Is your site DPDPA compliant?
Run a free automated DPDPA scan. We load your site, find the trackers that fire before consent, and map them to India's Digital Personal Data Protection Act obligations with a plain-English risk score.
- Spot trackers firing before consent
- Map findings to DPDP Act obligations
- Get a prioritized fix list in seconds
What the DPDPA scan checks
Pre-consent tracking
Cookies and scripts that fire before a visitor chooses, the single biggest DPDPA risk.
Obligation mapping
Each finding is mapped to a specific DPDPA duty, marked pass, fail or needs review.
Risk score & fixes
A plain-English risk score with the exact gaps to close first, and how to close them.
How it works
Enter your domain
Add the website to check and where to send the full report.
We scan public pages
We load your site in a real browser and inventory cookies, scripts and third-party calls.
Get a DPDPA report
A scored checklist maps what we found to your DPDPA obligations and how to fix each gap.
Found DPDPA gaps? Close them in minutes
ConsentX blocks trackers before consent, honors withdrawal and keeps an audit-ready evidence trail. Free to start.
Get started freeDPDPA scanner questions
What does the DPDPA compliance scanner check?+
It loads your public pages, lists the trackers that fire before consent, and maps each finding to a DPDP Act obligation, itemized notice and prior consent, verifiable consent, §9 children's protections, easy withdrawal and data-principal rights, as pass, fail or needs review.
Is the DPDPA scanner free?+
Yes. It is free and needs no account. We scan public pages only, and the full report (with PDF) is emailed to you.
How is the scanner different from the DPDPA quiz?+
The scanner inspects your live site and flags what actually fires before consent. The DPDPA quiz is a self-assessment of your processes against each DPDP Act section. Use both: the scan for technical gaps, the quiz for policy gaps.
What does the deep scan inspect?+
It fetches your homepage and key policy pages and inspects security headers, cookies set before consent, the consent platform in use, advertising tags, third-party domains, and whether your privacy and cookie policies are linked, then maps it all to DPDP Act obligations with evidence.
Does the scanner read my privacy policy?+
Yes. It fetches your linked privacy and cookie policy pages and checks whether the text references parental consent for children, withdrawal, a grievance officer/DPO and data-principal rights. It reads public pages only and is indicative triage, not a legal audit.
Does DPDPA require age verification?+
Yes. Section 9 requires verifiable parental consent for users under 18 and bars tracking or targeted ads to children.
What counts as valid consent under DPDPA?+
Consent must follow an itemized, plain-language notice and be verifiable, with withdrawal as easy as giving it.