DPDP Act 2023

1. Overview

The Digital Personal Data Protection Act, 2023 ("DPDPA") mandates strict controls on the collection, storage, and processing of personal data. DoqSeal provides the technical tools required for Data Fiduciaries to meet their obligations under Section 8 of the Act, including automated PII discovery and secure handling.

2. Data Residency & Sovereignty

All personal data processed by DoqSeal is stored exclusively within India. Our infrastructure resides in the following MeitY-empanelled regions:

• Primary: AWS ap-south-1 (Mumbai)
• Secondary/DR: AWS ap-south-2 (Hyderabad)

We do not replicate, cache, or transmit personal data outside the sovereign territory of India.

3. Encryption & Security Safeguards

Section 8(4) requires reasonable security safeguards to prevent personal data breaches. DoqSeal implements:

• Client-Side Encryption: Documents are encrypted using AES-256-GCM before transmission.
• Confidential Computing: Processing occurs within AWS Nitro Enclaves. Plaintext data is never accessible to DoqSeal operators or the underlying host system.
• Zero-Retention Processing: For real-time extractions, document content is handled in volatile memory and purged immediately after the API response is sent.

4. Consent Management Support

We enable Data Fiduciaries to maintain verifiable records of consent as per Section 6 of the DPDPA. Our platform allows you to tag processed documents with specific consent identifiers, facilitating automated workflows if a Data Principal withdraws consent.

5. Right to Erasure (Section 11)

Data Principals have the right to the erasure of their personal data. DoqSeal facilitates this through:

• Instant Cryptographic Wipe: Deleting a document via our API triggers an immediate purge from primary databases and hot caches.
• Backup Cycle: Data is irrevocably removed from cold backups within 30 days of the initial erasure request.

6. Data Protection Officer (DPO)