Society Visitor Pre-Approval App — Masked Aadhaar & Number

Name: EstateDeck Society Visitor Management System
Brand: EstateDeck

A real visitor entry · Tuesday · 7 PM lunch guest

This is what a verified visitor entry looks like, second by second.

Anjali Mehta is visiting Flat C-1204 at Mahaveer Tulip Residency. The hosts pre-approved her at lunch. Here's every event from pre-approval creation to exit stamp — including the UIDAI-masked Aadhaar moment, the OTP dispatch, and the DPDP §6 consent.

Visit #2026-VM-04217 · Flat C-1204 · Pre-approved 13:42 · Tower C, Floor 12 Closed · §65B logged

Time	Event	Status
Mon 13:42	Resident creates pre-approval: Anjali Mehta · Tue 18:30-19:30 · Lunch guest	▶ Pre-approved
Mon 13:42	Shareable invite link generated · WhatsApp pre-write composed	✓ Link ready
Tue 18:47	Visitor at Tower C gate · Guard taps "Match pre-approval"	↗ Arrived
Tue 18:47	Guard captures visitor photo · Visitor consents to DPDP §6 notice	✓ Photo + consent
Tue 18:48	Aadhaar scanned · Stored as XXXX-XXXX-4421 (last 4 only) per UIDAI	✓ Masked Aadhaar
Tue 18:48	OTP push to resident app + IVR call routed via server (number masked)	↗ OTP sent
Tue 18:49	Resident sees photo + pre-approval match + taps Approve	✓ Approved
Tue 18:49	Digital gate pass generated · Entry stamp logged · Tower C lift unlocked	✓ Entry
Tue 20:34	Exit stamp captured at Tower C gate	✓ Exit
Tue 20:34	Total stay: 1 hr 45 min · Record sealed · §65B-admissible	✓ Sealed
Tue 20:35	Resident's mobile number never exposed to guard or visitor	→ Puttaswamy 2017

One visitor. Eleven events. One masked Aadhaar. One number-masked call. One DPDP §6 consent. One §65B-admissible audit record. The paper register couldn't do any of this — and the guard never had to remember a single phone number.

What this module owns · what it deliberately doesn't

Visitor Management runs the gate verification.
The parcel, the vehicle, the maid, and the emergency live elsewhere.

EstateDeck splits gate-related work into specialised modules with clean boundaries. Visitor Management owns the one-off visitor entry workflow — anything that's not a one-off visitor is somewhere else.

This module owns

✓Resident-led visitor pre-approval — create expected-visitor entry before arrival from the app.
✓Gate photo capture + OTP dispatch + resident Approve/Deny.
✓Aadhaar capture in masked form (XXXX-XXXX-1234) per UIDAI Circular K-11020/217/2018-UIDAI.
✓Digital gate pass with shareable WhatsApp 6-digit passcode for event guests.
✓Number masking — guard-to-resident call routed via server; mobile number never exposed.
✓IVR fallback for residents without app or internet — press 1 to approve.
✓Pre-approved regular visitor list — yoga teacher, family doctor, weekly cook.
✓Event-mode bulk gate passes — 50+ wedding guests, one passcode each, auto-expire.
✓Child exit verification at gate — parent OTP required for minor's solo exit.
✓DPDP Act 2023 §6 notice + consent capture at visitor's first visit; persisted.

This module defers to

→Parcel chain-of-custody, photo proof on receipt, 4-digit one-time PIN pickup, Day 1/3/5 aging alerts — lives in EstateDeck Delivery & Classifieds. We handle the delivery person's gate entry; once the parcel is at the desk, that workflow takes over.
→Vehicle plate ANPR allow-list, RFID tag reading, boom barrier automation — lives in EstateDeck ANPR. We verify the person; ANPR verifies the vehicle.
→Face-recognition biometric gate/lift access + liveness detection — lives in EstateDeck Face Recognition. We verify a visitor by photo + OTP shown to a human resident; face-recognition is the biometric resident-access mechanism.
→Domestic-help daily attendance, biometric / RFID / QR clock-in, shift rosters, overtime, payroll feed — lives in EstateDeck Staff Attendance. Maids and recurring staff are not visitors.
→One-tap panic / emergency dispatch to guards + RWA + family + 108 EMS — lives in EstateDeck SOS Alerts. A gate visitor is a visit; a panic button is an emergency.

