DPDP-first posture
India-Region Processing is framed around purpose, consent, rights, and accountable escalation.
Data residency
India-region posture by default.
For procurement and privacy teams: where PRAMAAN processes verification data, how cross-border transfer is handled, and how evidence is reviewed.
Compliance grid
The control story, without unsupported claims.
Evidence artifact
The page links downloadable or machine-readable proof that buyers can send to legal and security teams.
No over-claiming
Current controls, roadmap items, and unsupported certification claims are kept separate.
Operational workflow
The route explains what happens before, during, and after the trust control is used.
Certification badges
Current posture and roadmap are separated.
Sales teams can forward this page as a live trust packet because each badge says whether it is mapped, aligned, targeted, or still on the roadmap.
DPDP 2023
MappedConsent, purpose limitation, rights, grievance, breach, and minor consent are surfaced in public routes.
ISO 27001
RoadmapEvidence collection, access-control review, and quarterly internal audit tracks are published without over-claiming.
CERT-In posture
AlignedIncident response, breach communication, and security contact paths are ready for accountable escalation.
Accessibility
AA targetWCAG 2.1 AA and IS 17802 commitments are tracked with automated pa11y and axe gates.
Downloadable evidence
Procurement files, directly linked.
Security report PDFAnnual transparency report with consent, breach, uptime, and audit posture.Trust whitepaperProcurement-readable explanation of PRAMAAN verification controls.Customer rights summaryPlain-language DSR, grievance, correction, and erasure summary.DPA templateEnterprise data-processing terms for security and legal teams.
Operating timeline
What happens when this control is used.
- 1
Prepare
The buyer or data principal sees the purpose and route up front.
- 2
Operate
PRAMAAN processes through the minimum necessary public trust lane.
- 3
Review
Evidence, escalation, or DSR handling remains linked after the decision.
FAQ
Answers procurement usually asks first.
Is this a certification claim?
No. PRAMAAN separates current controls, roadmap items, and external certifications so buyers can audit the exact state.
Where is personal data processed?
The public posture is India-region processing with no cross-border transfer by default for PRAMAAN verification data.
Can a data principal exercise rights without an account?
Yes. The DSR route exposes access, correction, erasure, grievance, and nomination requests without requiring a dashboard login.
How fast are incidents disclosed?
The public posture is a 72-hour breach communication posture, with DPO and security escalation paths linked from the trust surface.