Cookie consent banner
Granular, prior consent with reject as easy as accept — no pre-ticked boxes, no dark patterns.
Built for India's DPDP Act 2023 + Rules 2025
Free DPDP Compliance Scanner for Indian Websites
Where does your website stand on India's DPDP Act?
A free, plain-English scorecard for any Indian website. We'll show you the gaps against the DPDP Act 2023 + Rules 2025 — and suggest what to fix first — well before the 13 May 2027 deadline.
- Free, no signup
- 10-category breakdown
- Actionable fixes for each gap
No website yet, or want a higher-level view? Try the free DPDP risk calculator → · 10 questions, 60 seconds, no signup.
Sample report
acme.in
62/ 100Needs Work
- HTTPS & basic security headersPass
- Privacy notice — missing grievance officerWarning
- Trackers firing before consentFail
- No withdraw-consent mechanismWarning
Aligned to DPDP Act 2023 + Rules 2025
We don't store your site data
India-built, India-focused
Live · Refreshed daily
DPDP-Compliant CMPs — verified by checkDPDP
These consent managers pass our daily DPDP Act 2023 + Rules 2025 scan. Each badge is live — click through to verify the score in real time.
Get DPDP-Certified by checkDPDP
Earn a publicly verifiable DPDP certificate for your website.
Open to any Indian website — SaaS, BFSI, healthtech, edtech, D2C, publishers, consent platforms. We audit your site against the DPDP Act 2023 + Rules 2025 and issue a live, signed certificate (Gold, Verified or Aligned). Free first round. If you don't pass, the prioritised fix-list is free too.
DPDP GoldScore 85–100 · Top tierDPDP VerifiedScore 70–84 · Production-readyDPDP AlignedScore 55–69 · Right direction
DPDP Act 2023 · in force in India
Time left until India's DPDP full-compliance deadline.
MeitY notified the DPDP Rules on 13–14 November 2025 with an 18-month phased rollout. Every Indian website needs to be defensible by 13 May 2027. Start with a free scan today.
———
Days
——
Hours
——
Minutes
——
Seconds
Target: 13 May 2027 · 00:00 IST
Counting in your browser
How it works
From a URL to a suggested fix-list in 60 seconds
No agents to install, no code changes. Paste a URL — we do the rest, and offer plain-English suggestions for each gap. You decide what to act on.
- Step 01
Scan your URL
Enter any public website. We crawl the page like a regulator would and check 10 DPDP categories.
- Step 02
See your score & gaps
Get an overall 0–100 score, then a category-by-category breakdown — pass, warning or fail, with the reason.
- Step 03
Fix it with our guides & tools
Every gap links to a plain-English fix and, where useful, a free tool (consent banner, policy generator, rights-request form).
What we check
Ten categories. One score. Zero guesswork.
Every checkDPDP scan maps to a specific obligation under the DPDP Act or Rules. We tell you what we found, why it matters, and how to fix it.
Privacy / consent notice
A clear notice in plain language listing purposes, categories of personal data and how to exercise rights.
Consent withdrawal
An obvious mechanism to withdraw consent — and it must be as easy as giving it in the first place.
Data collection transparency
All forms, trackers and integrations that collect personal data are disclosed before collection.
Third-party trackers
No analytics, ads or pixels load before the user opts in. Reject = nothing fires.
Grievance officer / contact
A Grievance Officer or contact point is published, with an SLA for response.
Data Principal rights
Access, correction, erasure, nomination and grievance — all reachable in one place.
Cross-border transfer disclosure
If data leaves India, the notice says where and why — and the destination is not on the blacklist.
Children & age-gate
Verifiable parental consent for users under 18. No behavioural tracking, no targeted ads.
Security signals
HTTPS, modern headers (HSTS, CSP, X-Content-Type), and no obvious leakage of personal data.
Tools & Indian alternatives
Free DPDP tools, plus honest pointers to India-built CMPs
A handful of high-value tools we maintain ourselves, alongside an editorial comparison of India-headquartered consent managers — Tsaaro, CookieYes, Privado.ai, Sprinto, Cygnet, Seclore, Adzapier, CyberSRC and more. Pick whichever fits.
Cookie Consent Manager
Coming soon · FreeA DPDP-aligned consent banner: granular categories, reject as easy as accept, consent logging and easy withdrawal. One-line embed.
Explore
Privacy / Consent Notice
FreeGenerate a DPDP-style consent notice from a short questionnaire. Lists purposes, categories of data, retention, rights and grievance contact.
Explore
Data Principal Rights
FreeAn embeddable intake form for access, correction, erasure, nomination and grievance requests — with an audit log.
Explore
By industry
Which industries the DPDP Act hits hardest
The penalty exposure for ignoring the DPDP Act is wildly uneven by sector. BFSI, healthtech and edtech sit in the ₹250 cr / ₹200 cr bands with sector-regulator overlays on top. Find your sector below for the specific obligations, controls and realistic effort.
#1 most exposed
BFSI & Fintech
Highest DPDP exposure of any Indian sector — payment data, KYC, credit profiles all in scope.
Up to ₹250 crRBI · SEBI
#2 most exposed
Diagnostic Labs & Pathology Chains
Patient PII + lab results + Aadhaar-linked KYC — the most stacked DPDP exposure of any sub-sector inside healthcare.
Up to ₹250 crMoH&FW · MCI / NMC
#3 most exposed
Healthtech & Pharma
Health data is the highest-sensitivity category — DPDP overlaps with ABDM and the Clinical Establishments rules.
Up to ₹250 crMoH&FW (via ABDM/NHA) · IRDAI (insurance-tech)
#4 most exposed
Edtech
Children's data is the headline restriction — verifiable parental consent, no tracking, no targeted ads.
Up to ₹200 crMoE (UGC, AICTE, NCERT) · CERT-In
#5 most exposed
E-commerce & D2C
Trackers + checkout PII + post-purchase marketing — the three places DPDP scanners hit hardest.
Up to ₹150 crMCA / CCPA (consumer protection) · FSSAI (if food)
#6 most exposed
SaaS
Joint accountability with your customers — and DPAs to your sub-processors are the bottleneck.
Up to ₹150 crCERT-In · Sector-specific (depends on customer mix)
Why now
2026 is the build year. The clock is real.
The DPDP Rules were notified on 13–14 November 2025 with an 18-month phased rollout. Full compliance is required by 13 May 2027.
13 May 2027
Full compliance deadline
₹250 cr
Max penalty — failure of security safeguards
₹200 cr
Max penalty — failure to notify a breach
72 hrs
Detailed breach report to the Data Protection Board
Sources: Digital Personal Data Protection Act, 2023 (Schedule); Digital Personal Data Protection Rules, 2025 (notified by MeitY, 13–14 Nov 2025). See our DPDP Act guide for citations.
Stay in the loop
We'll email you when DPDP actually changes.
Government notifications, deadline reminders, new consent-manager comparisons — sent only when there's real news. Always with a one-click unsubscribe and a DPDP-compliant notice on collection.
Find your DPDP score in 60 seconds.
Free. No signup. We'll tell you what's missing — and exactly what to do about it.
