Python-based AI agent for Digital Personal Data Protection (DPDP) Act compliance.
- Data Classification - Automatically categorizes data as PII, Sensitive, Financial, Health, or General
- Consent Management - Grant, revoke, and verify user consent with expiration support
- Data Anonymization - Masks emails, phone numbers, Aadhaar, and card numbers
- Risk Assessment - Evaluates processing risk levels (Low/Medium/High/Critical)
- Right to Erasure - Complete user data deletion on request
- Data Portability - Export all user data in JSON format
- Purpose Limitation - Blocks processing without valid consent
- Data Retention - Automatic deletion after retention period expires
- Audit Logging - Tracks all data access and consent changes
- Breach Detection - Identifies suspicious access patterns
- Compliance Reports - Generate audit trails for regulatory review
- Consent Expiration - Time-limited consent with auto-revocation
- Data Encryption - AES-128 encryption for all stored sensitive data
- Persistent Storage - JSON-based state persistence with atomic writes
- Error Handling - Comprehensive exception handling and logging
- REST API - Flask-based HTTP API with authentication
- Rate Limiting - 100 requests/minute per IP address
- Input Validation - Length checks and sanitization
- Configuration - External config file for deployment settings
pip install -r requirements.txt
from dpdp_agent import DPDPAgent # Initialize with encryption key agent = DPDPAgent(encryption_key="your-44-char-base64-key") # Grant consent agent.grant_consent("user123", "marketing", duration_days=90) # Store data (encrypted automatically) agent.store_data("user123", "Email: user@example.com") # Process data result = agent.process_data("user123", "Contact info", "marketing") # Export user data data = agent.export_user_data("user123") # Right to erasure agent.right_to_erasure("user123") # Audit report logs = agent.get_audit_report("user123")
Start the API server:
# Set API key (required for authentication) export DPDP_API_KEY="your-secure-api-key" # Set encryption key (required for data encryption) export DPDP_ENCRYPTION_KEY="your-44-char-base64-key" # Deploy ./deploy.sh # Or manually: python api.py
API Endpoints (all require X-API-Key header):
# Health check (no auth required) GET /health # Grant consent POST /consent/grant Headers: X-API-Key: your-secure-api-key {"user_id": "user123", "purpose": "marketing", "duration_days": 90} # Revoke consent POST /consent/revoke Headers: X-API-Key: your-secure-api-key {"user_id": "user123", "purpose": "marketing"} # Store data POST /data/store Headers: X-API-Key: your-secure-api-key {"user_id": "user123", "text": "Email: user@example.com"} # Process data POST /data/process Headers: X-API-Key: your-secure-api-key {"user_id": "user123", "text": "Contact info", "purpose": "marketing"} # Export user data GET /data/export/<user_id> Headers: X-API-Key: your-secure-api-key # Right to erasure DELETE /data/erase/<user_id> Headers: X-API-Key: your-secure-api-key # Audit report GET /audit/<user_id> Headers: X-API-Key: your-secure-api-key
Edit config.json:
{
"storage_path": "data/dpdp_storage.json",
"breach_threshold": 5,
"default_retention_days": 365,
"log_level": "INFO",
"api": {
"host": "0.0.0.0",
"port": 5000,
"debug": false
}
}- PII - Email, phone, Aadhaar numbers
- Financial - Credit/debit card numbers
- Health - Medical conditions
- Sensitive - Protected personal data
- General - Non-sensitive information
- Encryption: All sensitive data encrypted at rest using Fernet (AES-128)
- Authentication: API key-based authentication for all endpoints
- Rate Limiting: 100 requests per minute per IP address
- Input Validation: Length limits and sanitization on all inputs
- Atomic Writes: Prevents data corruption during save operations
- Audit Trail: Complete logging of all data operations
- Install dependencies:
pip install -r requirements.txt - Set environment variables:
export DPDP_API_KEY="your-secure-api-key" export DPDP_ENCRYPTION_KEY="your-44-char-base64-key"
- Configure settings in
config.json - Run deployment script:
./deploy.sh - API will be available at
http://localhost:5000
IMPORTANT: Save your encryption key securely. Without it, encrypted data cannot be recovered.
Logs are written to:
- Console (stdout)
dpdp_agent.logfile
MIT