Your Hospital Data
Deserves a Shield

The Digital Personal Data Protection Act 2023 is India's comprehensive data privacy law. It regulates how organizations collect, store, process, and share personal data of Indian citizens. The enforcement deadline is 13 May 2027, with penalties ranging from ₹50 Crore to ₹500 Crore for non-compliance.

Yes, 100%. DPDP Shield runs entirely on your machine. It connects directly to your local or network database using read-only access. No data is sent to any external server, cloud service, or third party. Your hospital data never leaves your machine.

DPDP Shield supports PostgreSQL, MySQL, Microsoft SQL Server, Oracle, and SQLite. It connects using standard database credentials with read-only access to scan your schema and data patterns.

A Machine ID is a 12-character hex string derived from your computer's hostname and OS username. DPDP Shield displays your Machine ID in the Settings panel. Each Pro license is tied to one machine for security.

The Free tier includes 5 critical compliance checks: CHK-001 (Consent Records), CHK-006 (Encryption at Rest), CHK-015 (Data Retention Policy), CHK-018 (Access Logging), and CHK-021 (Breach Notification). These cover the most fundamental DPDP requirements.

The Pro tier unlocks all 36 compliance checks covering 14 DPDP Act rules, including consent management, data minimisation, encryption, retention policies, audit logging, breach notification, children's data protection, third-party data sharing, grievance redressal, and more. You also get PDF reports, evidence reports, and fix guides.

Each Pro license is tied to a specific Machine ID. If you need to transfer your license, please contact us at team@promptly.co.in and we will assist you with the transfer.

Yes. We offer a 7-day refund window from the date of purchase. If you are not satisfied, contact us at team@promptly.co.in within 7 days for a full refund.

The Enterprise tier is designed for hospital chains and large organizations that need bulk licenses. It includes custom pricing per seat, priority support, and dedicated onboarding. Contact us to discuss your requirements.

No. DPDP Shield uses read-only database access. It only reads your schema structure and data patterns to assess compliance. It never writes, modifies, or deletes any data in your database.

Yes — DPDP Shield was built specifically for air-gapped environments. It is a self-contained desktop application (Tauri + bundled sidecar) with zero runtime downloads and no outbound network calls. It connects only to your hospital's own database on the local network (localhost or LAN IP) using read-only credentials. There is no telemetry, no analytics, no crash reporting, and no phone-home of any kind. License validation uses an embedded Ed25519 key — after the one-time online activation, no internet connection is ever required again.

No. DPDP Shield is a passive read-only observer — it cannot modify, lock, or interfere with any running system. Read-only access is enforced at three independent levels: the database session (SET default_transaction_read_only = ON for PostgreSQL), an application-level keyword blocker that rejects any DELETE, UPDATE, INSERT, CREATE, DROP, or ALTER statement before it reaches the database driver, and the use of read-only database credentials. The tool only runs SELECT queries to inspect schema structure and sample small amounts of data (50 rows by default). It does not touch DICOM, HL7, or FHIR endpoints and has no awareness of PACS or LIS protocols. Running it is equivalent to opening a read-only pgAdmin session.

From May 13, 2027, the Data Protection Board of India (DPBI) can receive patient complaints, initiate investigations, and enforce penalties. Violations of security safeguards (encryption, access control, audit logs) carry penalties up to ₹250 Crore per breach. Breach notification failures carry up to ₹200 Crore. Hospitals must be able to demonstrate active compliance infrastructure — not just intent. DPDP Shield's PDF compliance reports (bilingual English/Hindi) document your audit status and serve as evidence of 'reasonable security practices' if your hospital is investigated. The time to prepare is now, not after enforcement begins.

Yes. The DPDP Act 2023 applies to every hospital regardless of size — there is no small-business exemption for healthcare. Any hospital that collects patient names, Aadhaar numbers, phone numbers, or medical records is a Data Fiduciary with full obligations under the Act. The only size-based distinction is the Significant Data Fiduciary threshold (~100,000 patient records), which triggers additional obligations like appointing a Data Protection Officer and conducting annual Data Protection Impact Assessments. Small hospitals below this threshold are still fully liable for all other rules including consent, data minimisation, security safeguards, breach notification, and children's data protections. This is precisely why DPDP Shield is priced at ₹50,000/year — enterprise compliance tools cost ₹75–80 Lakh, but the legal obligation is identical.