A free, full DPDP audit with admin credentials — how the checkDPDP free-audit actually works

The checkDPDP free audit is genuinely free — no card, no trial that auto-bills, no 'free first scan then ₹50k for the report'. Send your name, email, and the website URL you want audited. A specialist runs a 10-category DPDP audit on the live site and emails you back a personal admin-dashboard URL with single-use sign-in credentials. The whole loop closes inside 1 business day. This post explains the four moments in that loop so you know exactly what to expect.

**Moment 1 — Submit (60 seconds).** Open [/free-audit](/free-audit) and fill the form. Name, email, website URL, optional phone (used only if email bounces), optional message ('please verify our new banner', 'we're an edtech, please look at parental consent'). Before submit, tick the consent box — clicking it opens a Section 5 itemised notice popup listing every purpose, every category of data, the retention window, and your rights. Section 6 of the DPDP Act requires explicit affirmative consent for any data processing; we hold ourselves to the same bar checkDPDP applies to every other Indian website. Consent is captured with timestamp, IP and user agent as an immutable audit row in our Consent log. The same consent timestamp appears in your acknowledgement email so you have evidence on both sides.

**Moment 2 — Acknowledgement (within seconds).** You get an email back immediately with the subject 'Your checkDPDP free audit for <yourdomain> — we'll send credentials within 1 business day'. The email confirms the audit covers all 10 categories: cookie consent behaviour, privacy notice quality, withdrawal flow, third-party trackers, grievance-officer disclosure, Data Principal rights mechanism, cross-border transfer disclosure, children's age-gate, HTTPS + security headers, Section 8(5) safeguard spot-check. Same email logs the Section 6 consent timestamp and reminds you that the audit itself is free — anyone asking for payment in our name is phishing.

**Moment 3 — Credentials (1 business day, usually faster).** A checkDPDP specialist runs the audit on your live site using the same engine that powers the public [scanner](/scan) — but with the manual layer that catches edge cases an automated scan misses (forms behind authentication, processor inventory questions, breach-playbook readiness). Once the report is ready, you get a second email with your personal audit-dashboard URL and single-use sign-in credentials. The credentials rotate after first login so the URL is yours alone.

**Moment 4 — Walk through the report.** Open the dashboard, log in, and you land on a Pass/Warn/Fail board for every one of the 10 categories. Click into a Fail and you see (a) the evidence — which tracker fired, which header was missing, which form lacked a Section 5 disclosure — and (b) the exact 30-minute fix, linked to the right free tool from the checkDPDP stack (the [banner builder](/tools/banner-builder), the [privacy notice generator](/tools/privacy-notice), the [DPA generator](/tools/dpa-generator) or the [breach-notification template](/tools/breach-notification)). Apply the fix, click Re-scan, watch the score move in real time. Reach the 70+ band and you're eligible to apply for the publicly verifiable [DPDP-Verified badge](/apply-certification).

**Who the free audit is for.** Indian SMBs preparing for the 13 May 2027 deadline who want a defensible posture without a six-month consultancy programme. Founders cleaning up a vendor inventory before a Series A due-diligence ask. Edtech / fintech / healthtech teams under pressure from Section 9, Section 16 or sector-regulator overlays. Compliance leads who want a baseline audit report they can hand to their board without paying ₹3 lakh for what is effectively a one-week effort.

**Who the free audit is NOT for.** If you're a Significant Data Fiduciary under Section 10 (designated or about to be), the free audit is a useful first pass but you'll also need a periodic Independent Data Auditor and an India-resident DPO. If you have a live breach in progress, do not start with the audit — call your incident-response lead and use our [72-hour breach template](/tools/breach-notification) first, then audit afterwards. If you're already at the 85+ Gold band, the free audit will mostly tell you what you already know; consider applying directly for the [DPDP Gold badge](/apply-certification).

**What 'free' actually means here.** It means the audit, the dashboard access, the email back-and-forth, and the certification eligibility all cost ₹0. Paid checkDPDP plans add multi-site monitoring, team seats, audit-export PDFs at scale and priority SLA — none are required for the free audit itself. If a future communication from anyone claims you owe money for your free audit, that's a phishing attempt against you and against us; forward it to grievance@checkdpdp.in.

**Privacy of your data during the audit.** We capture only what we need to deliver the audit — your name, email, website URL and your message — and an immutable Consent row that proves you authorised the processing under Section 6. Withdraw at any time, free, by replying to your audit email or writing to grievance@checkdpdp.in. We respond to erasure requests within 30 days; we do not sell your data, ever, and we do not share it with third parties.

**Ready to start?** [Request your free audit here](/free-audit). If you prefer to test the scanner yourself first to see where you stand, the [public 60-second scan](/scan) gives you an instant 0–100 score across the same 10 categories — come back for the full audit afterwards if anything looks red. If you have a single specific DPDP question instead of needing a whole audit, [DPDP Connect](/dpdp-connect) routes your question to a specialist for a 1-business-day written reply.