The whole product, shown the way you'd actually use it.
No marketing carousel. No feature dump. Just the nine modules a Sammati deployment ships with — from the cryptographic core, to the hosted notice your customer reads, to the DPO inbox where rights requests land, to the parental consent flow for minors.
The cryptographic core.
Purpose repository, immutable consent artifacts, ECDSA-P256 signatures, hash-chained ledger, S3 immutable mirror. The pieces that hold up in court.
- Immutable artifacts — No UPDATE permitted, withdrawal is a new artifact
- Hash-chained — SHA-256 over canonical JSON ‖ prev hash
- Per-tenant KMS — ECDSA P-256 signing keys, segregated
- S3 Object Lock — Mirrored within 60s — Merkle root, nightly walk
Consent Artifact
Immutable. Signed.
ECDSA-P256 Signature
MEYCIQDx7v...8nKw9LfP=
Your consent, your data.
Acme Bank is asking for your consent before we collect any of your personal data. We need this for the following purposes:
1. Account opening and identity verification (KYC). Required for opening an account with us.
2. Fraud detection and transaction monitoring. Required for detecting suspicious activity on your account.
3. Marketing communications. Optional. You can decline this without affecting your account.
आपकी सहमति, आपका डेटा।
Acme Bank आपका कोई भी व्यक्तिगत डेटा एकत्र करने से पहले आपकी सहमति माँग रहा है।
1. खाता खोलना और KYC सत्यापन। हमारे साथ खाता खोलने के लिए आवश्यक।
2. धोखाधड़ी की पहचान और लेन-देन की निगरानी।
3. मार्केटिंग संचार। वैकल्पिक।
Notices, versioned and translated.
Versioned notices with multi-language content. Two-column translation editor with outdated-translation detection. Sector packs for BFSI, healthtech, edtech, e-commerce, and SaaS, pre-written and ready to fork.
- Lifecycle — draft → published → archived
- One active per tenant — auto-archive on republish
- Diff view — between any two versions
- Outdated detection — when source body changes
- XSS-safe — HTML sanitised at write time
Redirect, choose, come back.
Redirect-based consent flow. No frontend integration — your backend mints a token, the user makes their choices on Sammati's hosted page, you get a callback with the artifact ID. Twenty-two Indian languages, ready out of the box.
- Token mint — POST /v1/tokens issues HMAC-SHA256 JWT, 15-min TTL
- Allow-listed return_url — no open-redirect risk
- Equal-weight buttons — Accept and Reject, no dark patterns
- Essential disabled — shown as accepted with tooltip
- Receipt before redirect — with artifact ID
आपकी सहमति, आपका डेटा।
Acme Bank आपका डेटा एकत्र करने से पहले आपकी सहमति माँग रहा है।
खाता खोलना (आवश्यक)
Essential — Account opening
लेन-देन की निगरानी
Fraud detection (optional)
मार्केटिंग संचार
Marketing (optional)
{
"principal_id": "+91-94XXX-47821",
"notice_version": "acme-bank-bfsi-v3.2",
"language": "hi-IN",
"purposes": [
{ "id": "kyc", "granted": true },
{ "id": "fraud", "granted": true },
{ "id": "marketing", "granted": false }
],
"idempotency_key": "a8f3e1…"
}{
"artifact_id": "cnst_38291",
"principal_id": "+91-94XXX-47821",
"granted_at": "2026-05-20T09:41:22Z",
"hash_self": "c7e9...f2a3",
"hash_prev": "a3f2...b8c1",
"signature": "MEYCIQDx7v...",
"kms_key_id": "arn:aws:kms:...",
"ledger_seq": 38291,
"s3_mirror": {
"status": "pending",
"eta_seconds": 47
},
"verification_url":
"https://verify.sammati.io/
cnst_38291"
}When you bring your own UI.
For flows where your own UI captures consent — agent-assisted onboarding, in-app forms, contact-center voice. Single-write, bulk ingestion, withdrawals, queries. All idempotent. All signed.
- POST /v1/consents — single artifact, idempotent
- POST /v1/consents/bulk — async, 1,000 per batch
- POST /v1/consents/{id}/withdraw — new withdrawn artifact
- GET /v1/consents — current state by principal
- argon2id keys — scope-restricted, revocable
Their consent. Their settings.
