Key Takeaways
- NodGuard enforces consent state across email, SMS, WhatsApp, CRM, and CDPs in real-time
- India's DPDP Act enforcement begins November 2026 with penalties up to ₹250 crore
- The product supports consent capture in all 23 scheduled Indian languages
Compass, a marketing infrastructure company, has launched NodGuard, a consent management system designed to bridge the gap between compliance requirements and marketing execution under India's Digital Personal Data Protection Act. The product enforces consent state across all outbound marketing channels and generates tamper-proof audit trails for regulators. With DPDP enforcement starting November 2026 and penalties reaching ₹250 crore, the timing targets enterprises still relying on disconnected cookie banners.
The core problem NodGuard addresses is straightforward: consent captured in one system rarely syncs to where marketing actually happens. A user withdraws consent through a website form. The email platform doesn't know. The WhatsApp campaign fires anyway. When a regulator asks for proof of consent, the evidence lives across five tools managed by three teams. Nobody owns the full picture.
What does NodGuard actually do?
Compass structures NodGuard around four pillars they call CORE: Consent, Orchestration, Resolution, and Evidence.
The Consent layer captures and persists user consent across sessions and devices, supporting all 23 scheduled languages under Indian law. Consent state is stored at the device level, which Compass classifies as a legitimate operational necessity under DPDP. This matters because cross-device consent tracking has been a gray area in data protection frameworks.
Orchestration enforces consent across the full marketing stack. When a user withdraws consent, NodGuard blocks non-consented data from reaching downstream platforms within milliseconds. The default behavior on any system failure is to block, not allow. This fail-safe approach contrasts with most current setups where a sync failure results in messages going out anyway.
Resolution enables marketing teams to run attribution on consent-verified data only. The product supports four attribution models, giving CMOs measurement without compliance exposure. This addresses a real pain point: if 30% of your attributed conversions came from users who hadn't actually consented, your marketing data is both legally vulnerable and analytically unreliable.
Evidence generates a tamper-proof audit ledger. Every consent event, every enforcement decision, every lifecycle change gets logged immutably. The full audit trail exports in one click for DPBI submissions.
How does this integrate with existing marketing tools?
Compass claims NodGuard wraps existing marketing stacks rather than replacing them. Deployment takes 30 minutes and doesn't require changes to existing tag management, CRM, or advertising configurations. The product runs on India-hosted infrastructure.
The integration list covers email, SMS, WhatsApp, CRM platforms like Salesforce, HubSpot, and Zoho CRM, CDPs, and Conversion APIs. Whether the 30-minute deployment claim holds for complex enterprise stacks with custom integrations remains to be tested.
Disclosure
Some links in this post are affiliate links — Logicity earns a commission if you sign up, at no extra cost to you. We only link products we have used or actively recommend.
Why consent rate matters more than cookie banners
"The question every CMO should be asking their team right now is: what is our consent rate?" said Adittya Joshi, Co-founder of Compass. "Not whether there's a cookie banner. Not whether legal signed off on the privacy policy. What percentage of marketing decisions are backed by documented, enforceable, auditable consent? That number determines the quality of every data-driven decision made."
Joshi's framing shifts consent from a legal checkbox to a data quality metric. If your CRM contains 100,000 contacts but only 40,000 have valid consent, your addressable audience is 40,000. Running campaigns to the full list isn't just a compliance risk. It inflates your performance benchmarks and corrupts your attribution models.
"We built NodGuard for the CTO who needs to sleep at night knowing that a consent withdrawal at 2 AM does not result in a marketing email at 2:01 AM," said Gayathri Maalige, founder of Compass. "And for the DPO who needs to hand a regulator a complete audit trail, not a folder of screenshots."
The DPDP timeline and penalty structure
India's Digital Personal Data Protection Act became law in August 2023. The rules were finalized in November 2025. Enforcement begins November 2026. That gives enterprises roughly 12 months to get compliant.
The penalty ceiling of ₹250 crore (approximately $30 million) makes DPDP violations expensive. For context, GDPR's maximum penalty is €20 million or 4% of annual global turnover, whichever is higher. India's flat cap favors large enterprises but still represents significant exposure for mid-market companies.
What existing consent tools lack
Most enterprises today manage consent through standalone consent management platforms (CMPs) that handle cookie banners and privacy preference centers. These tools capture consent but don't enforce it downstream. The consent database and the marketing automation platform exist in parallel universes.
Workflow automation tools like Zapier or Make can technically bridge these systems, but they weren't designed for millisecond-level enforcement or tamper-proof logging. A Zap that syncs consent withdrawal to your email platform works until it doesn't, and you won't know it failed until the complaint lands.
NodGuard's positioning is infrastructure, not workflow. The distinction matters because infrastructure implies reliability guarantees that workflow tools don't promise.
Logicity's Take
Compass is betting that consent will become a marketing metric, not just a legal requirement. The framing makes sense: if your marketing data includes non-consented users, your analytics are polluted regardless of regulatory risk. The question is whether enterprises will adopt dedicated consent infrastructure or expect their existing CDPs and CRMs to add these capabilities. Segment, Rudderstack, and the major CRM vendors have compliance features on their roadmaps. NodGuard's window is the 12 months before DPDP enforcement when enterprises need solutions now, not on a roadmap. Pricing isn't disclosed, but enterprise consent infrastructure typically runs $2,000-$10,000/month depending on contact volume.
FAQ
Frequently Asked Questions
When does India's DPDP Act enforcement begin?
Enforcement begins November 2026. The law was passed in August 2023 and rules were finalized in November 2025, giving enterprises roughly 12 months to achieve compliance.
What are the penalties for DPDP non-compliance?
Penalties can reach up to ₹250 crore (approximately $30 million USD) for violations of India's Digital Personal Data Protection Act.
Does NodGuard replace existing CRM or marketing platforms?
No. Compass designed NodGuard to wrap existing marketing stacks. It integrates with CRMs, CDPs, email platforms, and messaging channels to enforce consent state, rather than replacing them.
How many languages does NodGuard support for consent capture?
NodGuard supports all 23 scheduled languages under Indian law for consent capture, as required by DPDP's accessibility requirements.
What happens if NodGuard fails during a marketing campaign?
According to Compass, NodGuard defaults to blocking data transmission on any system failure, rather than allowing it through. This fail-safe approach prevents non-consented messages from being sent during outages.
Need Help Implementing This?
If you're evaluating consent infrastructure for DPDP compliance, reach out to our team for vendor comparisons and implementation guidance tailored to your marketing stack.
Source: Tech-Economic Times / ET
Manaal Khan
Tech & Innovation Writer
Produced with AI assistance and reviewed by the Logicity editorial team. Learn more in our Editorial Policy.