The pre-approval: tap once, host without the calls

Resident-led visitor pre-approval

Tell the gate they're coming. The intercom goes silent.

One-tap from the app: Guest name, expected window, optional vehicle plate, optional purpose.
Pre-approved regular list: Yoga teacher, family doctor, weekly cook — set once, skip per-visit approval forever.
Multi-family-member routing: Anyone in the flat can approve — first to tap wins. No "I was waiting for amma to confirm".
Auto-window expiry: Pre-approval expires after the window. The guest must call you again — the system doesn't.

Event-mode bulk gate passes

Fifty wedding guests. Fifty passcodes. One WhatsApp share.

CSV upload or manual entry: Names → 6-digit passcodes, one per guest. Per-guest QR optional.
WhatsApp-shareable template: Name, address, gate pass code, arrival window — ready to forward.
Auto-expire on event close: Codes stop working at the configured end time. No stale access.
Up to 200 guests per window: Weddings, birthdays, sangeets, society festivals — all supported.

Gate Pass · Anniversary Lunch

Mr & Mrs Mishra

Visiting · Flat C-1204 · Tower C

7 4 2 1 5 9

Valid · Sat 26 Apr · 12:00 – 16:00

The gate verification: photo, OTP, masked Aadhaar

UIDAI-compliant Aadhaar masking

Last 4 digits only. Never the full number. Per UIDAI circular, not optional.

Stored format: XXXX-XXXX-1234. Per UIDAI Circular K-11020/217/2018-UIDAI on Aadhaar masking.
Aadhaar Act 2016 §29 compliance: Storage of full Aadhaar by a society is prohibited; we never receive it.
Audit-friendly: Last 4 digits + photo + visitor name is enough to disambiguate at audit; nothing more is needed.
Society liability shield: No drawer full of Aadhaar Xerox copies. No data-breach exposure.

OTP verification + IVR fallback

App push for the connected. Phone call for the offline. No resident left out.

App OTP: Push notification with visitor photo + Approve/Deny tap. The whole interaction takes seconds.
IVR fallback: No internet? The system calls you. "Press 1 to approve Anjali Mehta. Press 2 to deny." Works on every phone.
Number masking on the call: The guard's app dials our server, which dials your number. The guard never sees your mobile.
10-second decision window: Configurable. If no approval lands, the visitor waits at the gate until you respond.

Privacy + DPDP + Puttaswamy

End-to-end number masking

Your number stays yours. The guard never gets it.

Guard calls routed via server: Guard's app shows a server number; resident gets the call from a system number. Neither sees the other's actual mobile.
Shift-change protection: When a new guard comes on, no register-handover leaks resident contacts.
Honours Puttaswamy 2017: Constitutional right to privacy at the gate. Recognised in K.S. Puttaswamy v Union of India 2017.
Per-resident opt-in for caller-ID: If a resident chooses to share their direct number with a specific vendor or person, that's their call to make — through the app.

DPDP §6 notice + consent at gate

First visit: the visitor sees what's collected, agrees, and we remember.

One-screen DPDP §6 notice: What's captured, why, who can see it, for how long. Visitor taps Accept.
Persisted consent: Subsequent visits skip the notice — consent is remembered until withdrawal.
Data retention configurable: Society bye-laws drive the retention window — typically 6 to 24 months. Hon. Secretary sets it once.
Every log access logged: If the Hon. Secretary opens a past visitor record, that view is itself logged. Surveillance of the surveillance.

