Impressive module breadth — Nykaa, Paytm Money, Honda India. But pre-seed funding, no cryptographic ledger, no SDF mode, and no Nominee Access create real enterprise risk.
Executive Summary
GoTrust is headquartered in Noida with offices in Dubai and Amsterdam — an early-stage startup (founded ~2023, $400K pre-seed from Aevitas Capital) that lists 11 product modules plus DPO Copilot, an AI-powered privacy agent. Its customer base includes Nykaa, Paytm Money, Honda Two Wheelers India, Bajaj AMC, and approximately 14+ named enterprises — impressive traction for its stage.
But the gaps are significant. GoTrust has no cryptographic consent ledger (standard audit-ready logs), no confirmed 22-language support (likely 12+ major regional languages), no SDF Mode toggle, and no Nominee Access module. At $400K pre-seed, it competes against platforms funded at $100M+, raising genuine long-term viability questions for enterprise buyers with May 2027 deadlines.
Vishwaas AI covers every gap GoTrust has — with full cryptographic consent depth, all 23 Indian languages, SDF mode, Nominee Access, and government blacklist screening — at zero licensing cost versus GoTrust's undisclosed enterprise pricing.
GoTrust is a credible India-first compliance platform with strong DPDP workflow coverage and real enterprise customers. The critical gap is the identity layer: without authentication, SSO, MFA, and behavioural risk management, DPDP obligations are documented but not operationally enforced. Vishwaas closes this gap entirely.
Platform Snapshot
| Category | Vishwaas AI | GoTrust |
|---|---|---|
| Platform Type | Unified DPDPA Compliance · 15 Modules · 225 Features | Privacy, Security & Governance Platform · 11 Modules + DPO Copilot |
| Parent Company | Cross Identity · 25+ years IAM · Make in India | GoTrust · Noida · Founded ~2023 · $400K pre-seed (Aevitas Capital) |
| Notable Customers | Enterprise, BFSI, Government | Nykaa, Paytm Money, Honda India, Bajaj AMC, Protean Tech, 14+ named |
| AI Layer | AI PII classification · Risk scoring · Consent analytics | DPO Copilot — intelligent data classification, dynamic consent, real-time risk scanning |
| Indian Language Support | 23 languages (all 22 scheduled + English) | Multilingual banners via browser detection · ~12+ major regional languages likely |
| Cryptographic Ledger | Merkle chain + RSA-2048 + RFC 3161 timestamps | Audit-ready consent logs · No SHA-256, Merkle chain, RSA, or RFC 3161 |
| SDF Mode Toggle | Single toggle — all §10 obligations activated | Not present — DPIA tools + DPO Runbook combination required |
| Nominee Access §14 | Full module — registration, verification, rights transfer | Not present as a product feature (blog/newsletter only) |
| Training Module | In-platform role-specific e-learning | Platform training only · No employee privacy awareness module for clients |
| Maturity Risk | 25+ years · 400+ enterprise projects · 11 Fortune 50 | Pre-seed · Competes against $100M+ funded platforms · Long-term viability risk |
| Pricing | ₹0 licensing — forever | Not publicly disclosed · Contact sales |
Feature-by-Feature
Every DPDPA obligation mapped against both platforms. ✔ Full ◑ Partial ✘ Not available.
