Skip to main content

Safety & privacy

Aadhaar safe. Customer data safe.

Velosta handles Aadhaar, passport and payment information every day. We take that seriously — every decision is aligned with India's new data protection law (DPDP).

Book a demoChat on WhatsApp

9 security pillars

Privacy is built into the app

Aadhaar, passport, customer data, access control, audit log — each has a clear rule. Not just policy on paper, but enforced in the code.

Aadhaar photo is never saved

Aadhaar and passport photos are only used at the time of scanning. They are never saved on our server. Only the name, address and masked Aadhaar (last 4 digits) are stored.

Encrypted file storage

Bike photos and customer ID images are stored encrypted in AWS S3. Different types of data live in separate buckets, so nothing can leak across them.

Login security

Short access tokens (15 minutes) plus refresh tokens (7 days). If a token is stolen, the system detects it and logs the user out on its own.

Staff permissions

Admin, Manager and Staff each get their own permissions. Staff can only see their own branch — never another branch's data.

Activity log

Every change is recorded — who, what, time, IP and device. If something goes wrong, you can check easily.

Each store's data is separate

Your store's data is visible only to you. At the code level, every query is scoped to your store — another store's data can't be accessed even by accident.

30-day deletion grace

To delete an account or store, you have to verify with OTP. There's a 30-day grace period, after which all the data is permanently deleted.

Privacy by default

Scan requests are not stored in our logs. A customer's personal data never reaches our logs at all.

Protection from bots and attacks

Rate limiting, security headers, encrypted passwords, input validation — the basics are all in place.

FAQ

Common security questions

Do you save the Aadhaar number?+
No. We only save the last 4 digits and the name/address. The full Aadhaar number never reaches the database. The Aadhaar photo itself is also never saved — it's only used at the time of scanning.
Are you compliant with DPDP (the data protection law)?+
Yes. In-memory OCR, no photo storage, masked Aadhaar, consent capture and 30-day deletion — all of it is designed around the DPDP law. We can walk you through the details on a demo call.
Where is the data stored?+
All data is stored in AWS's India region (Mumbai). Files are encrypted. Backups also stay in India.
Can I export or delete my data?+
Yes. An admin can export all of their data. To delete an account, you have to verify with OTP, followed by a 30-day grace period. After that, everything is permanently deleted.
Do you do security testing?+
Yes. We run regular security scans and bring in outside parties for reviews. Reports can be shared under NDA — request via our sales team.
Setup in a day · No advance payment

Need more detail?

We can share our security review documents under NDA. Message us on WhatsApp or give us a call.

Book a demoChat on WhatsApp
Call +91 79955 17791sales@velosta.com