A Project by Meridian Bridge Strategy
Book Consultation
Live Analysis Engine

Is Your Privacy Policy
DPDP Ready?

We analyze one top Indian company's privacy policy every day against the DPDP Act 2023. See where they stand — and where you might be at risk.

42 Companies
49/100 Avg Score
272 Gaps Found
View Latest Analyses → Book a Strategy Call ↗

Latest Analyses

View All →
SaaS & IT

Freshworks

35

Freshworks' privacy policy, with a future effective date of July 2025, is primarily tailored for international laws like GDPR and CCPA. Despite having an Indian entity, the policy completely omits the DPDP Act 2023, broadly claims 'legitimate interests' for many processing activities, and lacks critical details on data retention and security measures (in the provided text), exposing its Indian operations to significant DPDP non-compliance risks.

⚠️ No explicit DPDP Act 2023 reference or compliance framework
⚠️ Broad use of 'legitimate interest' where DPDP requires consent
+6 more gaps detected
Feb 2026 View Report
Fintech

CRED

66

CRED's privacy policy strongly emphasizes user consent and robust security, including RBI data localization for payment data. However, it requires clearer DPDP alignment regarding truly 'freely given' consent, specific data retention timelines, comprehensive Data Principal rights, and the Data Protection Board as a grievance escalation channel.

⚠️ Consent potentially bundled with core features, not 'freely given'
⚠️ No specific data retention periods defined beyond legal mandates
+3 more gaps detected
Feb 2026 View Report
EdTech

BYJU'S

38

BYJU'S, a major EdTech platform, handles sensitive educational data, including that of children. Its privacy policy is extensive but hasn't fully updated for the DPDP Act 2023, particularly struggling with granular consent, verifiable parental consent for minors, and specific data retention timelines. These gaps create substantial regulatory risk, especially concerning Section 23 (Children's Data).

⚠️ No explicit DPDP Act 2023 reference; relies on IT Act 2000 framework
⚠️ Bundled consent fails 'freely given' and 'specific' DPDP standards
+5 more gaps detected
Feb 2026 View Report

Industry-Specific Consulting

DPDP compliance isn't one-size-fits-all. We specialize in sector-specific data regulations.

💳

Fintech

View Analysis → 🏥

Healthcare

View Analysis → 🛒

E-commerce

View Analysis → ☁️

SaaS

View Analysis → 🎓

EdTech

View Analysis → 🎮

Gaming

View Analysis →

Explore Our Resources

Guides, comparisons, and city-specific compliance consulting — everything you need to navigate the DPDP Act.

📖

Compliance Guides

Step-by-step guides for hospitals, startups, SaaS companies, and more.

Browse Guides → ⚖️

Law Comparisons

DPDP vs GDPR, CCPA, LGPD, PIPL — side-by-side breakdowns.

Compare Laws → 📍

By City

Localized DPDP consulting for Mumbai, Bangalore, Delhi, and 20+ cities.

Find Your City →

Unsure about your DPDP liability?

Get a clear, jargon-free assessment of your compliance obligations. No "fear-mongering", just prudent business risk management.

Book Free 30-min Clarity Call Take Free 60s Audit
📞 Free Consultation