Gate workflows beyond the visitor

Child exit verification at gate

A minor cannot walk out alone unless a parent says so.

Minor profile auto-flag: Children registered in the flat profile are tagged. Gate guard tablet shows a Hold prompt when a minor attempts solo exit.
Parent OTP required: OTP goes to both registered parents simultaneously. Either parent can release.
Audit log per exit: Which parent approved, when, and the exit timestamp — preserved permanently.
Pre-approved exit window: For school pickups, parents can authorise a recurring exit window so the gate doesn't hold the child every day.

Visitor analytics + committee report

Patterns the Hon. Secretary needs to see. Without seeing names.

Per-flat visitor volume: Anomaly flag for unusual spikes — useful for compliance audits.
Late-night visit threshold: Configurable per society bye-laws. Anything past midnight goes to the daily committee digest.
Vendor visitor flag: When a vendor visit is logged, the record cross-links to Vendor Management automatically.
Monthly PDF report: One-page committee summary — aggregate counts, no resident names, AGM-shareable.

Three gate realities in Indian housing

Whichever gate problem you came here to solve.

EstateDeck Visitor Management is in production with three distinct gate patterns. The workflow flexes; the audit log stays the same.

High-rise tower

Single-tower CHS with 80–150 flats

One gate, two shifts, a steady stream of one-off visitors — food delivery, family, friends. Pre-approval + OTP handles 90% of entries in seconds. The Hon. Secretary uses the monthly committee report to spot late-night anomalies.

Multi-tower gated community

500–1,000 flats with tower-side gates

Main gate plus per-tower secondary entries. Multi-family approval routing matters because someone is always at home. Event-mode bulk passes used 4-6 times a month for cultural and family events. Number masking is a hard requirement.

Builder-handover phase

Newly handed-over society in defect-liability period

Heavy contractor visits for snag-list fixes. Vendor visitor flag auto-routes carpenter, electrician, painter records to Vendor Management. Each contractor visit becomes an audit-friendly record for the defect-liability claim later.

The Indian legal frame this is built on

UIDAI, DPDP, Puttaswamy — real privacy law, not buzzwords.

UIDAI Aadhaar Masking Circular K-11020/217/2018-UIDAI

The Unique Identification Authority of India circular K-11020/217/2018 specifies that entities holding Aadhaar information must mask the first 8 digits and display only the last 4. EstateDeck stores only the masked form (XXXX-XXXX-1234) — full Aadhaar never enters our database. This eliminates the society's liability exposure under the Aadhaar Act 2016.

Aadhaar Act 2016 §29

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016, Section 29, restricts the sharing and use of Aadhaar number and biometric information. Housing societies are not authorised users of full Aadhaar. EstateDeck's masking approach keeps the society on the right side of this restriction.

DPDP Act 2023 §6 — Notice + Consent

The Digital Personal Data Protection Act 2023 (Phase I notified 13 Nov 2025; full compliance window 13 May 2027) requires notice and consent before processing personal data. EstateDeck captures DPDP §6 consent at the visitor's first visit with a one-screen notice — purpose, retention, access — and persists it for subsequent visits.

K.S. Puttaswamy v Union of India 2017

The 9-judge Supreme Court bench in Justice K.S. Puttaswamy (Retd.) v Union of India 2017 recognised the right to privacy as a constitutional fundamental right under Article 21. EstateDeck's number masking, masked Aadhaar storage, and DPDP §6 consent flow are designed to honour this right at the gate — where it would otherwise be most casually violated.

IT Act 2000 §65B

Section 65B of the Information Technology Act 2000 governs the admissibility of electronic records in Indian courts. Every visitor entry, exit timestamp, photo, OTP delivery, and approval action in EstateDeck Visitor Management is preserved as §65B-compliant electronic evidence — admissible at police investigation, society dispute resolution, or insurance claim.

