DPDP Act 2023 → enforcement live§8(6) + Rule 7(2): 72h breach reportMax penalty: ₹250 Cr22 scheduled languagesap-south-1 · MumbaiConsent Manager framework: pilotDPDP Rules: operationalisedDPDP Act 2023 → enforcement live§8(6) + Rule 7(2): 72h breach reportMax penalty: ₹250 Cr22 scheduled languagesap-south-1 · MumbaiConsent Manager framework: pilotDPDP Rules: operationalised
[01]Product · Module 01

The consent of record for India.

Crawlshark's Consent Ledger is the single, tamper-evident source of truth for every consent your product collects — purpose-bound, language-stamped, and DPIA-ready in under 72 hours.

Consent receipts / sec
12,000
Withdrawal SLA
< 30s
Languages stamped
22
Hash chain
SHA-256
[02]Use case

Why product teams adopt a consent ledger before anything else.

[01]
Prove valid consent (§6)

Every receipt is signed, time-stamped, and bound to the exact itemised notice the Data Principal saw — in their language of choice.

[02]
Withdrawal in one tap (§6(4))

A user can revoke any purpose from a single dashboard; downstream systems get a webhook within 30 seconds.

[03]
Purpose binding

Marketing, analytics, and product purposes are tracked separately — no more 'we accept all' anti-patterns.

[04]
Audit on demand

Export a signed CSV or JSONL of any Data Principal's consent history for the Data Protection Board in seconds.

Penalty for invalid consent
₹50 Cr
§33 · Schedule Item 5
Median time to first receipt
11 min
from SDK install
Withdrawal completeness
100%
downstream propagation
Ledger durability
11×9s
ap-south-1 + ap-south-2
[03]Targets

Built for teams who can't 'best-effort' consent.

Who
Today's pain
With Crawlshark
Mid-market SaaS
30+ microservices, no single source of truth for what a customer agreed to.
One ledger, one webhook, retroactive purpose backfill.
D2C & marketplaces
Marketing stack collects consent in 6 places; legal can't reconcile them.
Unified receipt API across web, app, WhatsApp, POS.
Fintech & lending
RBI account aggregator + DPDP overlap, no proof of itemised notice.
Dual-stamped receipts that satisfy both regulators.
Healthtech
Sensitive data (§2(t)) needs explicit, granular, revocable consent.
Purpose-level toggles with ABDM-compatible receipts.

Make consent your strongest evidence, not your biggest liability.

Drop the SDK in a sprint. Migrate historical consents in a week. Defensible by §6 of the DPDP Act on day one.