DPDP
READ MORE ->

>_ ABOUT

One company.
One job.

Compliance infrastructure for Indian fintech — built by engineers, for engineers.

Indian fintech companies build fast.

They handle Aadhaar numbers, PAN cards, payment data, and health records. They ship daily. They move to production in hours.

The regulation that governs all of this — RBI, SEBI, DPDP — exists in PDF documents and consultant retainers. Not in code. Not in CI pipelines. Not where the risk actually lives.

Anaya changes that. We encode regulation into infrastructure — scanners, policy engines, GitHub Apps — so that compliance is a property of the codebase, not a property of the audit.

72

PII fields found in one public Django repo

₹250 crore

maximum DPDP penalty per violation

May 2027

DPDP enforcement deadline

>_ THE PROBLEM

The compliance industry is built around documents.

Consultants produce gap analysis reports. Law firms produce policy frameworks. Vanta produces questionnaires. None of these instruments read your code.

DPDP §8 asks whether User.aadhaar_number is stored as an encrypted field or a plaintext CharField. That question has a definitive answer. It's in your models.py. No consultant has ever read it.

We built Anaya because the question is an engineering question. The answer should be engineered.

>_ FOUNDING

Anaya started in Mumbai in 2025.

The insight came from watching Indian fintech companies spend weeks preparing for compliance audits — manually reading regulatory PDFs, grep-ing codebases, writing evidence documents by hand.

The same companies had CI pipelines, automated tests, infrastructure-as-code. But compliance was still a Word document in a shared folder.

We started with DPDP because it was the most urgent and least served. India's data protection law had just been notified. Most fintech engineering teams hadn't read the Rules. None of them had tooling for it.

We built the scanner in Python because that's where the risk is. We made it free because the finding is the product. Once a CTO sees 72 plaintext PII fields in their own codebase, the conversation changes.

The GitHub App, the team dashboard, the RBI and SEBI packs — that's what comes next. But it starts with one scan. One finding. One codebase that knows what's in it.

>_ ROADMAP

TODAY

DPDP CLI Scanner

Free, open source

Django + FastAPI

2026

RBI Digital Lending

GitHub Marketplace listing

Team dashboard

JIRA/Linear tickets

2027

SEBI Cybersecurity

IRDAI Regulations

Custom rule packs

On-premise deploy

Enterprise SLA

>_ FAQ

Q: Does Anaya send my code to a server?

A: The Anaya CLI indexes and analyses your project locally. Your source code and real data never leave your environment. In LLM classification mode, the only external payload is field names and model schema metadata; --no-llm keeps classification fully local. Full source is on GitHub - read what runs before you install anything.

Q: Which frameworks does Anaya support?

A: Currently Django and FastAPI. Both are fully supported in the DPDP CLI. Support for Flask and other Python frameworks is on the roadmap. If you're running a non-Python stack, get in touch - we want to understand your codebase before we build for it.

Q: What does the DPDP scanner actually check?

A: Six DPDP control areas mapped to code: lawful basis, notice and consent, data minimisation signals, security safeguards, breach-readiness evidence, children's data, and Data Principal access/erasure workflows. Each check produces a specific finding - not a score, not a dashboard. A finding with a file path, a field name, and a remediation step.

Q: Is the CLI really free? What's the catch?

A: It's free because the finding is the product. Once you run Anaya on your codebase and see what's actually in your models, the conversation about team tooling changes. The CLI is free forever. The GitHub App (PR-level blocking, team dashboard, CI/CD integration) is Rs 8,000/month for teams.

Q: We're a Series A fintech. Should we care about DPDP now?

A: Full substantive obligations under the notified Rules phase in by May 13, 2027. That sounds far away. It isn't. Investors, enterprise buyers, auditors, and security reviewers will ask what personal data you store long before the deadline. Run the scanner now. Know what you have.

Q: We already have a compliance consultant. Why do we need Anaya?

A: Your consultant produces a document. Anaya reads your code. These are not the same thing. The consultant tells you what your policy should say. Anaya tells you whether your codebase does what your policy claims. Most teams discover they diverge significantly.

Q: Can I use Anaya to generate compliance evidence for an audit?

A: Yes. The PDF report generated by anaya report --pdf maps findings to specific DPDP sections with file paths, field names, and remediation steps. It's designed to be sent to your auditor, your investor, or your legal team without additional formatting.

Q: Where is Anaya based?

A: Mumbai. We started Anaya in 2025 as Anaya Financial Systems Pvt Ltd., registered in India. We build for Indian fintech companies because we understand the regulatory environment they operate in.

Run it on your repo. See what comes out.

No signup. No consultant. Just `pip install anaya`.

Run it yourself in 90 seconds.

If you want help rolling it out, the 30-minute walkthrough is the secondary path.

Book a 30-min scan walkthrough