DriveDesk

← Back to home

Security

How we protect your data

Infrastructure Security

DriveDesk is hosted on cloud infrastructure with isolated environments for production and staging. All network communication is encrypted using TLS 1.2+.

Authentication

All accounts require email-based authentication. Passwords are hashed using bcrypt. Sessions are short-lived and cryptographically signed. No self-signup — all accounts are provisioned by platform administrators to prevent unauthorised access.

Data Encryption

Data is encrypted at rest and in transit. Sensitive fields (invite tokens, OTP codes) are stored as SHA-256 hashes — raw values are never persisted.

KYC and Identity Verification

Aadhaar and driver's licence verification is performed via DigiLocker OAuth. We do not store raw Aadhaar numbers; only verification status and hashed identifiers are retained.

Access Control

Role-based access control (RBAC) enforces least-privilege access throughout the platform. Dealership staff can only access data scoped to their own dealership.

Gate Pass Security

Gate passes are protected by HMAC-signed payloads with short expiry windows, preventing forgery and replay attacks.

Vulnerability Disclosure

If you discover a security vulnerability in DriveDesk, please disclose it responsibly by emailing security@drivedesk.in. We commit to acknowledging your report within 48 hours.