| Feature / Capability | Vishwaas AI | GoTrust |
|---|---|---|
| DPDP Compliance | ||
| Notice & Purpose Management |
✔
Customisable multi-lingual notices, purpose IDs, version control
|
✔
Notice management and purpose-based consent tracking
|
| Advanced Consent Management |
✔
Granular campaigns, one-click withdrawal, immutable audit trails
|
✔
Full consent lifecycle — collection, tracking, withdrawal automation
|
| Data Subject Rights (Access/Correct/Delete) |
✔
Self-service + formal workflows with automated SLA tracking
|
✔
DSR automation with status tracking and completion workflows
|
| Data Lifecycle Management & Anonymisation |
✔
Auto-propagation across all integrated systems
|
✔
Data mapping, documentation, retention & deletion management
|
| Regulator Notification & Breach Reporting |
✔
72-hr workflows, pre-configured templates, stakeholder coordination
|
✔
Breach notification workflows with DPB reporting
|
| Grievance Redressal & Ticketing |
✔
Built-in ticketing, SLA tracking, resolution documentation
|
✔
Grievance redressal module with escalation workflows
|
| 🇮🇳 Nominee Login & Access (§6-7) |
✔
Multi-level verification, graduated access, complete audit trails
|
✘
Not available — GoTrust does not address this requirement
|
| DPIA Automation |
✔
Risk-based assessment integrated with access governance
|
✔
Assessment Management — PIA/DPIA, risk register, AI governance
|
| Vendor / Third-Party Risk Management |
✔
Access governance and dedicated risk module for third-party identities
|
✔
Dedicated vendor risk module — assessments, monitoring, onboarding
|
| Multi-Regulatory Framework |
◑
DPDP-focused; CIAM extensible across jurisdictions
|
✔
DPDP, GDPR, CCPA, LGPD, CPRA, PIPEDA in unified platform
|
| Security & Identity | ||
| Multi-Factor Authentication (MFA) |
✔
Adaptive MFA — email OTP, SMS, soft tokens, risk-based triggers
|
✘
Not available — GoTrust has no authentication layer
|
| Single Sign-On (SSO) |
✔
SAML 2.0, OAuth 2.1, OIDC, password vaulting
|
✘
Not available — no identity federation
|
| Universal Directory |
✔
Unified identity store — customers, devices, partners
|
✘
Not available — no identity directory
|
| Dynamic Behavioural Risk Analysis |
✔
Impossible travel, IP reputation, new device, geo-velocity
|
✘
Not available — GoTrust has no behavioural risk engine
|
| Configurable Real-Time Risk Response |
✔
Block, MFA challenge, suspend, notify, flag
|
✘
Not available
|
| Global Access Policy Controls |
✔
Geo-blocking, time-windows, network & MAC-based restrictions
|
◑
Data residency and transfer controls only (compliance layer)
|
| Identity-Based Risk Profiling |
✔
VIP, high-value, role-based custom risk policies
|
✘
Not available
|
| Identity Lifecycle | ||
| Smart Registration & Progressive Profiling |
✔
Configurable approval workflows, gradual data enrichment
|
✘
Not available — no CIAM capabilities
|
| Automated Provisioning & Access Management |
✔
Instant provisioning, access reviews, self-service requests
|
✘
Not available
|
| Flexible Authentication Methods |
✔
Passwordless, social login, biometrics, traditional
|
✘
Not available — no authentication
|
| Governance & Analytics | ||
| Risk Analytics Dashboard |
✔
Comprehensive security + compliance risk event visualisation
|
◑
Compliance dashboards and reporting — no security risk analytics
|
| Comprehensive Audit Trail |
✔
Auth events, DSR, consent, policy changes, breach incidents
|
✔
Audit logs across consent, DSR, vendor risk, and DPIA activities
|
| Enterprise Connector Ecosystem |
✔
33+ connectors — AD, Okta, Salesforce, AWS, ServiceNow, HRMS+
|
✔
300+ pre-built API integrations — broad connectivity
|
Strategic Positioning
Vishwaas AI embeds DPDP compliance into the consumer identity layer. Authentication, MFA, SSO, risk-based access control, and lifecycle provisioning are the foundation through which every DPDP obligation is enforced. When a data principal withdraws consent, Vishwaas revokes access. Cross Identity's 33+ enterprise connectors enable Vishwaas to propagate DPDP obligations across every integrated system in real time.
GoTrust is the most philosophically aligned competitor — sharing the same three-pillar ambition of Privacy, Security, and Governance. Its security layer is DSPM-based: it secures data at rest and in motion, monitors data posture, and manages vendor risk. Its customer base demonstrates real enterprise traction. However, without authentication, SSO, MFA, behavioural risk, or provisioning, GoTrust manages compliance workflows without governing the identity executing those workflows.
Free forever. 15 modules. 225 features. Every gap competitors leave, Vishwaas AI fills. Watch a demo or download the full feature list.