DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

Trust

Your consent data is stored in India

ConsentX runs on AWS in the Mumbai region (ap-south-1), with intra-region processing by default, encryption in transit and at rest, and Cloudflare protection.

In short
ConsentX hosts its application and consent data store on Amazon Web Services in the Asia Pacific Mumbai region (ap-south-1) in India. Primary processing of consent data remains intra-region in India; where any onward transfer occurs it is governed by Standard Contractual Clauses with the UK Addendum. Data is encrypted in transit and at rest, and the edge is protected by Cloudflare.

Hosted in India

The ConsentX application and its consent data store run on Amazon Web Services in the Asia Pacific Mumbai region (ap-south-1), in India.

Intra-region by default

Primary processing of consent data remains intra-region in India. Where any onward transfer occurs, Standard Contractual Clauses with the UK Addendum apply.

Encrypted in transit and at rest

Data is encrypted in transit with TLS between the browser, our edge and our application, and at rest using storage-layer encryption on AWS. Backups are encrypted too.

Edge protection

Our edge is protected by Cloudflare, including a web application firewall and DDoS mitigation, in front of the India-hosted application.

On certifications, we are transparent: ConsentX does not yet hold SOC 2 or ISO 27001, and we will not claim either until it is independently verified. Both are on our roadmap. See the Security and Trust pages.

SecurityData Processing AgreementSubprocessorsConsentX for India

India-hosted, DPDPA-native consent

Run consent on infrastructure in India with verifiable, audit-ready evidence.

Get started free Book a demo

Data residency questions

Is ConsentX consent data stored in India?+

Yes. The ConsentX application and consent data store are hosted on AWS in the Mumbai region (ap-south-1) in India, with primary processing kept intra-region.

Does ConsentX meet DPDPA data-handling expectations for India?+

ConsentX hosts consent data in India, encrypts it in transit and at rest, keeps a tamper-evident record, and offers a signed DPA with a DPDPA addendum. Confirm your specific obligations with counsel.

What happens if data is transferred outside India?+

Primary processing remains intra-region in India. Where any onward transfer to a subprocessor occurs, it is governed by Standard Contractual Clauses with the UK Addendum, and the subprocessor list is published.

Where can I verify these claims?+

The same facts are stated on our Security, DPA and Subprocessors pages, which name AWS ap-south-1 (Mumbai) and the transfer mechanisms.