Self-service portal for Data Principals. OTP-verified login, view current consents, toggle purposes, see full history, launch rights requests. DPDP §6(4)-compliant one-click withdrawal from any email link.
- OTP login — SMS or email, 6-digit, 10-min TTL
- Per-purpose toggle — new artifact written on change
- Full timeline — every artifact, with date, language, method
- Downloadable receipt — PDF for any artifact
- One-click withdraw — DPDP §6(4) compliant from email links
Welcome back
Your preferences.
Signed in as +91 ••••• 47821
Required to keep your account open
Transaction monitoring
Emails about offers and products
RTR-2418
+91 ••••• 47821
Withdraw all data
RTR-2417
+91 ••••• 33102
Export consent log
RTR-2410
+91 ••••• 89417
Update marketing pref
RTR-2405
+91 ••••• 22056
Unauthorized purpose
RTR-2398
+91 ••••• 71834
Verify identity
RTR-2392
+91 ••••• 91283
with evidence
Four rights, four timers.
All four DPDP rights — Access, Correction, Erasure, Grievance — handled in one Kanban inbox. Configurable SLA timers, OTP verification, immutable rights_events trail. The clock starts at verification, not at intake.
- Configurable SLAs — Set per organisation. Grievance capped at the 90-day statutory ceiling (Rule 14(3)); default 90d for all four.
- RAG-coded Kanban — Green >5d, Amber 1–5d, Red overdue
- Erasure auto-checks — RBI 10-year retention conflicts flagged
- Stated-reason rejections — all transitions logged immutably
- Email + SMS — notifications at intake and on fulfilment
Compliance Score
47
Pages Crawled
12
Forms Found
2
Unmapped
/personal/savings-account
Account opening
7 PII fields
/personal/loans/personal
Loan application
9 PII fields
/business/contact
Contact form
4 PII fields
/newsletter-signup
AI-classified: marketing
2 PII fields
/feedback
Orphan inputs (no <form>)
3 PII fields
Every form on your site, mapped.
Crawl-based form discovery, field-level PII classification, AI-augmented detection. Inventory of every form on your site with mapping and a compliance score that updates with every crawl.
- Puppeteer crawl — up to 200 pages with sitemap discovery
- Field-level PII — email, phone, SSN, address, etc.
- Orphan input detection — fields not in <form>
- AI form-type — via Llama 3.3 70B (credit-gated)
- Revision history — + admin History panel
- Compliance score — mapped (40) + inline-UX (35) + notice (25)
Minors, verifiably consented.
DPDP requires verifiable parental consent for minors. Sammati handles minor detection at the consent collection point, opens a parental ticket, sends OTP or email to the parent contact, and writes the artifact with a minor_flag once approved.
- Minor detection — at collection or via age-gate
- Parental ticket — OTP/email to parent, 24h expiry
- Parent sees a summary — of what's being consented, in their language
- minor_flag artifact — linked to parental ticket
- Sensitive data — blocked at write time
- Erasure prioritised — 15d for minors, vs 30d standard
Parental Consent Request
Aarav (age 14) wants to open an account.
As Aarav's parent or guardian, Acme Bank needs your consent before opening a youth savings account in their name.
Sensitive purposes are blocked by default for minors.
Verifying as +91 94XXX 89417 · Parent
Built for the DPO, not just the developer.
The Sammati admin console is the daily home of your DPO, compliance analyst, and auditor. Six roles, one console, role-scoped views.
Home Dashboard
DPO, Admin
KPI cards, consent activity, integrity status, rights SLA alerts
Purposes
DPO, Editor
Create, edit, publish, deprecate. Translations and sector pack import
Notices
DPO, Editor
Two-column translation editor, version history, diff view
Consents / Ledger
DPO, Auditor
Search by principal, view artifact, integrity check, export
Rights
DPO, Compliance
Kanban by status. Assign, update, close with evidence
Audit Log
DPO, Auditor
Searchable, filterable event log. CSV export
Reports
DPO, Auditor
Monthly consent summary, Rights SLA, Purpose adoption
Integrations
Admin, Engineer
API keys, webhooks, allow-list of redirect URLs
Want to see this running on real data?
We'll walk you through a live consent flow, the DPO inbox, and a full ledger integrity verification — in under 30 minutes.