T
TOMO
Developer Docs
⌘K
BETA These docs are under partner review. Some features described are roadmap items, not yet shipped. Verify against your sandbox before relying on any contract.
Docs  ›  intents  ›  safety.subscribe_cyber_protection
● LIVEv1.0.0safety.subscribe_cyber_protection

safety.subscribe_cyber_protection — Full Intent Specification

INTENT NAMESPACE: safety
INTENT NAME:      subscribe_cyber_protection
FULL ID:          safety.subscribe_cyber_protection
VERSION:          v1.0.0
STATUS:           live
TTBS WEIGHTS:     time 0.10 · taste 0.10 · budget 0.25 · safety 0.55
LAST UPDATED:     2026-05-14

Annual / multi-year cyber-protection subscription bundling: dark-web monitoring, account-takeover alerts, SIM-swap detection, phishing helpline, post-incident incident response (forensics + chargeback help + FIR support), and an IRDAI-approved cyber insurance policy. Distinct from any device-anti-virus product because: (a) this is INSURANCE + RESPONSE, not endpoint software; (b) covered events are clearly enumerated (UPI fraud, OTP fraud, card cloning, identity theft, sextortion, ransomware); (c) coverage caps and deductibles matter; (d) IRDAI-approved insurer mandatory; (e) helpline is a real 24×7 human team; (f) post-incident remediation includes RBI ombudsman / cybercrime cell / data-breach reporting assistance.

1. NATURAL LANGUAGE COVERAGE

Classifies IN

  • "cyber insurance for family"
  • "UPI fraud protection plan"
  • "dark web monitoring my email"
  • "Bajaj cyber policy"
  • "identity theft cover"
  • "phishing helpline subscription"
  • "SIM swap alert service"
  • "Norton CyberSafe equivalent in India"
  • "OTP fraud insurance"
  • "cyber cover 1 year"

Classifies OUT — borderline NO

  • "install antivirus" → device security product (out of v1; e-com flow)
  • "VPN subscription" → out of v1
  • "password manager" → out of v1
  • "report a current ongoing fraud" → handled inside this intent's helpline tool, but in-progress flow
  • "credit card fraud at bank" → handled by user's bank; surface inside helpline guidance

MULTI-INTENT TRIGGERS

  • "cyber + alarm monitoring" → safety.subscribe_cyber_protection + safety.subscribe_alarm_monitoring
  • "cyber + emergency SOS app" → safety.subscribe_cyber_protection + safety.subscribe_emergency_sos
  • "cyber + investment advisor (post-scam)" → safety.subscribe_cyber_protection + finance.book_financial_advisor_session

2. INPUT — TOMO → PROVIDER

{
  "intent":          "safety.subscribe_cyber_protection",
  "intent_version":  "v1.0.0",
  "request_id":      "req_cyb_3x8q_2026-05-14T17:00:00Z",
  "user_session_id": "anon_user_token_or_uid",

  "household": {
    "members_count":  3,
    "members_age_bands": ["adult", "adult", "minor"]
  },

  "watch_targets": {
    "emails":     ["k.gamasany@gmail.com", "wife@protonmail.com"],
    "phone_e164": ["+91XXXXXXXXXX", "+91XXXXXXXXXX"],
    "pan_optional_hash": "sha256-…",
    "aadhaar_optional": null,
    "card_last4":  ["1234", "5678"]
  },

  "coverage_preference": {
    "tier":           "comprehensive",
    "tiers_allowed":  ["essentials", "comprehensive", "family_plus"],
    "sum_insured_inr": 500000
  },

  "billing": {
    "duration_months": 12,
    "duration_options": [12, 24, 36],
    "autopay_mandate": true
  },

  "data_consent": {
    "dark_web_scan_consent": true,
    "monitoring_storage_region": "in",
    "regions_allowed":        ["in"]
  },

  "user_constants": {
    "preferred_providers": ["Bajaj Allianz Cyber", "HDFC ERGO Cyber", "ICICI Lombard Cyber", "Tata AIG Cyber"]
  }
}

Field rules

  • watch_targets.aadhaar_optional — TOMO does NOT store Aadhaar; partner may, with explicit re-consent. Default null.
  • monitoring_storage_region: in enforced HARD.
  • sum_insured_inr STRICT ENUM bands per partner (e.g., 1L / 5L / 10L / 25L).
  • tiers_allowed STRICT ENUM.

