One platform. Twelve capabilities. Your infrastructure.
AutoCops is a single integrated workspace for every DPDP control — deployable to your own GCP region, your own KMS keys, your own VPC. The platform is open, inspectable, and built so you can leave cleanly if you ever want to. Below is exactly how it works.
Four architecture principles
How the platform is built
The 12 capability modules
Every DPDP control, one workspace
All twelve modules ship in every deployment. You enable the ones you need now and turn the others on later as your programme matures.DSPM is new in v2.1.3.
Data Security Posture Management
Discover, classify, and govern sensitive data across your stack — with every finding tied back to a DPDP section, a Data Principal, and a documented purpose.
Consent Management Platform
Itemized notice, granular capture, audit-ready withdrawal across web, mobile, and offline channels.
Cookie Consent & Banner
Auto-discover, classify and govern cookies. Drop-in banner with Google Consent Mode v2 support.
DSR & Rights Fulfilment
Logged, deadline-tracked workflow for access, correction, erasure, portability, and nomination requests.
Personal Data Breach Response
Triage, classify, notify the Data Protection Board within 72 hours, and document the post-incident review.
Data Protection Impact Assessment
Structured DPIA workflow tailored to Significant Data Fiduciary obligations. Versioned and approver-signed.
Third-party & Vendor Risk
Inventory processors, score them against DPDP clauses, and refresh diligence on a defined cadence.
Grievance Officer Workflow
Receive, triage, escalate and resolve grievances within statutory SLAs. Audit trail to the Board.
Privacy Notice Builder
Layered, multi-language notices generated from your processing activities. Versioned and signature-ready.
DPDP Control Assessment
Pre-loaded DPDP control framework, assigned to owners, with status, evidence, and overdue tracking.
Privacy Training & Enablement
Role-based modules, quizzes, completion tracking, and compliance certificates for every team.
Executive Compliance Dashboard
Board-ready posture, implementation roadmap, category compliance, and timeline tracking — live.
Under the hood
Architecture overview
A capability-level look at how the platform is built. Specific frameworks, runtime versions, and library inventories are available to enterprise customers and security reviewers under NDA — request them via the contact page.
| Layer | Capability | Purpose |
|---|---|---|
| Frontend | Modern single-page operator UI | Operator-facing application interface |
| API | Hardened REST API with role-based access control | Business logic and data orchestration |
| Data store | Document-oriented store with full-text search and audit indexing | Records, evidence, and analytical queries |
| Identity & sessions | Username + password + mandatory TOTP MFA, signed server-side sessions | Authentication and session management |
| Encryption | Strong symmetric encryption at rest, modern TLS in transit, customer-managed keys | Data protection |
| Audit | Hash-chained, tamper-evident ledger with cryptographic integrity proofs | Forensic-grade audit trail |
| Deployment | Container-orchestrated, multi-cloud (your GCP / AWS / Azure region) | Hosting model |
| Observability | Vendor-agnostic metrics, traces, and structured logs | Operational visibility |
Deployment
Three ways to run AutoCops
Same software, three operational models. Pick the one that fits your security and ops posture.
Integrations
Connects to what you already run
AutoCops connects to the systems your team is already using. For anything that isn't natively supported, the generic REST/GraphQL connector handles it.
Security architecture
The full security story is in the Trust Center
Encryption at rest and in transit, hash-chained audit ledger, MFA-mandatory authentication, network isolation, quarterly pen tests, ISO 27001 certification in progress, SOC 2 Type II audit scheduled — and the full sub-processor list. Read the long-form version below.
See it on your data
Book a 30-minute platform walkthrough
Our compliance engineering team will demo any module live on your environment. Bring your security questions — we like the technical ones.