Permitted use
Use Sanad to issue, sign, and verify compliance artifacts for the lawful operations of your organisation. This includes consent receipts, data-principal rights requests, breach incident records, DPIAs, and related governance artifacts under Indian law.
Prohibited use
- Issuing artifacts you know to be false or misleading; backdating signed records.
- Using a tenant for an organisation other than the one named at signup.
- Sharing license keys with third parties not authorised to act for your organisation.
- Sending personal data of identified individuals into the Service in raw form when an HMAC of a stable identifier would suffice.
- Using the public verify endpoint or any other API in a way intended to overwhelm capacity (rate limiting applies; deliberate evasion is prohibited).
- Reverse-engineering, scraping, or otherwise circumventing access controls on the Service.
- Any activity that violates Indian law or the rights of others.
Security
Report any security vulnerability to security@cognoshift.in. We commit to a good-faith response within two business days. We do not pursue legal action against researchers acting in good faith under our coordinated disclosure policy.
Enforcement
Violations may result in suspension or termination, in addition to any remedies available at law. We reserve the right to cooperate with lawful authority requests where required.