Is this a consulting service?

No, this is a free, interactive software tool that calculates your potential liability under the DPDP Act 2023 in 30 seconds. It provides an instant risk score and automated action plan.

What are common DPDP violations in Device ID Collection Audit?

Common violations include: Collecting persistent device identifiers (like advertising IDs or IMEIs) without explicit, purpose-specific consent., Silently linking user profiles across different services (e.g., your app data linked with your website data) using device IDs, without fresh consent., Not providing users an easy, discoverable way to reset their advertising IDs or opt-out of device-based tracking..

The DPDP Audit Tool

Compliance for Device ID Collection Audit

📱

Device ID Collection Audit
Liability Check

📱

Stop. Your app is collecting persistent device identifiers – IMEI, GAID, IDFA. Under India's new DPDP Act, these are personal data. Collect them wrong, link them without consent, and you're staring down fines up to ₹250 Crore.

Why Device ID Collection Audit is at Risk

From the bustling tech hubs of Bengaluru's Electronic City to the booming SaaS startups in Gurugram, almost every digital product uses device IDs (IMEI, advertising IDs like GAID/IDFA, persistent cookies, IP addresses). But here’s the harsh reality: under the **DPDP Act, 2023**, if these can directly or indirectly identify a user, they are **personal data**. This means you need explicit, informed consent for their collection and processing. Worse, using a user's device ID to link their activity across your app, website, and partner platforms – a common practice for tools like Mixpanel or Google Analytics – creates a severe **cross-context linkage risk**. Without verifiable consent for each specific purpose, you're building a compliance time bomb.

Common Violations

1.Collecting persistent device identifiers (like advertising IDs or IMEIs) without explicit, purpose-specific consent.
2.Silently linking user profiles across different services (e.g., your app data linked with your website data) using device IDs, without fresh consent.
3.Not providing users an easy, discoverable way to reset their advertising IDs or opt-out of device-based tracking.

The Immediate Fix

Perform an immediate audit of all your analytics, ad tech, and CRM tools (e.g., Clevertap, Branch, Google Analytics) to identify every instance of device ID collection. For each ID, define its exact purpose. Implement a clear consent flow that allows users to specifically consent to device ID collection and tracking, and provide an accessible 'reset ID' option within your app/web settings.