State Apartment Ownership Acts + Society bye-laws

State-specific Apartment Ownership Acts (Maharashtra AOA 1970, West Bengal AOA 1972, Karnataka AOA 1972, TN AOA 1994, Delhi AOA 1986, UP Apartment Act 2010, Haryana AOA 1983) and registered society bye-laws frequently require visitor logging as part of resident-safety obligations. EstateDeck's log structure satisfies these requirements for AOAs and CHSes across India.

From the field

Sector 137, Noida · 560 flats · 14 months in.

"I took over the Security & Vigilance portfolio in 2024 and the first thing I discovered was a drawer behind the guard desk with about three hundred Aadhaar photocopies in it. Visitors from the last six months. The previous arrangement was 'show ID, we'll Xerox it for the records.' Nobody on the committee had thought about UIDAI's masking circular, or about what would happen if that drawer was photographed. We moved to EstateDeck the next month. Fourteen months in: zero Aadhaar copies anywhere, last four digits only on every record, ninety-two thousand visitor entries logged with photo and OTP, zero phone numbers leaked. The DPDP Act phase-one came in November '25 and we were already compliant. The Hon. Auditor at our AGM in March specifically called out the visitor log as the cleanest record he'd seen in a Noida AOA."

Shri Anant Tripathi Hon. MC Member (Security & Vigilance Portfolio) · Mahaveer Tulip Residency AOA · 560 flats · 4 towers
Sector 137, Noida-201304, Uttar Pradesh · UP Apartment Act 2010 + UP Co-op Societies Act 1965
Migrated to EstateDeck Visitor Management · 14 months · 92,000+ logged entries · 0 Aadhaar copies · DPDP-ready before Phase I

What you need at the gate	Paper register	Basic visitor app	EstateDeck VMS
Pre-approval before arrival	None	Sometimes	One-tap + regular list + bulk
Resident phone number safe	Open to everyone	Visible to guard	End-to-end masked
Aadhaar handling	Xerox in drawer	Full number stored	Last 4 digits only (UIDAI)
OTP / IVR for offline residents	Phone call to landline	App only	App + IVR fallback
Bulk gate passes for events	"Tell the guard names"	Manual one-by-one	Event mode · up to 200 guests
Child exit verification	Guard's judgement	Usually none	Parent OTP required
DPDP §6 consent capture	Not possible	Rarely	One-screen at first visit
§65B-admissible audit log	Loose pages	Basic timestamps	Full per-event sealed log

Quick answers

Visitor management, asked and answered.

The questions every Hon. Secretary, MC Security Member, and worried parent asks before replacing the paper register at the gate.

What does an apartment visitor management system do?

It replaces the paper register at the gate with a real verified-entry workflow. Residents pre-approve expected visitors from the app. When the visitor arrives, the guard captures a photo, optionally captures the visitor's Aadhaar in masked form per UIDAI circular, sends an OTP-based approval request to the resident, and on approval generates a digital gate pass with timestamp. The whole entry-and-exit record is preserved as electronic evidence under IT Act 2000 §65B, with DPDP Act 2023 §6 notice and consent captured at the visitor's first visit.

Do you store full Aadhaar numbers of visitors?

No — and we cannot. The UIDAI Aadhaar Masking Circular K-11020/217/2018-UIDAI, read with Aadhaar Act 2016 §29, restricts storage of Aadhaar numbers to masked form. EstateDeck stores only the last 4 digits (XXXX-XXXX-1234) of any Aadhaar shown at the gate. The full number is never persisted. If your society requires deeper visitor verification, we recommend the Form 1 police-verification path (which is the lawful framework for tenant verification) rather than full Aadhaar capture.

What if a resident doesn't have a smartphone or internet?

The system falls back to IVR — Interactive Voice Response. When the guard sends an approval request, the resident's mobile rings. A pre-recorded voice announces the visitor's name and asks them to press 1 to allow entry or 2 to deny. Works on any phone, no app needed. The IVR call is routed through the EstateDeck server using number masking — the guard never sees the resident's mobile number, and the resident's number is never displayed to the visitor or guard.

