About

India's compliance infrastructure layer.

CognoShift builds hardware-anchored compliance tooling that lets Indian institutions demonstrate DPDP Act 2023, CERT-In CIAD-2026-0020, and sectoral compliance — automatically, continuously, and at district scale.

Mission

Every Indian school, MSME, hospital and govt institution should be able to prove DPDP compliance without hiring a compliance team. We build the platform that makes that possible — from the endpoint to the audit report.

What we do

  • Sanad DPO

    DPDP toolchain — consent receipts, rights workflows, incidents, RoPA, DPIA, vendors, retention. Sector starter packs auto-loaded for school / MSME / clinic / hospital.

  • Sanad Sentinel

    Windows endpoint agent. Pushes CERT-In and CIAD-2026-0020 telemetry, anchored to TPM 2.0 hardware. EV-signed MSI installer.

  • Authority Console

    Multi-tenant oversight for state / district administrations. Bulk provisioning, real-time posture, signed quarterly reports.

  • Sanad Verify API

    Public, cryptographically signed compliance verification for insurers, lenders, district administrations and auditors.

Company

Legal nameCOGNOSHIFT PRIVATE LIMITED
CINU85499HR2025PTC130446
GSTIN06AAMCC6054B1ZW
StateHaryana, India
Founded2025
RecognitionDPIIT Startup India
FundingGovt of Haryana — Category 1 startup
SectorGovTech · ComplianceTech · LegalTech

Patent stack

P1 — Kernel-Level Sovereign Ingress Filter

Filed

Application 13519IN001 — ring-0 filter for hardware-enforced data residency

P2 — Architecture-Agnostic TPM Attestation

Filed

Application 13519IN002 — cross-vendor TPM 2.0 attestation rail

P4 — Multi-Regulatory Compliance Deduplication

IDF (Lex Orbis)

Single-evidence-multi-regulator architecture for DPDP/CERT-In/SEBI/RBI

P5 — Authority-Bounded Verification

IDF (Lex Orbis)

Per-authority API key boundary for jurisdictional verification

Regulatory standing

DPDP Act 2023

Architecture aligned with §4–§14 + Rules

CERT-In Directives

All 20 directives tracked + telemetry-driven

CIAD-2026-0020

All 9 measures captured by Sentinel agent

Data residency

Supabase Mumbai (AWS ap-south-1) + Vercel edge

Infrastructure

Hosting: Vercel edge (Mumbai region) + Supabase (AWS ap-south-1, Mumbai). All customer data India-resident by default.

Cryptography: Ed25519 signatures, SHA-256 chain, optional TPM 2.0 hardware anchoring. Open-source verifier SDK (JS / Python / Go).

Data at rest: AES-256-GCM. RLS-enforced multi-tenancy. No tenant data ever leaves India unless the tenant explicitly authorises a cross-border transfer.

Endpoint agent: Sanad Sentinel — EV-signed Windows MSI (GlobalSign EV cert). GPO-deployable. Service-level supervision via NSSM.

Talk to us

Pilot enquiries, government partnerships, or DPDP compliance questions. We respond within one working day.

support@cognoshift.in

Contact us