Skip to main content
Codlinh10 — Multi-channel Business Messaging Platform

Compliance

Last updated: July 11, 2026

Codlinh10 is built compliance-first. Enterprise and regulated-industry customers depend on us to understand the regulatory environment they operate in. Here is a summary of our compliance posture across the frameworks that matter most for Indian businesses.

India DPDP Act 2023

Compliant

The Digital Personal Data Protection Act 2023 is India's comprehensive data protection law. Codlinh10's platform is built with DPDP compliance as a first-class requirement.

  • Explicit, purpose-specific consent capture for all messaging
  • Data minimisation — only necessary data collected
  • Grievance officer mechanism for data principal rights
  • Data breach notification within 72 hours
  • Right to access, rectification, erasure, and nomination
  • Data localisation — Indian customer data in India
  • Children's data protection (verifiable parental consent required for under-18)

GDPR (EU customers)

Compliant

For EU/EEA customers, Codlinh10 operates as a Data Processor under GDPR Article 28. Our Data Processing Agreement documents our obligations.

  • GDPR-compliant Data Processing Agreement (DPA) available
  • Lawful basis documented for all processing activities
  • Data subject rights assistance
  • 72-hour breach notification SLA
  • Sub-processor transparency
  • Standard Contractual Clauses for international transfers where required

Meta's WhatsApp Business Policy

Compliant

As a company building on Meta's WhatsApp Business Platform, Codlinh10 operates in alignment with Meta's policies.

  • Direct WhatsApp Business Platform access (Tech Provider application in progress)
  • WhatsApp Business Policy compliance monitoring
  • Template submission and approval process enforcement
  • Opt-in verification before contact import
  • Messaging quality monitoring and complaint rate tracking
  • No policy violation history

TRAI Regulations

Compliant

WhatsApp Business API operates outside the DLT/TRAI regulatory scope that applies to SMS and voice. However, Codlinh10 maintains best-practice alignment.

  • WhatsApp messages are not subject to TRAI DLT registration (WhatsApp is OTT, not telecom)
  • Commercial communication timing best practices followed
  • Opt-out mechanism consistent with TRAI's spam control principles
  • Do Not Disturb (DND) registry: WhatsApp is not subject to DND, but Codlinh10 recommends honouring DND preferences in spirit

Data Localisation

Compliant

Indian customer data — including contact records, message history, and analytics — is stored on India-region infrastructure.

  • Primary database in Mumbai (India West) region
  • Backup stored in India-South region
  • No mandatory data transfer to servers outside India for primary processing
  • Sub-processors with non-Indian infrastructure: Meta (USA), Vercel (global CDN) — DPAs in place

Audit Trail Capabilities

Compliant

Comprehensive audit logging for enterprise compliance and regulatory requirements.

  • Full message delivery log with timestamps and status
  • API access logs with IP and user attribution
  • Template creation and modification history
  • User access and permission change logs
  • Export capabilities for regulatory audits
  • Tamper-evident log storage

Regulatory filings status

Companies Act 2013 — Annual return filingsCurrent
GST registration and filingsCurrent
Meta Tech Provider statusActive
SOC 2 Type II auditIn progress — scheduled Q4 2026 – Q1 2027
ISO 27001 certificationOn roadmap — 2026-2027

Compliance enquiries

For enterprise compliance questions, DPA review, or to request our security questionnaire, contact our compliance team at legal@codlinh10.in.