P
ProveIQ
Compliance

Procurement-grade. Day-one grade.

The DPDP Act 2023 refit deadline is 2027-05-13. Most Indian vendors will scramble for 9-18 months. ProveIQ was architected for DPDP from schema v1. GDPR mapping published. SOC 2 Type II Q3 2026. ISO 27001 Q4 2026. DPIA + BAA templates available on request.

Standards, status, and the honest version.

DPDP Act 2023 (India)
Shipped
Native. Consent + retention + deletion + minor handling shipped (deadline 2027-05-13). DPIA template + signed BAA on contract.
GDPR-equivalence (EU)
In review
Mapping published. For GCCs with EU/UK parents. Cross-border transfer assessment available on request.
SOC 2 Type II
Q3 2026
In progress. Q3 2026 target — public engagement ships with auditor name + scope statement.
ISO 27001
Q4 2026
In progress. Q4 2026 target — public engagement.
AICTE / NIRF / NAAC reporting
Shipped
Shipped. Recruiter-side hire-confirmation feeds these (TPO side).

What “DPDP-native” actually means.

Three primitives, shipped. Every protected interaction in ProveIQ logs them. Every primitive links to its own public trust page.

Consent capture

Every interaction logs purpose + consent version. Nothing is stored without explicit recruiter and candidate consent on a named purpose.

Read the trust page →

Retention clock

Every stored record carries a visible retention countdown. Expiry is enforced, not documented — records delete themselves on schedule.

Read the trust page →

Deletion API

One-click fulfilment of Data Subject Rights requests within 7 days. Audit trail is machine-readable for DPO workflows.

Read the trust page →

GDPR cross-border posture.

For GCCs with EU/UK parents: ProveIQ Indian-VPS residency means no cross-border Article 44 transfer unless the customer explicitly opts in. Transfer assessment + SCCs available on request.

Procurement documents, ready to ship.

Three artefacts your procurement, legal, and security teams expect on day one. Request once, receive within the SLA below.

DPIA template

Pre-filled for recruiter-side verification use cases. Legal can review in 2 hours.

Request →

BAA / Data Processing Agreement

Mutually executable on contract. GDPR + DPDP cross-compliance.

Request →

Security questionnaire

Standardised VSAQ format. 48h SLA on response. Previous answers cached.

Request →

Honesty disclosure.

The in-progress entries above are real engineering work, not marketing positioning. Q3/Q4 2026 dates are public commitments tracked in /roadmap. We will name the auditor + scope the day the SOC 2 engagement starts.

Compliance shipped. Now the unit economics.

TCO math for 50/200/500 recruiters. Vendor consolidation against the incumbent mix. The published per-verification anchor.

See the TCO mathBook a security walkthrough