Compliance Framework

OctoCred Regulatory Governance & Data Control

This dashboard details the regulatory workflows and compliance safeguards implemented inside the OctoCred platform to satisfy the mandates of the Digital Personal Data Protection (DPDP) Act of India, 2023.

Notice and Customer Authorization Framework (DPDP Sections 5 & 6)

Prior to gathering any customer details, the platform presents a clear, itemized notice in the customer's preferred language (supporting both English and Hindi). This notice details exactly what information is collected and the specific purpose of collection. Customers have full control to selectively grant or withdraw permission for each individual category of data, and they can revoke their consent at any time as easily as they gave it.

Bilingual Notice Issued

The Data Fiduciary issues a clear, itemized notice detailing collected fields, specific purposes, and customer rights in English or Hindi.

Granular User Choice

The Data Principal checks/unchecks individual consent switches to grant permissions selectively on a per-purpose basis.

Cryptographic Attestation

The engine recomputes a SHA-256 signature binding the user ID, notice terms, status, and precise timestamp.

Ledger Commit

The signed transaction is committed to the immutable audit logs to protect against post-creation editing.

sequenceDiagram autonumber actor Principal as Data Principal (Customer) participant UI as Portal Interface participant Fiduciary as Data Fiduciary Engine participant Ledger as Compliance Ledger Principal->>UI: Modifies authorization preference (e.g., Credit Check -> Opt-out) UI->>Fiduciary: Transmit authorization preference activate Fiduciary Fiduciary->>Fiduciary: Update authorization status and record timestamp Note over Fiduciary,Ledger: Cryptographic Ledger Attestation (SHA-256) Fiduciary->>Ledger: Generate cryptographic ledger signature Fiduciary->>Ledger: Commit entry to Compliance Ledger Fiduciary-->>UI: Confirm preference updated deactivate Fiduciary UI->>Principal: Acknowledge preference update to Data Principal

Right to Erasure and Personal Data Disposal (DPDP Section 11)

Data Principals can exercise their legal right to request the correction or complete deletion (Right to Erasure) of their personal records. When an erasure request is submitted, it is logged directly in the Grievance Queue for officer review. Upon validation and approval by the nominated officer, the platform automatically purges all personal identifiers (such as PAN cards or bank statement references) from active storage and revokes all active consents.

Application Logged

The Data Principal submits a formal erasure request, which is routed directly into the Grievance Officer's queue.

Officer Verification

The Designated Officer analyzes the loan context and legal grounds (e.g. checking for active credit obligations).

Cascade Disposal

Upon approval, the system triggers the scrubbing engine to permanently clear personal identifiers.

Consent Nullification

All historical consents are revoked and recorded as WITHDRAWN in the cryptographic compliance ledger.

sequenceDiagram autonumber actor Principal as Data Principal (Customer) actor Officer as Designated Grievance Officer participant Desk as Compliance Desk Portal participant Fiduciary as Data Fiduciary Engine Principal->>Fiduciary: Submit formal application for Data Erasure Fiduciary->>Desk: Log ticket in Grievance Queue Officer->>Desk: Analyze application context and legal grounds Officer->>Desk: Authorize Deletion and Resolve Ticket activate Fiduciary Fiduciary->>Fiduciary: Record ticket resolution state Note over Fiduciary: Automated Disposal of Personal Data Fiduciary->>Fiduciary: Purge personal identifiers (overwrite with verification flag) Fiduciary->>Fiduciary: Nullify active authorizations and record revocations Fiduciary-->>Desk: Acknowledge completion of data erasure deactivate Fiduciary

Cryptographic Verification of Compliance Ledger (DPDP Section 8)

To ensure strict audit-readiness and regulatory alignment, the platform maintains a non-repudiable record of every customer decision. Whenever the audit sheet is opened, the system dynamically recalculates the unique security signature for each log entry and compares it against the database. Any modification or unauthorized record editing instantly triggers a compliance alert.

Log Query

The compliance auditor requests a review of the transaction ledger, fetching all historic records.

Recompute Signatures

The auditor utility loops through all entries, re-calculating the SHA-256 signature using database states.

Integrity Matching

The computed signature is matched against the original notice hash recorded when the consent was created.

Status Certification

Entries are marked with a green 'Shield Verified' badge if intact, or a red warning alert if any data was altered.

flowchart TD Start([Request Compliance Ledger Audit]) --> Fetch[Query historical ledger records] Fetch --> LoopStart{Evaluate each transaction entry...} LoopStart --> QueryNotice[Retrieve associated notice version and terms] QueryNotice --> Recalculate[Recompute cryptographic hash signature] Recalculate --> Compare{Does computed signature match ledger record?} Compare -- Yes --> Valid[Verify entry integrity - Shield Verified] Compare -- No --> Invalid[Raise integrity exception alert] Valid --> LoopEnd[Advance to next entry] Invalid --> LoopEnd LoopEnd --> LoopStart LoopEnd -- Done --> End([Complete validation of Compliance Ledger])

Regulatory Enforcement & System Architecture Map

The table below maps customer actions and business operations directly to compliance outcomes and regulatory safeguards running inside the platform.

Compliance Engine Component	Business Trigger / Action	Regulatory Outcome / Compliance Guardrail
Secure Hash Generator	Internal security check	Creates a cryptographic signature for every decision, ensuring audit logs cannot be modified post-creation without detection.
Sandbox Bootstrapper	Application startup	Initializes the environment with default notice templates, sample customers, and initial compliance states.
Consent Preference Controller	Customer adjusts dashboard permission switches	Saves granular customer choices, updates permission records immediately, and commits a record of the choice to the ledger.
New Customer Wizard	Customer signs up for a credit card or loan	Presents separate, individual check-boxes for each category of data, ensuring consent is free, specific, and unambiguous.
Grievance Desk Router	Customer files a correction or deletion ticket	Tracks and logs user requests under Section 11/12, ensuring they are addressed by the nominated Grievance Officer.
Erasure & Scrubbing Engine	Grievance Officer approves a deletion request	Purges personal customer data, halts processing, and automatically revokes active consents.
Compliance Audit Viewer	Auditor reviews the transaction ledger	Verifies signatures on-the-fly, providing immediate visual confirmation that data is correct and untampered.