3. PROVIDER TOOLS

cyber.quote

Returns premium + cover + helpline SLA.

cyber.irdai_verify

Verifies insurer license + UIN of product.

cyber.subscribe

Activates policy + monitoring profile.

cyber.dark_web_subscribe

Adds emails/phones/cards to dark-web scanner.

cyber.helpline_open_case

24×7 helpline; opens an incident case ID.

cyber.incident_response_dispatch

Coordinates forensics + RBI ombudsman + cybercrime cell + bank chargeback.

cyber.claim_file

Files insurance claim.

cyber.update_targets

User adds/removes emails/phones/cards.

cyber.cancel

Pre-renewal cancel; partner refund per IRDAI rules.

4. RESPONSE SHAPE

{
  "intent": "safety.subscribe_cyber_protection",
  "request_id": "req_cyb_3x8q_2026-05-14T17:00:00Z",
  "options": [
    {
      "tier": "OK",
      "provider": "Bajaj Allianz Cyber",
      "coverage_tier": "essentials",
      "sum_insured_inr": 100000,
      "annual_premium_inr": 599,
      "covered_events": ["upi_fraud", "otp_fraud", "card_cloning"],
      "deductible_inr": 1000,
      "helpline_sla_minutes": 15,
      "incident_response_included": false,
      "dark_web_monitoring": true,
      "irdai_product_uin": "IRDAN113CP0XXXX",
      "storage_region": "in",
      "ttbs_score": 0.65,
      "tier_reason": "cheapest — essentials only, no IR"
    },
    {
      "tier": "GOOD",
      "provider": "HDFC ERGO Cyber",
      "coverage_tier": "comprehensive",
      "sum_insured_inr": 500000,
      "annual_premium_inr": 2199,
      "covered_events": ["upi_fraud", "otp_fraud", "card_cloning", "identity_theft", "sextortion", "ransomware_personal"],
      "deductible_inr": 1000,
      "helpline_sla_minutes": 10,
      "incident_response_included": true,
      "fir_filing_assistance": true,
      "rbi_ombudsman_assistance": true,
      "dark_web_monitoring": true,
      "sim_swap_alert": true,
      "irdai_product_uin": "IRDAN125CP0XXXX",
      "storage_region": "in",
      "ttbs_score": 0.87,
      "tier_reason": "balanced — ₹5L cover + IR + ombudsman + sim-swap"
    },
    {
      "tier": "GREAT",
      "provider": "Tata AIG Cyber Family Plus",
      "coverage_tier": "family_plus",
      "sum_insured_inr": 1500000,
      "annual_premium_inr": 4499,
      "covered_events": ["upi_fraud", "otp_fraud", "card_cloning", "identity_theft", "sextortion", "ransomware_personal", "minor_cyberbullying", "phishing_loss"],
      "deductible_inr": 0,
      "helpline_sla_minutes": 5,
      "incident_response_included": true,
      "fir_filing_assistance": true,
      "rbi_ombudsman_assistance": true,
      "dark_web_monitoring": true,
      "sim_swap_alert": true,
      "credit_freeze_assistance": true,
      "minor_protection_pack": true,
      "irdai_product_uin": "IRDAN108CP0XXXX",
      "storage_region": "in",
      "ttbs_score": 0.93,
      "tier_reason": "₹15L family cover + minor protection + 5-min helpline + zero deductible"
    }
  ]
}

5. CONTROLLED VOCABULARIES

coverage_tier

essentials · comprehensive · family_plus

covered_events

upi_fraud · otp_fraud · card_cloning · identity_theft · sextortion · ransomware_personal · minor_cyberbullying · phishing_loss · email_account_takeover

storage_region

in (enforced)

helpline_sla_minutes band thresholds

≤5 · ≤10 · ≤15 · ≤30

All STRICT ENUM.

