Enterprise deals stalled on consent — so we rebuilt the data map first
Founder Voices · B2B HR analytics SaaS (anonymised) · Series A · selling to GCCs in India
The problem
Two enterprise pilots paused procurement because the customer’s GC could not map the product’s analytics features to DPDP purposes and subprocessors. The founder had a privacy policy but no operational data map tied to feature flags.
In conversation
“Our buyer did not ask ‘are you DPDP compliant?’ They asked which features process employee health metadata and whether withdrawal propagates to our US analytics shard in under an hour.”
— Co-founder & CPTO, HR analytics SaaS
“Once we showed a feature-level purpose table and a revocation demo in staging, legal stopped asking for more policy PDFs and procurement reopened.”
— Co-founder & CPTO, HR analytics SaaS
What we told them to do
- Build a feature → data category → purpose → subprocessor matrix before negotiating DPAs
- Demo consent withdrawal in staging with timestamps the customer’s GC can screenshot
- Split ‘enterprise analytics’ from ‘workforce wellbeing’ features in contracts and notices
- Name a single engineering owner for consent webhooks — not a rotating on-call
What other founders can take away
- Enterprise DPDP diligence is an engineering proof, not a policy review
- Purpose limitation wins deals faster than generic ‘we take privacy seriously’ language
- Founders should sit in the second procurement call — GCs ask product questions counsel cannot wing
Note: Published with the founder’s consent. This is not legal advice and does not create a lawyer-client relationship.
This publication is for general information only and does not constitute legal advice. Regulatory positions evolve; verify current notifications and obtain counsel before acting. © 2026 SB Tech Associates.