ConsentRights PortalBreach ResponseComplianceData InventoryRisk RegisterVendor RiskRegulatory RadarEnterprise
All Plans

Know Exactly What Data You Hold

Map every asset, processor, and data flow across your organisation. Auto-generate your RoPA and track processor DPAs before they become liabilities.

Start Free Book a Demo
What you get
Data Asset Registry
6 asset types — databases, apps, APIs, vendors
Visual Data Flow Map
Node graph with encryption status per flow
Processor DPA Tracker
SIGNED / MISSING / EXPIRED per vendor
Auto-generated RoPA PDF
Regulator-acceptable format, one click
How It Works

From asset registry to regulator-ready RoPA

1
Register your data assets
Log every database, application, file store, or third-party service that holds personal data. Classify type and sensitivity.
2
Map data flows
Connect assets to show how personal data moves between systems. Encrypted-in-transit status tracked per flow.
3
Track processor DPAs
Every third-party processor needs a Data Processing Agreement under DPDPA S.8(2). DPDPA Shield flags SIGNED, MISSING, and EXPIRED DPAs.
4
Set retention policies
Define retention periods and legal basis per data category. Get alerts before records exceed their retention window.
5
Export RoPA
One-click PDF export of your full Record of Processing Activities — cover, summary, assets, processors, flows, and DPO certification.
Features

Complete data landscape visibility

Core

Asset Registry

6 asset types: Database, Application, File Store, Third-Party, API, Device. Sensitivity and owner fields.

Visual Data Flow Map

Interactive node graph showing data movement between systems. Green solid = encrypted, red dashed = unencrypted.

Processor DPA Tracker

DPA status per processor: SIGNED / MISSING / EXPIRED. Contract expiry alerts 30 days before deadline.

Retention Policy Manager

Set retention days and legal basis per data category. Auto-delete flag for automated purge workflows.

Export

RoPA PDF Export

Regulator-acceptable Record of Processing Activities generated on demand. Includes DPO certification section.

DPA Alert Emails

Daily consolidated alert when processor DPAs are missing, expired, or due for renewal. Sent to DPO.

6
Asset types
Auto
RoPA generation
30-day
DPA expiry alerts
All
Plans included
Available from Starter plan onwards

Data Inventory & RoPA is available on all plans, including Starter.

FAQ

RoPA, DPAs, and data inventory — answered

What is a Record of Processing Activities (RoPA) and who needs one under DPDPA?+

A RoPA is a structured document listing every category of personal data your organisation processes, including purpose, legal basis, data categories, retention period, and processor details. Under DPDPA, Significant Data Fiduciaries are required to maintain an up-to-date RoPA. Even non-SDF companies benefit from maintaining one — it's the primary evidence document in any regulatory inquiry. DPDPA Shield generates your RoPA automatically from your data inventory.

What is a Data Processing Agreement (DPA) and when is it required?+

A DPA is a contract between a Data Fiduciary (you) and a Data Processor (any third party that handles personal data on your behalf) that specifies the scope, purpose, and obligations of the processing. DPDPA S.8(2) requires written agreements with all data processors. A missing or expired DPA is a direct liability — if a processor causes a breach, you bear full regulatory responsibility without a valid DPA in place.

What asset types does DPDPA Shield track?+

DPDPA Shield tracks 6 asset types: Database (PostgreSQL, MySQL, MongoDB etc.), Application (web apps, mobile apps, SaaS tools), File Store (Google Drive, S3, SharePoint), Third-Party (vendors and processors), API (external integrations), and Device (endpoints and servers). Each asset can be tagged with data categories and sensitivity level.

Is Data Inventory available on all plans?+

Yes. Data Inventory and RoPA generation are available on all DPDPA Shield plans, including Starter. There are no plan gates on this module — DPDPA compliance requires every organisation to know what data they hold, regardless of company size.

Start mapping your data landscape today.

Available on all plans. No setup fee. Your first RoPA export takes under 10 minutes.

Get Started Free Book a Demo
From the Blog

Does DPDPA Apply to My Startup?

A plain-language guide to understanding DPDPA obligations for Indian startups and SMEs.

Read article

How to Build a DPDPA-Compliant Consent Notice

Step-by-step guide to building a consent notice that satisfies all DPDPA requirements.

Read article
Explore More

Other Products

Consent Management

Prove every consent. Court-admissible SHA-256 proof.

Learn more

Rights Request Portal

OTP-verified portal. 30-day SLA countdown.

Learn more

Breach Response

Never miss the 72-hour Board notification window.

Learn more

Compliance Dashboard

Real-time 0–100 compliance health score.

Learn more

Risk Register

Track, score, and treat every DPDPA risk. Growth+.

Learn more

Vendor Risk Intelligence

Automated security scoring for every data processor. Growth+.

Learn more

Regulatory Radar

AI-curated DPDPA updates. Never miss an enforcement signal.

Learn more

Enterprise Modules

Children's data, DPIA, SDF — highest-penalty coverage.

Learn more