DPDP Act 2023 Compliance

India's DPDP Act 2023 governs how organizations process personal data of Indian residents. Enforcement is expected to commence in 2026. Abscode Technologies LLP, an India-registered limited liability partnership, is built to be DPDP-ready from day one. Here's how.

1. Role definitions

When you (the customer) use Abscode to process personal data of Indian residents:

You are the Data Fiduciary (DPDP's term for controller)
Abscode is your Data Processor

A Data Processing Agreement (DPA) is available — request it from legal@abscode.com.

2. Data residency

India customers' data hosted in GCP Mumbai (asia-south1) by default
No cross-border data transfer unless customer explicitly chooses non-India region
Enterprise customers can configure single-region pinning

3. Document handling

Documents auto-purged within 24 hours of API response delivery (default)
Optional 5-minute purge per API key
Documents never used for model training
TLS 1.3 in transit, AES-256 at rest
PII Masking API available for redaction before archival

4. Consent management

DPDP requires Data Fiduciaries (you) to obtain valid consent before processing personal data. Abscode does not collect end-user consent on your behalf — your application must implement consent capture per DPDP requirements. We can provide consent log templates and integration patterns on request.

5. Data principal rights

DPDP grants Data Principals (end users) rights to access, correct, and erase their data. As your Data Processor, Abscode supports these rights by:

Providing data export APIs for end-user data on request
Supporting forced deletion within 7 days of customer instruction
Maintaining audit logs of access/correction/deletion actions

6. Breach reporting

Abscode will notify affected customers within 72 hours of confirmed data breach
Sufficient detail provided for customer to comply with DPDP's own breach reporting obligations to Data Protection Board
Security disclosures: security@abscode.com

7. Significant Data Fiduciary (SDF) support

If you are classified as a Significant Data Fiduciary under DPDP, Abscode provides additional support — Data Protection Impact Assessment templates, audit log access, dedicated CSM. Enterprise tier includes this; lower tiers can purchase add-on.

8. Data Protection Officer contact

DPDP queries, DPA requests, breach reports: dpo@abscode.com

Need a DPA signed before signup?

Enterprise customers get a pre-signed DPA as part of contract negotiation. Standard self-serve customers can request our standard DPA from legal@abscode.com — usually executed within 5 business days.

India DPDP compliance.