
Every Data Fiduciary must publish a standalone privacy notice — not buried in terms of service — with an itemised description of personal data collected, purposes, and direct links for consent withdrawal and rights exercise.
Encryption at rest and in transit, access controls, log monitoring, data backups, and a documented TOM framework. Security clauses must be present in every Data Processor contract.
A signed DPA is required with every third party that processes personal data on your behalf — cloud providers, analytics platforms, CRM tools, communication services.
Affected Data Principals must be notified without delay. A detailed report must be submitted to the Data Protection Board within 72 hours. CERT-In must be notified within 6 hours of detection.
Access, correction, erasure, and grievance mechanisms must be published and operational. Grievance requests resolved within 90 days. Correction requests within 7 days.
Retention periods must be defined for every category of personal data. Data must be erased when the purpose is no longer served. Processing logs retained for minimum one year.
How Complyoo works
15 questions covering your data collection practices, processing tools, storage locations, and existing controls. Completed in under 10 minutes.
Immediate compliance risk assessment — your penalty exposure in rupees, and the specific gaps that require remediation, ordered by penalty size.
AI generates your policies from your answers. Your data map is built from your tools. Upload evidence and your controls auto-complete.
Breaches happen at 11pm on a Friday. You need to be ready.
CERT-In Report
From detection. File at incident.cert-in.org.in. Even if you're still investigating.
DPBI Initial Notice
Rule 7(2)(a). File with what you know. Don't wait for the full picture.
DPBI 72-Hour Report
Rule 7(2)(b). Full incident report with data categories, principals affected, root cause.
Database breach — user records exposed
Log the breach → clocks start → templates load instantly
Platform features
Every output is generated from your answers — grounded in the specific DPDPA rule it satisfies.
Your exact rupee exposure — ₹45-75 lakh shown as the hero metric, not a generic checklist. Know your number the moment you complete onboarding.
DPDPA 2023 penalty methodology
11 DPDPA policies generated section-by-section from your answers. Your Privacy Notice mentions Razorpay and AWS by name — not 'payment processor' and 'cloud provider'.
Rule 3, 6, 7, 8, 14, 15 DPDPA
Interactive diagram: Source → Storage → Processor → Destination. See which vendors are missing DPAs, which flows are cross-border. Export as 7-page audit PDF.
Rule 15, Section 16 DPDPA
Log a breach manually. Three clocks start: CERT-In 6-hour, DPBI Initial Notice, DPBI 72-Hour Report. Templates you already generated load instantly. No searching at 11pm.
Rule 7, CERT-In Directions 2022
Upload proof that controls are implemented. AI reviews each file against the specific control requirement and auto-completes the control when verified.
DPDPA accountability obligations
57 DPDPA controls, ordered by penalty exposure. Each shows the applicable Rule, penalty amount, and effort estimate. Focus Mode guides you through step by step.
Parts 6 + 15, DPDPA reference
Your actual tools — Razorpay, AWS, Mixpanel, Stripe — with direct DPA links. Track signed/pending/missing status. See which vendors still need agreements.
Section 8(2) DPDPA 2023
One-click export of your data map as a 7-page PDF audit document with signature fields. The document you hand a DPBI inspector or investor due diligence team.
DPDPA audit requirements
Five questions. See your DPDPA exposure before signing up. No email, no account. Your number in rupees in 2 minutes.
complyoo.com/calculator
Why Complyoo
Every competitor requires a call before you can start. Complyoo is the only platform where you go from zero to compliant tonight, without talking to anyone.
Your Privacy Notice mentions Razorpay, Mixpanel, and AWS because you told us you use them. Not 'Third-Party Analytics Provider A'. Real documents for your real stack.
You don't open Complyoo and see a 47-item checklist. You see ₹45-75 lakh in red. That's the number that makes you act. Everything else follows from that.
Consultants charge ₹5 lakh for a one-time engagement. Every competitor requires a sales call for pricing. Our pricing is on this page. You can start tonight.
Product roadmap
Start with the essentials. Operational and infrastructure capabilities follow as your organisation scales.
Assess your obligations. Generate your documents.
Operate your compliance programme.
Full DPDPA compliance infrastructure.
Pricing
Consultants charge ₹5 lakh for a one-time engagement. We charge ₹2,999/month for a living system.
V1 — Everything you need to start
or ₹24,999/year — save ₹11,000
No credit card required
Free calculator. No signup. 2 minutes. Find out exactly what you're exposed to under DPDPA 2023.
No demo calls. No sales process. Email: hello@complyoo.com