One platform. Eleven capabilities. Your infrastructure.
AutoCops is a single integrated workspace for every DPDP control — deployable to your own GCP region, your own KMS keys, your own VPC. The platform is open, inspectable, and built so you can leave cleanly if you ever want to. Below is exactly how it works.
Four architecture principles
How the platform is built
The 11 capability modules
Every DPDP control, one workspace
All eleven modules ship in every deployment. You enable the ones you need now and turn the others on later as your programme matures.
Consent Management Platform
Itemized notice, granular capture, audit-ready withdrawal across web, mobile, and offline channels.
Cookie Consent & Banner
Auto-discover, classify and govern cookies. Drop-in banner with Google Consent Mode v2 support.
DSR & Rights Fulfilment
Logged, deadline-tracked workflow for access, correction, erasure, portability, and nomination requests.
Personal Data Breach Response
Triage, classify, notify the Data Protection Board within 72 hours, and document the post-incident review.
Data Protection Impact Assessment
Structured DPIA workflow tailored to Significant Data Fiduciary obligations. Versioned and approver-signed.
Third-party & Vendor Risk
Inventory processors, score them against DPDP clauses, and refresh diligence on a defined cadence.
Grievance Officer Workflow
Receive, triage, escalate and resolve grievances within statutory SLAs. Audit trail to the Board.
Privacy Notice Builder
Layered, multi-language notices generated from your processing activities. Versioned and signature-ready.
DPDP Control Assessment
Pre-loaded DPDP control framework, assigned to owners, with status, evidence, and overdue tracking.
Privacy Training & Enablement
Role-based modules, quizzes, completion tracking, and compliance certificates for every team.
Executive Compliance Dashboard
Board-ready posture, implementation roadmap, category compliance, and timeline tracking — live.
Under the hood
The technical stack
No black boxes. Here's exactly what runs the platform — and yes, your security team is welcome to ask follow-up questions.
| Layer | Technology | Purpose |
|---|---|---|
| Frontend | React + TypeScript + Vite | Operator-facing application UI |
| API | FastAPI (Python 3.11+) | REST API + business logic |
| Data store | Elasticsearch | Documents, audit logs, analytics |
| Auth | Username + password + TOTP MFA, HMAC-SHA256 sessions | Identity and session management |
| Encryption | AES-256 at rest, TLS 1.2+ in transit, Cloud KMS for keys | Data protection |
| Audit | Hash-chained ledger (SHA-256) | Tamper-evident audit trail |
| Deployment | Docker + Kubernetes (GKE/EKS/AKS) | Container orchestration |
| Observability | OpenTelemetry, vendor-agnostic | Metrics, traces, logs |
Deployment
Three ways to run AutoCops
Same software, three operational models. Pick the one that fits your security and ops posture.
Integrations
Connects to what you already run
AutoCops connects to the systems your team is already using. For anything that isn't natively supported, the generic REST/GraphQL connector handles it.
Security architecture
The full security story is in the Trust Center
Encryption at rest and in transit, hash-chained audit ledger, MFA-mandatory authentication, network isolation, quarterly pen tests, ISO 27001 certification in progress, SOC 2 Type II audit scheduled — and the full sub-processor list. Read the long-form version below.
See it on your data
Book a 30-minute platform walkthrough
Our compliance engineering team will demo any module live on your environment. Bring your security questions — we like the technical ones.