6. TTBS DIMENSIONS

TIME (weight 0.10)

  • Subscription activation latency
  • Helpline SLA minutes
  • TIME = activation × helpline_sla

TASTE (weight 0.10)

  • Brand familiarity
  • App + helpline UX rating
  • TASTE = brand × ux

BUDGET (weight 0.25)

  • annual_premium_inr vs best
  • Deductible band
  • Coverage per ₹ premium ratio
  • BUDGET = 1 − (premium − best) / best

SAFETY (weight 0.55 — dominant)

  • IRDAI product UIN valid
  • Insurer license active
  • Covered events span (more = better up to tier)
  • Helpline 24×7 with human team
  • Incident response included
  • Dark-web monitoring + SIM-swap alert
  • FIR + ombudsman assistance
  • Storage region IN-aligned
  • SAFETY = uin × license × events × helpline_24x7 × ir × dwm × sim × fir × region

HARD FILTERS

  1. IRDAI product UIN valid.
  2. Storage region in.
  3. Helpline manned 24×7 (not chatbot-only).
  4. Dark-web consent + IN storage region match user toggle.
  5. Insurer license active.

7. COMPLETION CONTRACT

Success criteria

  1. Quote accepted; policy issued (IRDAI UIN visible).
  2. Watch targets added to dark-web scanner.
  3. Autopay mandate created (if multi-year).
  4. SIM-swap alert active on user's phone numbers.
  5. Welcome email with helpline number, policy PDF, claim instructions.
  6. CPC webhook fires.

CPC webhook

{
  "event": "safety.subscribe_cyber_protection.activated",
  "intent_id": "safety.subscribe_cyber_protection",
  "request_id": "req_cyb_3x8q_2026-05-14T17:00:00Z",
  "policy_id": "HDFC-CYB-2026-77129",
  "provider": "HDFC ERGO Cyber",
  "coverage_tier": "comprehensive",
  "sum_insured_inr": 500000,
  "annual_premium_inr": 2199,
  "duration_months": 12,
  "tomo_commission_base_inr": 330,
  "tomo_commission_inr": 33,
  "pass_through_inr": 1869,
  "irdai_product_uin": "IRDAN125CP0XXXX",
  "storage_region": "in",
  "activated_at_iso": "2026-05-14T17:14:00+05:30",
  "signature_hmac_sha256": "…"
}

Failure cases

  • autopay_mandate_failed → invoice fallback.
  • claim_rejected_pre_existing → standard insurer recourse.
  • dark_web_scan_failure → re-subscribe target.
  • helpline_breach_sla → partner SLA penalty.

8. WIDGET

{
  "widget": "CyberProtectionWidget",
  "header": {
    "household_strip": "3 members · 2 emails + 2 phones + 2 cards on watch",
    "data_strip":      "Stored in India · dark-web scan consent ON",
    "policy_strip":    "IRDAI UIN visible · IRDA-approved insurer"
  },
  "regions": {
    "region_1_intelligence": ["UPI + OTP + card + identity covered", "helpline 24×7 human team", "incident response included", "SIM-swap alert on"],
    "region_2_summary": "Annual policy · ₹5L cover · 10-min helpline SLA",
    "region_3_visual": null,
    "region_4_now_pin": "Pay premium — activation in ~10 minutes",
    "region_5_tomo_choices": [
      {"tier": "OK", "label": "Bajaj Essentials · ₹599/yr · ₹1L cover", "reason": "cheapest"},
      {"tier": "GOOD", "label": "HDFC Comprehensive · ₹2,199/yr · ₹5L cover + IR + ombudsman", "reason": "balanced"},
      {"tier": "GREAT", "label": "Tata Family Plus · ₹4,499/yr · ₹15L + minor protection + 5-min helpline", "reason": "highest cover"}
    ]
  },
  "footer_disclosures": [
    "Insurance is between you and the IRDAI-approved insurer — TOMO surfaces the UIN and product.",
    "Cyber events not on the covered list are out of scope — read the policy PDF carefully.",
    "Helpline is a human team, not a chatbot — if you suspect fraud right now, call them first, then file FIR."
  ]
}

