Back to Home

Aadhaar Privacy & Compliance

UIDAI-Specified Offline Verification

Last updated: 1/6/2026

Important UIDAI Disclaimer

Bunks is not an Aadhaar User Agency (AUA) or KYC User Agency (KUA) as defined by UIDAI. We do not perform Aadhaar authentication or e-KYC. We do not access UIDAI servers and do not claim UIDAI approval or certification. All Aadhaar-related verification is limited to UIDAI-specified Offline Verification methods only.

1. What is Offline Aadhaar Verification?

Bunks uses Offline Aadhaar Verification as specified in official UIDAI guidelines. This is fundamentally different from Aadhaar authentication or e-KYC:

✓ What We Do (Offline Verification)

  • • Validate QR code digital signature
  • • Verify XML file cryptographic signature
  • • Check signature against UIDAI public key
  • • Process entirely on local device
  • • No internet connection required

✗ What We Don't Do

  • • No biometric authentication
  • • No OTP-based authentication
  • • No API calls to UIDAI servers
  • • No e-KYC data retrieval
  • • No Aadhaar number storage

2. What Data is Collected?

Data We Extract (with consent):

  • Name — Partially masked in storage (e.g., "Rahul S****")
  • Date of Birth — For age verification only
  • Gender — For guest register compliance
  • Reference ID — A masked identifier (NOT the Aadhaar number)
  • Address (partial) — State/district only, for police compliance
  • Verification Timestamp — When verification occurred

Data We NEVER Collect or Store:

  • Full 12-digit Aadhaar number
  • Aadhaar card images or photocopies
  • Biometric data (fingerprints, iris scans)
  • Full residential address
  • QR code raw data after verification

3. How Verification Works

1

Guest Initiates

Guest scans the QR code on their physical Aadhaar card or uploads the secure XML file from the mAadhaar app.

2

Local Processing

The QR/XML data is processed entirely on the guest's device. No data is sent to UIDAI servers.

3

Signature Validation

We validate the cryptographic digital signature against UIDAI's publicly available certificate, as specified in official UIDAI offline verification guidelines.

4

Minimal Data Storage

Only the verification reference ID and essential details (masked name, DOB) are stored. The Aadhaar number is never transmitted or stored.

4. Data Retention & Deletion

  • Verification Reference IDs: Retained for the duration required by local police/tourism regulations (typically 1-5 years depending on state).
  • Guest Check-in Records: Retained as per legal requirements for guest registers under state tourism/police regulations.
  • Right to Deletion: Guests may request deletion of their data subject to legal retention requirements. Contact us at hello@bunks.app

5. Non-Aadhaar Identity Documents

Bunks also supports verification of alternative identity documents for guests who prefer not to use Aadhaar or for international travelers:

  • Driving License
  • PAN Card
  • Passport (for foreign nationals)
  • Voter ID (coming soon)

Important: Non-Aadhaar documents are verified using trusted government-linked data sources and are used as alternative identity corroboration. These do not carry the same cryptographic assurance level as UIDAI-specified offline Aadhaar verification.

6. Your Rights Under DPDP Act 2023

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

  • Right to Access: Request a summary of your personal data and how it is being processed.
  • Right to Correction: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Grievance Redressal: Lodge complaints regarding processing of your personal data.
  • Right to Nominate: Nominate another individual to exercise your rights in case of death or incapacity.

7. Security Measures

  • Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Indian Data Residency: 100% of data is stored on servers located in India, compliant with data localization requirements.
  • Access Controls: Strict role-based access controls limit who can access verification data.
  • Audit Logging: All access to sensitive data is logged for security and compliance purposes.

8. For Property Owners (Data Fiduciaries)

If you are a property owner using Bunks for guest verification:

  • You act as the Data Fiduciary for guest data under DPDP 2023.
  • You are responsible for obtaining valid, explicit consent from guests before initiating identity verification.
  • You must not use Aadhaar verification to deny services where Aadhaar is not legally mandatory.
  • Bunks acts as your Data Processor and processes data only as per your instructions and this policy.

9. Contact & Grievance Officer

For any questions, concerns, or grievances related to Aadhaar data processing:

Data Protection Officer

Bunks Technologies

Mohali, Punjab, India

PIN: 160055

Email: hello@bunks.app

Phone: +91 78892 45747

This Aadhaar Privacy & Compliance document is supplementary to our main Privacy Policy and Terms of Use. In case of any conflict, the more specific provision in this document shall prevail for Aadhaar-related matters.