Getting Started FAQ

Neostra supports India's DPDPA 2023, the EU's GDPR, and California's CCPA. The platform includes pre-built assessment templates and workflow configurations for each regulation. Custom regulation frameworks can also be configured.

Yes. Each organization operates in an isolated tenant. Users can belong to multiple tenants and switch between them during login. Data isolation is enforced at the database level with indexed tenant IDs on all documents.

Accounts are created via invitation. An administrator sends an invite email containing a registration token. Click the link to set your password and complete registration. Self-registration is available through the governance portal (astra-ui).

Neostra uses JWT-based stateless authentication. Sign in with email/password to receive a token (180-minute TTL). If you belong to multiple tenants, a tenant selection step returns a tenant-scoped token. Two-factor authentication (TOTP) is available per-tenant. See the Authentication guide.

Permissions follow the format resource:action (e.g., subject-requests:create, assessments:view). Your administrator assigns roles with specific permission sets. See the REST API Patterns guide for the full permissions reference.

Data subjects submit requests through published intake forms (public URLs, no auth required). Organizations can also create requests via the dashboard or the POST /api/v1/public/subject-request/create endpoint. See the DSAR module guide.

Add the cpmp-modal script tag with your collection point ID. The modal auto-initializes and handles consent collection, cookie blocking, and preference storage. See the Cookie Modal guide.

The data discovery scanner supports PostgreSQL, MySQL, MongoDB, AWS S3, and AWS DynamoDB. PII detection uses Microsoft Presidio plus custom patterns for Aadhaar, PAN, UPI, and other region-specific identifiers. See the Data Discovery guide.