Compliance
Last updated: July 11, 2026
Codlinh10 is built compliance-first. Enterprise and regulated-industry customers depend on us to understand the regulatory environment they operate in. Here is a summary of our compliance posture across the frameworks that matter most for Indian businesses.
India DPDP Act 2023
CompliantThe Digital Personal Data Protection Act 2023 is India's comprehensive data protection law. Codlinh10's platform is built with DPDP compliance as a first-class requirement.
- Explicit, purpose-specific consent capture for all messaging
- Data minimisation — only necessary data collected
- Grievance officer mechanism for data principal rights
- Data breach notification within 72 hours
- Right to access, rectification, erasure, and nomination
- Data localisation — Indian customer data in India
- Children's data protection (verifiable parental consent required for under-18)
GDPR (EU customers)
CompliantFor EU/EEA customers, Codlinh10 operates as a Data Processor under GDPR Article 28. Our Data Processing Agreement documents our obligations.
- GDPR-compliant Data Processing Agreement (DPA) available
- Lawful basis documented for all processing activities
- Data subject rights assistance
- 72-hour breach notification SLA
- Sub-processor transparency
- Standard Contractual Clauses for international transfers where required
Meta's WhatsApp Business Policy
CompliantAs a company building on Meta's WhatsApp Business Platform, Codlinh10 operates in alignment with Meta's policies.
- Direct WhatsApp Business Platform access (Tech Provider application in progress)
- WhatsApp Business Policy compliance monitoring
- Template submission and approval process enforcement
- Opt-in verification before contact import
- Messaging quality monitoring and complaint rate tracking
- No policy violation history
TRAI Regulations
CompliantWhatsApp Business API operates outside the DLT/TRAI regulatory scope that applies to SMS and voice. However, Codlinh10 maintains best-practice alignment.
- WhatsApp messages are not subject to TRAI DLT registration (WhatsApp is OTT, not telecom)
- Commercial communication timing best practices followed
- Opt-out mechanism consistent with TRAI's spam control principles
- Do Not Disturb (DND) registry: WhatsApp is not subject to DND, but Codlinh10 recommends honouring DND preferences in spirit
Data Localisation
CompliantIndian customer data — including contact records, message history, and analytics — is stored on India-region infrastructure.
- Primary database in Mumbai (India West) region
- Backup stored in India-South region
- No mandatory data transfer to servers outside India for primary processing
- Sub-processors with non-Indian infrastructure: Meta (USA), Vercel (global CDN) — DPAs in place
Audit Trail Capabilities
CompliantComprehensive audit logging for enterprise compliance and regulatory requirements.
- Full message delivery log with timestamps and status
- API access logs with IP and user attribution
- Template creation and modification history
- User access and permission change logs
- Export capabilities for regulatory audits
- Tamper-evident log storage
Regulatory filings status
Compliance enquiries
For enterprise compliance questions, DPA review, or to request our security questionnaire, contact our compliance team at legal@codlinh10.in.