India DPDP Act 2023 · Wix App

DPDP compliance for your Wix site. Installed in one click.

DPDPA.support turns any Wix site into a compliant data fiduciary under India's Digital Personal Data Protection Act, 2023 — a per-purpose consent ledger, cookie and tracker gating, data-principal self-service, and a DPO console. Far more than a cookie banner.

Get DPDP-compliant See how it works

Self-hosted · Multi-tenant · Billed securely via Wix

The clock is real. The rules are notified.

The DPDP Rules 2025 are notified and the Data Protection Board of India is constituted. Two statutory dates now bind every business handling personal data on a Wix site: 13 November 2026, when Consent Manager integration becomes mandatory under Rule 4, and 13 May 2027, when all substantive obligations land — lawful consent, breach reporting, data-principal rights, and security safeguards. These are deadlines, not promotions, and the work of mapping your data, capturing per-purpose consent with proof, and honouring erasure takes time. DPDPA.support gets your site standing on the right side of both — one install, not a legal project.

Rule 4 · Consent Manager integration

13 November 2026

days hrs min sec

All substantive obligations

13 May 2027

days hrs min sec

Install reads your site. You answer two questions. Done.

Install DPDPA.support from the Wix App Market. Onboarding reads your site, then asks for just two things: your fiduciary legal name and your DPO email. One click provisions your tenant in the multi-tenant TSI CMS — fiduciary record, app, API keys, and a published policy, with every secret stored in OpenBao per instance, never in code or the browser. From that moment, consent events flow from Wix to the CMS over signed webhooks, your data principals manage everything at your-site/my-data, and withdrawals push back from the CMS to Wix so marketing actually stops. The platform stays self-hosted on our infrastructure; you stay in Wix.

  1. 1

    Install

    One click from the Wix App Market.

  2. 2

    Provision

    Tenant, API keys & published policy — secrets in OpenBao.

  3. 3

    Consent

    Events flow Wix → CMS over signed webhooks.

  4. 4

    Rights

    Principals self-serve at your-site/my-data.

  5. 5

    DPO

    Grievances, erasure queue & RoPA in one console.

Your data principals manage their own consent.

At your-site/my-data, members are auto-resolved from their Wix identity — no email is ever typed. An OTP step-up confirms identity to that inbox only, the dashboard is tenant-themed, and consent is exposed as per-purpose toggles, both grouped and individual, with accept-all and decline-all. Manage-anytime is built in, and the experience ships in English and Hindi. It is the front door to every right your principals hold.

My Data · आपका डेटा

§11 access reports and §12 erasure that actually stops processing.

One click produces a §11 access and portability report spanning eleven Wix data sources — contacts, members, marketing consent, email subscriptions, orders, bookings, form submissions, inbox, invoices, loyalty, and reviews, downloadable as JSON. For §12 erasure, processing stops instantly: consents withdrawn, Wix marketing consent revoked, email subscriptions cancelled, marketing labels stripped. Records then freeze under a documented §8(7) legal hold and auto-purge with proof when the retention clock expires. Withdrawal is two-way — it pushes from the CMS back to Wix so marketing genuinely stops and the contact is unsubscribed.

  • Contacts
  • Members
  • Marketing consent
  • Email subscriptions
  • Orders
  • Bookings
  • Form submissions
  • Inbox
  • Invoices
  • Loyalty
  • Reviews

A DPO console, not a spreadsheet.

Your Data Protection Officer gets a real console: a grievance respond-and-action flow for §13, an erasure queue, and principal lookup. Grievances, corrections, and portability requests can be filed and resolved in one place, with consent receipts firing as automation events on grant, withdrawal, and erasure — proven delivering from a tenant's own domain.

Grievances

Respond & action (§13)

Erasure queue

§12 with §8(7) hold

Principal lookup

Find any data principal

Discover where PII lives. Map it to purposes and RoPA.

DPDPA.support can auto-discover where personal data lives across your Wix site, classify it, and auto-map it to DPDP purposes and a Record of Processing Activities — ready for DPB export and breach-scoping. It is the difference between hoping you know your data flows and being able to show them.

Bring your own AI key. Classification and GRC posture.

On the Intelligence tier, Nexus uses your own LLM key (BYO-key) to power classification — your data, your model, your control. Compass adds GRC posture so you can see where you stand. These are the depth differentiators for fiduciaries who want intelligence on top of compliance, without handing their data to someone else's model.

Self-hosted. Secrets in their place. Tenant-isolated.

DPDPA.support is self-hosted and multi-tenant: every tenant's secrets live in OpenBao per instance, sessions are tenant-bound so one site's session is invalid on every other, tenant isolation is enforced fail-closed, and webhooks are verified with RS256 signatures. Errors are tenant-voiced with no infrastructure leakage. Built and operated by CynorSense Solutions Pvt. Ltd., Hyderabad, India, the system of record is the multi-tenant TSI DPDP CMS with an append-only audit store. To be precise about roles: this is the fiduciary's own compliance platform — a consent management platform, not a Board-registered Consent Manager.

  • OpenBao per instanceEvery tenant's secrets isolated.
  • Tenant-bound sessionsOne site's session is invalid on every other.
  • Fail-closed isolationTenant isolation enforced fail-closed.
  • RS256 webhooksSignatures verified on every event.

Transparent pricing, billed securely via Wix.

Pick the tier that matches your obligations. Every plan is billed securely via Wix, monthly, with no setup fees and no contracts. Prices shown in USD with an INR toggle. Start with consent capture and grow into full DPO tooling and AI-assisted classification as your compliance programme matures.

Consent

$9/mo

  • Per-purpose consent ledger with §8(2) append-only audit proof
  • Consent events captured Wix to CMS via signed webhooks
  • Cookie and tracker gating (TAG_OVERRIDE enforcement)
  • Analytics and advertising scripts blocked until consent
Get DPDP-compliant

Rights

$19/mo

  • Everything in Consent
  • your-site/my-data self-service (tenant-themed, EN + HI)
  • Member auto-resolve + OTP step-up — no typed emails
  • Per-purpose toggles, grouped + individual, accept/decline-all
  • §11 access & portability report and §12 erasure
  • Grievance, correction & portability request filing (§13)
Get DPDP-compliant
Most popular

Audit

$39/mo

  • Everything in Rights
  • DPO console: grievance respond/action, erasure queue, principal lookup
  • Discovery to classify to RoPA mapping
  • Append-only audit log (webhook envelope persistence)
  • DPB-ready export
  • §8(7) legal-hold erasure with retention engine
Get DPDP-compliant

Intelligence

$79/mo

  • Everything in Audit
  • Nexus AI classification (bring your own LLM key)
  • Compass GRC posture
  • Auto-map PII to DPDP purposes + breach-scope
  • Your data, your model — BYO-key control
Get DPDP-compliant

Monthly pricing, billed securely via Wix. USD / INR toggle at ~83 INR per USD. Transparent pricing, no setup fees, no contracts.

DPDP questions, answered plainly.

Straight answers on the deadlines, what a consent management platform is (and isn't), whether this is more than a cookie banner, self-hosting and tenant isolation, languages, billing, and how erasure works under legal hold.

Get DPDP-compliant before the deadline forces it.

The 13 May 2027 deadline does not move. Install DPDPA.support on your Wix site, complete a two-field onboarding, and start capturing consent with proof today. Prefer a walkthrough first? Book a demo and we'll show you the full flow on a test site.

Get DPDP-compliant Book a demo
Get DPDP-compliant