Security & DPDPA Compliance

FRD §11 — Digital Personal Data Protection Act controls & audit posture

PII Encryption at Rest

AES-256

TLS in Transit

TLS 1.3

Session Timeout

30 min idle

MFA Coverage

87% of users

Consent Capture Rate

94% of new leads

Right to Erasure SLA

≤ 30 days

DPDPA Controls

Explicit opt-in capture (email & WA)

Active

Granular consent purposes (marketing/transactional)

Active

Consent withdrawal mechanism (1-click)

Active

Data Principal access requests workflow

Active

Right to erasure (with audit trail)

Active

Cross-border transfer assessment

Reviewed

Breach notification (72-hr) playbook

Documented

Data Protection Officer designated

Yes

Policies & Documentation

Privacy Notice (web + journeys)v2.3 — 2025-01-12

Cookie Policyv1.4 — 2024-11-05

Data Retention ScheduleLeads 7yr / Logs 3yr

Vendor DPA — Marketing SuiteSigned

Vendor DPA — Email GatewaySigned

Vendor DPA — WhatsApp BSPSigned

Annual DPIA reviewDue Q2 2025