Constitution Part III · DPDP-native

Trust, by architecture — not by promise.

India's Digital Personal Data Protection Act 2023 becomes fully enforceable in May 2027. Most platforms serving Indian students will scramble then. We built for it from day one — because the penalty is ₹250 crore and because you shouldn't have to trust us, you should be able to verify us.

The data lifecycle

How your data moves through ProveIQ

Signup

Age gate · parental consent if <18

Consent

Per-purpose checkboxes · timestamped · hash-stored

Storage

Indian VPS · Hostinger KVM2 · no cross-border replication

Portability

One-click JSON+PDF export · /api/dsr/access

Deletion

Hard cascading delete · backups purged ≤30d

Every arrow is a Prisma transaction. Every action is auditable. Every right is callable from /trust/dsr.

DPDP commitment

Our plain-English pledge to meet the May 2027 compliance bar — from day one, not in a panic.

Read

Consent model

Granular, per-purpose consent. Each checkbox, each purpose, timestamped, revocable.

Read

Data Subject Rights

Five public endpoints: access, correction, erasure, grievance, nomination. Live today.

Read

Under-18 / parental

Verifiable parental consent before any processing. Annual re-confirmation.

Read

Breach notification

72-hour pledge to CERT-In, the Data Protection Board, and affected users.

Read

Agreement Rate (live)

How often our AI agrees with the humans who rated the same submission. Published even on bad days.

Read

Contact our Data Protection Officer

DPDP §3.1.7 mandates a public DPO contact. Ours is live at /dpo — one email address, responses inside 7 working days, escalation path to the Data Protection Board documented.

Go to DPO page