Built in India, for India — to the letter of the DPDP Act.
Imported global suites are GDPR products with an India tab. Building in-house takes two quarters and never reaches regulator-ready quality. Sammati is the third option — and it ships today.
अपनी सहमति देने से पहले कृपया यह सूचना पढ़ें।
Acme Bank Ltd. आपकी निजी जानकारी का प्रसंस्करण DPDP अधिनियम, 2023 की धारा 6 के तहत करेगा।
DEVANAGARI · 22 scripts supported
சம்மதியளிக்கும் முன் இந்த அறிவிப்பை வாசிக்கவும்.
Acme Bank Ltd. உங்கள் தனிநபர் தரவை DPDP சட்டம், 2023 பிரிவு 6 இன் கீழ் செயலாக்கும்.
TAMIL · 22 scripts supported
Please read this notice before giving your consent.
Acme Bank Ltd. will process your personal data under DPDP Act, 2023 §6 for the purposes listed below.
LATIN · 22 scripts supported
consent writes / month per deployment
p95 consent write latency
uptime SLA with credit-back
Indian languages supported
SaaS onboarding time
max DPDP penalty Sammati helps avoid
Six reasons fiduciaries pick us.
Not differentiators on a slide. Differentiators that show up in your audit, your onboarding, and your budget.
DPDP-native, not GDPR-retrofitted
Sammati is built around DPDP Act, 2023 — purposes, lawful bases, parental consent, six DPRs, MeitY ECF. We do not paper over GDPR with India copy. That shows up in your audit trail.
22 Indian languages out of the box
Hosted portal and notices localised in Hindi, Tamil, Telugu, Bengali, Marathi, Gujarati, Kannada, Malayalam, Punjabi, Odia, Assamese, and 11 more. Generic tools support 0–4 Indian languages.
BYOC by default for regulated DFs
Banks, insurers, and regulated fiduciaries deploy Sammati inside their own AWS account via Terraform. Data, keys, and audit logs never leave the customer VPC. No imported SaaS workarounds.
Hash-chained immutable ledger
Every consent artifact is signed (ECDSA-P256) and chained: hash_self = SHA256(canonical_json ‖ hash_prev). Tamper-evident by construction. Defensible in front of any DPB inquiry.
MeitY ECF + AWS Marketplace
Aligned with MeitY Electronic Consent Framework. Listed on AWS Marketplace India — procurable through committed AWS spend. Indian invoicing, Indian DPA, Indian time zones.
₹15L flat, no per-seat fees
One price, both deployments, unlimited admin users. Imported tools start at $50K and add seat fees, API metering, language packs. Sammati is priced for predictability at Indian scale.
Who Sammati is for.
Six personas around DPDP compliance. Sammati is built so each of them gets unblocked the same day.
Pain
Drowning in spreadsheets tracking purposes, notices, and consent versions. Cannot prove compliance to the board.
With Sammati
Single source of truth: purpose register, notice library, immutable ledger, audit log. Generates compliance reports in one click.
Pain
Asked to build consent storage from scratch. Worries about hash chains, signing keys, language localisation.
With Sammati
Drop-in Server API + Hosted Portal. SDKs for Node / Python / Java. Skip 6 months of plumbing; ship product.
Pain
Cannot read English-only consent notices. Has no way to withdraw or download his data.
With Sammati
Preference Center in his language with OTP-only auth. Granular toggles. One-tap withdrawal. DSR submission flow.
Pain
Auditor asks "show me the exact notice version this user consented to in March 2025." Cannot answer.
With Sammati
Every artifact references its notice version. Time-machine view of any consent at any point. Auditor-ready exports.
Pain
CISO will not approve a US-hosted SaaS for sensitive consent data. Building in-house is 2 quarters of work.
With Sammati
BYOC inside your VPC via Terraform. Or India-hosted SaaS. Either way, CISO sign-off in days, not months.
Pain
Reviewing 12 fiduciaries, each with bespoke consent stores. No standard format, no signed receipts.
With Sammati
Standardised JSON-LD consent receipts with signatures. Hash-chained ledger exports. ECF-aligned schemas.
Why not build it in-house?
Most teams underestimate consent infrastructure by 5×. Here's what you take on if you build.
| Concern | Build in-house | Sammati |
|---|---|---|
| Engineering effort | 2 quarters, 4 engineers | None — drop-in |
| Hash chain + signing implementation | You own bugs and key rotation | Battle-tested across deployments |
| 22 language translations | Translation budget + maintenance | Included, versioned, MeitY-aligned |
| Audit log + retention | Build CloudTrail-style yourself | Built-in, 7-year retention |
| DPDP rights workflows | Spec from scratch per right | Six DPRs out of the box |
| Regulator-ready evidence | Hand-rolled exports | Signed JSON-LD receipts on demand |
| Total cost of ownership (3 yr) | ₹2–4 Cr ongoing | ₹45L + your AWS bill |
Trust posture.
Everything an enterprise security review will ask for, ready on day one.
Encryption
AES-256 at rest, TLS 1.3 in transit. KMS-backed CMK on Tier 3.
Audit log
Every admin action logged, signed, retained 7 years.
India residency
ap-south-1 + ap-south-2 only. Data does not leave India.
Performance
<200ms p95 consent writes at 5M/month. Cached reads <50ms.
DPDP coverage
All six DPRs, parental flow, lawful bases, 7-year retention.
MeitY ECF
Aligned schemas. Compatible with India's electronic consent framework.
Single-tenant option
BYOC with Terraform — your VPC, your keys, your audit boundary.
AWS Marketplace
Procure via your AWS bill. EDP-eligible. Indian invoicing in INR.
Talk to a DPDP engineer, not a sales rep.
30 minutes. Bring your toughest compliance question. We'll show how Sammati answers it — and what it costs.