# DPDP Bridge > Self-serve compliance toolkit for India's Digital Personal Data Protection Act 2023 and Draft DPDP Rules 2025. Data-Fiduciary-side automation (notice, consent, erasure, 72-hour breach, DPO console) for global B2C/B2B SaaS with 5-50% of users in India. Drop-in SDK that produces audit-ready evidence by the 2027-05-13 enforcement target. ## What this is DPDP Bridge is a Data-Fiduciary-side compliance automation layer. It implements 30+ obligations spanning the DPDP Act 2023 (24 sections) and the Draft DPDP Rules 2025 (6 rules). Customers integrate via a one-line consent SDK and a tenant API, and receive JSON / Markdown / PDF compliance reports. ## What this is not DPDP Bridge is not a registered Consent Manager under Section 6(7) of the Act / Rule 4 of the Rules. Consent Manager registration requires an Indian-incorporated company with a minimum net worth of Rs 2 crore and is out of scope for v1. Customers can integrate a registered Consent Manager later through Section 6(7) hooks exposed by the API. DPDP Bridge is a compliance tooling platform, not legal advice. Consult Indian counsel for binding interpretations. ## Target customer - Global SaaS with annual recurring revenue $1M to $50M - 5% to 50% of monthly active users in India - Verticals: FinTech, HealthTech, EdTech, HRTech, B2C subscription, B2B horizontal - Companies that already use Stripe, Vercel, or AWS - and that find OneTrust quotes prohibitive ## Pricing - Starter $199 / month - up to 50,000 Data Principals, 3 webhook endpoints, JSON + Markdown reports - Pro $499 / month - unlimited Data Principals, 10 webhooks, DPIA template, PDF reports, priority support - Both plans include a 14-day free trial via Stripe Checkout ## Module coverage - Notice and Consent SDK - Section 5 + Section 6 + Rule 3 - Erasure Workflow - Section 12 + Rule 13 (Third Schedule retention mapping) - Breach Notification - Section 8(6) 72-hour clock + Rule 7 Board form - DPO Console - Section 8(9) + Section 10(2)(a) + Rule 14 (30-day grievance SLA) - Compliance Reports - Section 4 to 16 evidence ledger - Consent Manager Bridge - Section 6(7) hooks for future Consent Manager integration ## Key dates - 2026-11-13 - Consent Manager registration window opens (draft Rule 4 timeline; verify on final notification) - 2027-05-13 - Government-communicated full enforcement target ## Penalties The Schedule of the DPDP Act sets graduated financial penalties. The maximum is Rs 250 crore (~$30 million USD) per instance for failure to take reasonable security safeguards under Section 8(5). No statutory cure period. ## Tech stack Bun runtime, Hono HTTP framework, SQLite via bun:sqlite (Postgres-compatible), Zod validation, Stripe billing, HMAC-SHA256 JWT plus per-tenant API keys, React PDF for compliance reports. ## Contact hi@dpdp-bridge.com - https://dpdp-bridge.pages.dev - https://cal.com/dpdp-bridge/demo ## Official statutory sources - DPDP Act 2023 (Act No. 22 of 2023): https://www.meity.gov.in/static/uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf - Draft DPDP Rules 2025 (MeitY, January 2025): https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Rules%202025.pdf - PRS Legislative Research summary: https://prsindia.org/billtrack/digital-personal-data-protection-bill-2023 - CERT-In Cyber Security Directions, 28 April 2022: https://www.cert-in.org.in/Directions70B_28.04.2022.pdf ## Resources - Pricing: https://dpdp-bridge.pages.dev#pricing - FAQ: https://dpdp-bridge.pages.dev#faq - Privacy: https://dpdp-bridge.pages.dev/privacy.html - Terms: https://dpdp-bridge.pages.dev/terms.html