CrewCheck
Sign In
Free Compliance Scanner — No Sign-up Required

Is Your Website DPDP Compliant?

Scan any website against 18 compliance checks, detect shadow AI endpoints, find pre-consent trackers, and get a board-ready PDF report — in under 2 minutes.

We crawl only publicly accessible pages. No data is stored without your consent.

18

Compliance Checks

7

RBI Sutras Graded

22

Languages Checked

Free

No Sign-up

<2min

Scan Time

How It Works

Three agents. One comprehensive report.

Our scanner uses a multi-agent pipeline to analyze your website like a compliance auditor would.

01

Scout Agent

Loads your site in headless Chromium. Crawls up to 20 pages. Captures screenshots, network requests, consent banners, form fields, and privacy policies.

  • Dynamic JS rendering
  • Shadow AI endpoint detection
  • Third-party tracker monitoring
  • Multilingual script detection
02

Auditor Agent

Evaluates crawled data against 18 DPDP checks, grades the 7 RBI Sutras, and simulates a 72-hour breach readiness drill.

  • 18-point DPDP checklist
  • RBI FREE-AI Sutra Scorecard
  • Breach readiness simulation
  • Auto-generated DPIA
03

Report Agent

Generates a board-ready PDF with scores, findings, remediation roadmap, and DPIA summary. SEBI-grade formatting.

  • Compliance score gauges
  • Prioritized remediation
  • Shadow AI & tracker tables
  • Shareable results link

What We Detect

Beyond basic privacy policy checks

Shadow AI Endpoints

Undocumented LLM API calls (OpenAI, Anthropic, Azure, Google AI) leaking customer data.

Pre-Consent Trackers

Google Analytics, Meta Pixel, Hotjar, and others firing before user consent.

Multilingual Consent

Checks for 22 scheduled Indian languages as required by DPDP Rules 2025.

Consent Mechanisms

Cookie banners, reject-all buttons, consent withdrawal, and granular controls.

Grievance Officer

Published contact details for the Grievance Officer as required by DPDP §8(9).

Breach Readiness

72-hour notification process, security contacts, and timeline commitments.

Data Localization

RBI-mandated statements about data storage within India for financial data.

AI Disclosure

SEBI 2026 mandate: disclosure of AI/ML usage in customer-facing services.

Children's Data

Age verification, parental consent, and special protections for minors.

Full Checklist

18-Point DPDP Compliance Audit

Every check maps to a specific regulatory requirement with severity and remediation guidance.

#
Check
Regulation
Severity
1
Privacy policy exists
DPDP
critical
2
Consent before processing
DPDP
critical
3
Purpose of processing stated
DPDP
high
4
Data retention policy
DPDP
medium
5
Cross-border transfer disclosed
DPDP
high
6
Children's data protections
DPDP
critical
7
Data principal rights
DPDP
high
8
Grievance officer contact
DPDP §8(9)
high
9
Third-party sharing disclosed
DPDP
medium
10
Cookie consent mechanism
DPDP
high
11
Multilingual consent (22 langs)
DPDP Rules 2025
high
12
Aadhaar/PAN/UPI with purpose
PII
critical
13
Trackers before consent
DPDP
high
14
Data localization statement
RBI
medium
15
Consent withdrawal mechanism
DPDP
high
16
Breach notification process
DPDP
medium
17
Shadow AI undocumented
RBI/SEBI
critical
18
AI/ML usage disclosure
SEBI 2026
high

Who Is This For

Built for Indian SaaS founders and compliance teams

SaaS Founders

Check your own website before a regulator does. Fix issues before they become fines.

Compliance Officers

Audit vendor websites during due diligence. Generate evidence for board reports.

VCs & Investors

Scan portfolio companies for compliance gaps. Part of tech due diligence.

Enterprise Buyers

Evaluate vendor compliance before signing contracts. Automated third-party risk.

FAQ

Frequently Asked Questions

Ready to check your compliance?

Free scan. No sign-up. Results in 2 minutes.

Or integrate CrewCheck into your AI stack for continuous compliance monitoring. View docs →