Introduction to Neostra
Neostra is a modular, multi-tenant privacy compliance platform that automates global regulations including India's DPDPA 2023, the EU's GDPR, and California's CCPA.
Overview
Neostra is a unified privacy compliance platform built to automate regulatory adherence across jurisdictions. It manages the full lifecycle of data subject requests, consent collection, data discovery, and compliance assessments from a single multi-tenant platform.
The system is built as a microservices architecture with Java/Spring Boot backends, Vue.js frontends, and a combination of MongoDB and PostgreSQL databases — deployed on Google Kubernetes Engine.
Privacy Rights (DSAR)
Automate data subject access requests from intake through fulfillment with configurable workflows and identity verification.
Consent Management
Cookie consent banners, preference centers, and an immutable consent ledger with SHA-256 hash chain integrity.
Data Discovery
Scan structured and unstructured data sources to identify PII/SPI using Microsoft Presidio and custom regex patterns.
Governance
Readiness assessments, compliance scoring, and audit-ready evidence generation for DPDPA, GDPR, and CCPA.
Breach Management
Incident reporting, breach intake forms, type classification, and automated response workflows.
Multi-Tenant Platform
Tenant isolation, role-based access control, brand-level permissions, and feature flags per tenant.
Platform Architecture
Neostra consists of 9 backend services, 2 frontend applications, and a CDN-hosted consent widget:
Technology Stack
| Layer | Technology |
|---|---|
| Backend | Java 17, Spring Boot 3.x, Python 3 (scanner) |
| Frontend | Vue 3, Vuetify 3, Pinia, TypeScript |
| Consent Widget | Svelte 5, Vite, UMD/ES modules |
| Primary Database | MongoDB 6+ (core platform, governance) |
| Event Store | PostgreSQL 14+ (consent ledger, data discovery) |
| Messaging | Google Cloud Pub/Sub |
| Object Storage | Google Cloud Storage, AWS S3 |
| Authentication | JWT + BCrypt + TOTP 2FA |
| Infrastructure | Google Kubernetes Engine, Docker, Cloud Build |
| PII Detection | Microsoft Presidio, custom regex patterns |
| Cookie Scanning | Selenium Grid + Chromium |
Supported Regulations
India's Digital Personal Data Protection Act. Neostra provides a readiness scanner with compliance scoring, automated DSAR handling per DPDPA timelines, and consent management aligned with DPDPA requirements.
EU General Data Protection Regulation. Full support for Article 30 Records of Processing Activities (RoPA), data subject rights (Articles 15-22), consent management per Article 7, and Data Protection Impact Assessments.
California Consumer Privacy Act. Supports consumer opt-out requests, right to know, right to delete, and sale/sharing of personal information tracking.
Privacy Rights by Regulation
Neostra maps data subject rights across all supported regulations, ensuring each right type is handled through the appropriate module and workflow.
| Right | Description | Neostra Module |
|---|---|---|
| Access | Right to obtain confirmation and summary of personal data being processed | DSAR |
| Correction | Right to correct inaccurate or misleading personal data | DSAR |
| Erasure | Right to have personal data erased when no longer necessary | DSAR |
| Grievance Redressal | Right to have grievances addressed by the Data Fiduciary | DSAR + Governance |
| Nomination | Right to nominate another individual to exercise rights in case of death or incapacity | DSAR |
| Revoke Consent | Right to withdraw consent with the same ease as it was given | Consent Management |
| Minors (Under 18) | Verifiable parental consent required before processing children's data | Consent Management |
| Right | GDPR Article | Neostra Module |
|---|---|---|
| Right to be Informed | Art. 13-14 | Privacy Centers |
| Right of Access | Art. 15 | DSAR |
| Right to Rectification | Art. 16 | DSAR |
| Right to Erasure | Art. 17 | DSAR |
| Right to Restrict Processing | Art. 18 | DSAR + Consent Management |
| Right to Data Portability | Art. 20 | DSAR |
| Right to Object | Art. 21 | DSAR + Consent Management |
| Automated Decision-Making | Art. 22 | DSAR |
| Right | CPRA (CA) | CPA (CO) | CTDPA (CT) | CDPA (VA) | UCPA (UT) |
|---|---|---|---|---|---|
| Access | Yes | Yes | Yes | Yes | Yes |
| Deletion | Yes | Yes | Yes | Yes | Yes |
| Correction | Yes | Yes | Yes | Yes | Yes |
| Opt-out of Sale/Share | Yes | Yes | Yes | Yes | Yes |
| Opt-out of Profiling | Yes | Yes | Yes | -- | -- |
| Limit Sensitive Data Use | Yes | Yes | -- | -- | -- |
| Data Portability | Yes | Yes | Yes | Yes | Yes |
Who Uses Neostra
Privacy & Compliance Teams
DPOs, privacy officers, and legal teams managing regulatory obligations across multiple jurisdictions and business units.
Engineering Teams
Developers integrating consent collection, embedding DSAR forms, connecting data sources for PII scanning, and building compliance workflows.
Next Steps
Last updated 1 week ago
Built with Documentation.AI