How does number masking work and why does it matter?

Indian housing societies traditionally had resident phone numbers listed in the guard register, exposed to every guard rotation and any visitor who could glance at the desk. EstateDeck routes all guard-to-resident calls through our server — the guard's app dials an EstateDeck number, which forwards the call to the resident's actual number, which neither party sees. This honours the constitutional right to privacy as recognised in Justice K.S. Puttaswamy v Union of India 2017, and forms part of the society's DPDP Act 2023 compliance posture. No guard transition or shift change leaks resident mobile numbers.

Can I pre-approve a list of guests for a party or wedding?

Yes. Use Event Mode. Upload your guest list (CSV from your invite spreadsheet works) or enter names one by one — the system generates one 6-digit passcode per guest that you can WhatsApp out along with your address. Guests show the code at the gate; the guard verifies and entry is logged in seconds, no resident call needed. Event mode supports up to 200 guests in a single configurable window. After the event window closes, all codes auto-expire.

How is this different from staff attendance for maids and housekeeping?

Different module, different purpose. EstateDeck Visitor Management handles one-off visitors — your guests, your guests' guests, food delivery, the plumber for a one-time job. Recurring society staff — maids, housekeepers, gardeners, security guards, lift operators — are handled in EstateDeck Staff Attendance, which has biometric / RFID / QR-based daily attendance, shift rosters, overtime computation, and payroll feeds. The two modules share the gate, not the workflow.

Does it handle vehicle entry and the boom barrier?

We handle visitor identification on foot or in a vehicle. The vehicle plate allow-list mechanism — ANPR cameras at the gate, RFID tag reading, automatic boom barrier opening for registered resident vehicles — lives in EstateDeck ANPR. The two modules cross-reference: if a visitor arrives with a vehicle that's not on the resident allow-list, ANPR routes the entry through our visitor workflow for resident approval. One gate; two complementary mechanisms.

What about parcels and food delivery — does the parcel stay with the guard?

Parcels have their own chain-of-custody workflow that goes deeper than visitor management. EstateDeck Delivery & Classifieds handles parcel arrival with photo proof on receipt, 4-digit one-time PIN pickup, aging alerts at Day 1, Day 3, Day 5, and Cabin-Full guard alert — preserved as §65B-admissible electronic record. We handle the delivery person's entry through the gate; once the parcel is logged at the guard desk, the parcel workflow takes over.

Can the guard approve entry for a child who wants to leave alone?

No — and that's the point. Child Exit Verification is built into the gate workflow. When a child registered as a minor in their flat's profile attempts to leave alone, the guard's tablet flashes a Hold prompt and requires a parent OTP before letting the child exit. The OTP goes to both registered parents simultaneously; either parent can release. The entry-exit log records which parent approved and the timestamp. For school-pickup events, parents can pre-approve a child-exit window.

What does the DPDP Act 2023 mean for visitor data?

The Digital Personal Data Protection Act 2023 (Phase I notified 13 Nov 2025; full compliance window 13 May 2027) treats visitor identifying information as personal data. EstateDeck captures DPDP §6 notice and consent at the visitor's first visit — the visitor sees a one-screen notice describing what data is captured, why, who can see it, and for how long. Consent is remembered for subsequent visits to the same flat. Data retention follows the society's bye-laws, configurable per the Hon. Secretary. The resident's mobile number is masked end-to-end (see number-masking above). Every access to the visitor log is itself logged.

EstateDeck

Targeted Solutions

Twelve guests for Sunday lunch. Twelve repeated phone calls to the guard.
There has to be a better way through the gate.

This is what a verified visitor entry looks like, second by second.

Four problems the paper register can't solve.

"There are 47 Mr Sharmas here"

The phone number that everyone has

Aadhaar Xerox under the table

Sunday lunch · twelve guests