Trust and compliance
DPDP-ready AI deployment without pretending compliance is just a tagline.
We treat compliance as part of the deployment model: data paths, access controls, hosting choices, and operating constraints are addressed during the Sprint — not retrofitted after rollout.
Powered by OpenClaw + NVIDIA NemoClaw. Deployed and operated by Agentex — India's only managed AI employee deployment partner.
The Digital Personal Data Protection Act 2023 changes the risk calculus for enterprise AI deployment in India. Before DPDP, an enterprise could experiment with cloud AI tools and worry about data governance later. After DPDP, the penalty framework (up to ₹250 crore per breach of significant personal data fiduciaries) makes "worry later" an existential risk. Every AI deployment now needs a data flow diagram, a consent strategy, and an access control review before go-live.
Agentex builds DPDP compliance into the deployment architecture from day one — not as a compliance layer bolted on top, but as a constraint that shapes every technical decision.
On-premise and India-hosted deployment
All Agentex AI employee deployments run on your infrastructure: GCP Cloud (asia-south1 region), AWS Mumbai, Azure India, or on-prem hardware. OpenClaw is self-hosted. Inference runs on NVIDIA Nemotron open-source models where on-prem is required. No personal data leaves your servers — no cloud AI API, no external processing, no shared multi-tenant environment.
NemoClaw policy governance
Every Agentex deployment uses NemoClaw's OpenShell runtime as the agent sandbox. OpenShell enforces declarative policy files that specify exactly which files the AI employee can read, which APIs it can call, and which network destinations it can reach. These policy files are human-readable, auditable by your DPO, and versioned in your repository. The AI employee cannot access data outside its defined policy — at the architecture level, not just at the application level.
Consent and notice flows
Where AI employees interact with customers or data subjects, Agentex designs consent and notice flows into the interaction from the start. This includes: clear disclosure that the interaction is handled by an AI employee; structured consent capture for sensitive query types; and explicit escalation to humans for situations where consent boundaries require human judgment.
Audit trail and breach response
All agent actions are logged in structured format in your Supabase instance. Logs include: which query was received, which action was taken, which system was accessed, what data was read or written, and whether the interaction was escalated. This audit trail supports breach investigation and regulatory response under DPDP.
Frequently asked questions
Is Agentex familiar with the DPDP Act 2023 requirements?
Yes. Agentex deployments are designed around the DPDP Act 2023 framework: lawful basis for processing, data minimisation, storage limitation, and security safeguards. We include a compliance positioning document in the Sprint deliverables.
Can we deploy on our own on-prem servers to avoid cloud data storage?
Yes. Agentex supports full on-prem deployment with local inference using NVIDIA Nemotron models. This is the recommended path for enterprises handling sensitive personal data or operating in regulated verticals (BFSI, healthcare).
How does NemoClaw help with DPDP compliance?
NemoClaw's OpenShell runtime enforces declarative policy files that govern exactly what data the AI employee can access. These policies are auditable documents — your DPO can review them, your security team can version-control them, and your AI employee cannot operate outside them.
What does the compliance audit trail cover?
Every agent action is logged: query received, action taken, systems accessed, data read or written, escalation decisions, and timestamps. Logs are stored in your Supabase instance and retained for the period you specify.
Ready to deploy your first AI employee?
Book a 30-minute discovery call. We'll scope your first workflow and give you a fixed-cost Sprint proposal within 48 hours.