9. CACHING POLICY

  • Quote: 24h TTL.
  • IRDAI UIN: cached 90d at registry layer.
  • Policy PDF: pointer at TOMO; full at partner.
  • Watch targets: encrypted at partner; TOMO holds pointer + hash only.
  • Past claims: at partner per IRDAI retention; on-device 1 year for user review.
  • Aadhaar: NEVER cached at TOMO.

10. ERROR CODES

Code Meaning UI surface
ERR_IRDAI_UIN_INVALID UIN not in registry Drop option
ERR_INSURER_LICENSE_INACTIVE insurer license suspended Drop option
ERR_AUTOPAY_FAILED mandate rejected Invoice fallback
ERR_DARK_WEB_SCAN_FAILED partner scanner offline Retry; alert user
ERR_HELPLINE_BREACH_SLA response too slow SLA penalty automated
ERR_PRE_EXISTING_FRAUD event predates policy start Insurer rejects per policy
ERR_CONSENT_MISSING_DWM dark-web consent not given Inline consent
ERR_STORAGE_REGION_MISMATCH partner can't honor IN region Drop option
ERR_TARGET_FORMAT_INVALID email/phone/card format bad Re-enter
ERR_PARTNER_OFFLINE partner API down Try next

11. SANDBOX → PRODUCTION CHECKLIST

  • Sandbox IRDAI UIN validation.
  • Sandbox dark-web scan with mock dataset.
  • Sandbox helpline SLA test.
  • Sandbox incident response flow.
  • Sandbox SIM-swap alert mock.
  • Sandbox Autopay mandate test across 3 banks.
  • Production IRDAI master cross-checked weekly.
  • Production helpline 24×7 attested by partner.
  • Production rate limit: 1 active cyber policy / user / household.
  • Production CPC HMAC-SHA256 5-min replay verified.
  • Production minor-protection module age-gate at signup.

12. ANTI-FABRICATION RULES

  • NO paid_placement on insurers.
  • NO synthetic UIN / IRDAI claim.
  • NO bundling promo into premium.
  • NO claim of "AI-powered fraud prevention" — surface real covered events only.
  • NO holding Aadhaar at TOMO.
  • NO selling watch-target data to advertisers (contract bar).
  • NO "100% fraud-proof" claim — insurance is a financial backstop, not prevention.
  • NO TOMO-issued IRDAI badge.
  • NO synthetic helpline SLA — partner-attested only.
  • NO marketing language ("smart cyber security").

13. REGULATORY FRAMING

  • Insurance Act 1938 / IRDAI Act 1999 + IRDAI product UIN regulations.
  • DPDPA 2023 — watch targets + claim data = personal data; partner = data fiduciary.
  • IT Act 2000 + IT (Reasonable Security Practices) Rules 2011 — partner's security baseline.
  • RBI ombudsman scheme — assistance covered by partner.
  • CrPC + IT Act — FIR filing assistance.
  • Aadhaar Act 2016 — TOMO does NOT collect Aadhaar; partner may with explicit consent.
  • Consumer Protection Act 2019 — partner is service provider; insurer is service provider too.
  • TOMO is router only — does NOT issue insurance, does NOT run dark-web scanner, does NOT operate helpline.
Get sandbox keys →

Built by AUTOMOBNXT · DPIIT Recognised Startup · 2026