>_ ABOUT
One company.
One job.
Compliance infrastructure for Indian fintech — built by engineers, for engineers.
Indian fintech companies build fast.
They handle Aadhaar numbers, PAN cards, payment data, and health records. They ship daily. They move to production in hours.
The regulation that governs all of this — RBI, SEBI, DPDP — exists in PDF documents and consultant retainers. Not in code. Not in CI pipelines. Not where the risk actually lives.
Anaya changes that. We encode regulation into infrastructure — scanners, policy engines, GitHub Apps — so that compliance is a property of the codebase, not a property of the audit.
72
PII fields found in one public Django repo
₹250 crore
maximum DPDP penalty per violation
May 2027
DPDP enforcement deadline
>_ THE PROBLEM
The compliance industry is built around documents.
Consultants produce gap analysis reports. Law firms produce policy frameworks. Vanta produces questionnaires. None of these instruments read your code.
DPDP §8 asks whether User.aadhaar_number is stored as an encrypted field or a plaintext CharField. That question has a definitive answer. It's in your models.py. No consultant has ever read it.
We built Anaya because the question is an engineering question. The answer should be engineered.
>_ FOUNDING
Anaya was founded in Mumbai in 2024.
The insight came from watching Indian fintech companies spend weeks preparing for compliance audits — manually reading regulatory PDFs, grep-ing codebases, writing evidence documents by hand.
The same companies had CI pipelines, automated tests, infrastructure-as-code. But compliance was still a Word document in a shared folder.
We started with DPDP because it was the most urgent and least served. India's data protection law had just been notified. Most fintech engineering teams hadn't read it. None of them had tooling for it.
We built the scanner in Python because that's where the risk is. We made it free because the finding is the product. Once a CTO sees 72 plaintext PII fields in their own codebase, the conversation changes.
The GitHub App, the team dashboard, the RBI and SEBI packs — that's what comes next. But it starts with one scan. One finding. One codebase that knows what's in it.
>_ ROADMAP
TODAY
DPDP CLI Scanner
Free, open source
Django + FastAPI
2026
RBI Digital Lending
GitHub Marketplace listing
Team dashboard
JIRA/Linear tickets
2027
SEBI Cybersecurity
IRDAI Regulations
Custom rule packs
On-premise deploy
Enterprise SLA
>_ FAQ
Q: Does Anaya send my code to a server?
A: No. The Anaya CLI runs entirely on your local machine. Your source code never leaves your environment. The only external calls are to the LLM API for PII field classification - and those calls contain only field names and model schemas, never actual data. Full source is on GitHub - read what runs before you install anything.
Q: Which frameworks does Anaya support?
A: Currently Django and FastAPI. Both are fully supported in the DPDP CLI. Support for Flask and other Python frameworks is on the roadmap. If you're running a non-Python stack, get in touch - we want to understand your codebase before we build for it.
Q: What does the DPDP scanner actually check?
A: Eight sections of the DPDP Act: Section 4 (consent before collection), Section 5 (data minimisation), Section 7 (right to erasure), Section 8 (encryption, breach notification, retention), Section 9 (children's data), and Section 11 (data localisation). Each check produces a specific finding - not a score, not a dashboard. A finding with a file path, a field name, and a remediation step.
Q: Is the CLI really free? What's the catch?
A: It's free because the finding is the product. Once you run Anaya on your codebase and see what's actually in your models, the conversation about team tooling changes. The CLI is free forever. The GitHub App (PR-level blocking, team dashboard, CI/CD integration) is Rs 8,000/month for teams.
Q: We're a Series A fintech. Should we care about DPDP now?
A: Enforcement begins May 13, 2027. That sounds far away. It isn't. The Data Protection Board will assess your compliance posture at the time of an incident - not at the time of enforcement. If a breach happens in 2026 and your models.py has 34 plaintext PII fields, the enforcement date is irrelevant. Run the scanner. Know what you have.
Q: We already have a compliance consultant. Why do we need Anaya?
A: Your consultant produces a document. Anaya reads your code. These are not the same thing. The consultant tells you what your policy should say. Anaya tells you whether your codebase does what your policy claims. Most teams discover they diverge significantly.
Q: Can I use Anaya to generate compliance evidence for an audit?
A: Yes. The PDF report generated by anaya report --pdf maps findings to specific DPDP sections with file paths, field names, and remediation steps. It's designed to be sent to your auditor, your investor, or your legal team without additional formatting.
Q: Where is Anaya based?
A: Mumbai. We're Anaya Financial Solutions Pvt Ltd., registered in India. We build for Indian fintech companies because we understand the regulatory environment they operate in.