Introduction
The Digital Personal Data Protection Act, 2023 (DPDP Act) and the Rules notified in November 2025 have fundamentally changed what it means to run a visitor management system in India. Every check-in is now a data event with legal obligations. Every face photo is a consent decision. Every visitor record has an expiry date.
Most visitor management systems available in India were built before DPDP was enacted, let alone before the Rules clarified how it would be operationalised. They were designed to make check-in fast and convenient β not to make data collection legally compliant.
Onfra was built for the India market, and the DPDP framework is not an afterthought for us. It is a design principle. This article explains exactly how Onfra’s visitor management platform supports your organisation’s DPDP compliance journey β from the first screen a visitor sees on the kiosk to the automated deletion of their record months later.
Understanding the Roles: You and Onfra Under DPDP
Before mapping Onfra’s features to DPDP obligations, it helps to be clear on the legal relationship.
Your organisation is the Data Fiduciary. You decide why visitor data is collected, what it is used for, and how long it is kept. You are accountable to the Data Protection Board of India for compliance.
Onfra is your Data Processor. We process visitor data on your behalf, under your instructions. We implement security safeguards, maintain audit trails, and support your ability to honour visitor rights requests. We do not use your visitor data for our own purposes.
This means DPDP compliance for your visitor management requires action from both sides: Onfra building and maintaining compliant infrastructure, and your organisation configuring and operating that infrastructure in a compliant way. This article addresses both.
Module 1: DPDP-Compliant Check-In Flow on Onfra Pad
The Onfra Pad is the tablet kiosk application that runs at your reception desk. Under the DPDP Act, the check-in flow on the kiosk must be redesigned around privacy-first principles. Here is how Onfra supports this:
Privacy Notice Screen
The Onfra Pad check-in flow begins with a configurable privacy notice screen β presented before any data collection begins. You configure the notice content to match your organisation’s specific data practices:
- What data is collected at your facility
- The specific purpose for each data type
- How long each type of data is retained
- Contact details for data rights requests
- How to withdraw consent and request deletion
The notice is displayed as a standalone screen, separate from the check-in form, in accordance with Rule 3’s requirement that the notice be presented and be understandable independently.
Language support: Onfra’s privacy notice screen supports multiple languages β allowing your visitors to read the notice in English or the regional language most relevant to your location and visitor population.
Layered Consent Architecture
After the privacy notice, Onfra’s check-in flow collects consent through separate, explicit steps for each distinct data type:
Step 1 β Standard visit data consent:
“I have read the privacy notice and consent to my visit details being recorded for building access and security purposes.”
β Checkbox: I agree
Step 2 β Photo consent (if photo capture is enabled):
“I consent to my photo being taken for my visitor badge. [My photo will be deleted on check-out / retained for X days as configured].”
β Checkbox: I consent to photo capture
Step 3 β OTP verification:
Phone number entry and OTP confirmation for identity verification. The OTP is the verification mechanism β not the consent. Both the notice and consent steps precede OTP.
This layered architecture ensures that each consent is:
- Free (independent of other consents)
- Specific (tied to a single purpose)
- Informed (preceded by the privacy notice)
- Unconditional (optional steps are clearly marked as optional)
- Unambiguous (a deliberate checkbox, not a pre-ticked default)
Consent Log
Every consent action on the Onfra Pad is logged with a timestamp and the specific consent version displayed. This creates a consent audit trail: proof that consent was obtained, when, for what specific purpose, and based on which version of the privacy notice. This is the documentary evidence your organisation needs to demonstrate compliance if a visitor’s consent is ever challenged before the DPBI.
Module 2: Data Minimisation Controls
Onfra’s check-in form is fully configurable. This means your organisation controls exactly which fields are shown to visitors β and which are not.
Remove unnecessary fields: If your visit purpose does not require email collection, remove the email field from the form. If vehicle registration is not relevant to your access control, hide the vehicle field. The principle of data minimisation is implemented through your Onfra configuration β and we make it easy to limit collection to exactly what you need.
Mark optional fields clearly: Fields that are genuinely optional (not required for check-in) can be marked as optional in Onfra’s form builder, giving visitors the choice to provide or withhold them.
Visitor category-specific forms: Onfra supports different check-in forms for different visitor categories. A standard business visitor may have a simpler form than a contractor requiring ID verification. The data collected is automatically proportionate to the access level and purpose.
Module 3: Automated Data Retention and Deletion
This is one of the most operationally impactful DPDP requirements β and one where Onfra’s platform delivers genuine compliance infrastructure.
Configurable Retention Policies
In Onfra’s admin dashboard, your compliance officer or system administrator can set retention periods for each data type:
- Standard visit record: configurable (e.g., 90 days from check-out)
- Face photo: configurable separately from the visit record (e.g., delete on check-out, or 30 days)
- OTP log: configurable (e.g., 30 days)
- Gate pass record: configurable to match your GST/customs retention requirements
- Processing/audit logs: minimum 1 year (mandatory Rule 8 compliance; cannot be set below this)
Automated Deletion Engine
Onfra runs a scheduled deletion process that automatically deletes visitor records when their configured retention period expires β with no manual intervention required. For organisations logging hundreds of visitors per day, manual deletion is not a viable compliance strategy. Onfra’s automated engine makes policy enforcement reliable at scale.
Deletion Confirmation Logs
Every automated deletion event is logged: which record was deleted, when, and which retention policy triggered the deletion. These deletion confirmation logs are themselves retained for the Rule 8 minimum one-year period β giving you an auditable trail of not just what data you have, but also what data you have already deleted and when.
Legal Hold Override
For records that must be retained beyond the standard deletion period β because they are linked to an active legal matter, an incident investigation, or a specific regulatory requirement β Onfra supports a legal hold flag. Legal-held records are exempt from automated deletion until the hold is released.
Module 4: Role-Based Access Control
Rule 6 requires that access to personal data be restricted to those who need it. Onfra implements granular role-based access control across its platform:
| Role | Visitor Log Access |
| Reception staff | Today’s visitors; check-in/check-out; pre-registered visitors |
| Security supervisor | Visitor log (within configured window); on-premises count; access alerts |
| Facility manager | Visitor reports; space occupancy analytics (anonymised by default) |
| HR / Compliance | Access to rights request management; audit log review |
| System administrator | Full system access β all access events logged |
| Executive / C-suite | Dashboard summaries; no individual record access by default |
All access to individual visitor records is logged β who accessed which record, when, and what action was taken. Access logs are retained for the mandatory 1-year minimum.
Module 5: Data Principal Rights Support
The DPDP Act gives every visitor six enforceable rights. Onfra’s platform supports your ability to honour each of them.
Right to Access
When a visitor submits an access request β “what data do you have on me?” β your Onfra admin can search by phone number or name to retrieve all records associated with that individual: visit dates, data types held, retention periods. A summary can be exported and provided to the visitor within the 90-day SLA.
Right to Correction
If a visitor’s details are incorrect, any authorised admin role can edit individual visitor records directly in the Onfra dashboard. All edits are logged with the timestamp and user ID of the person who made the change.
Right to Erasure
When a visitor requests deletion of their records before the automatic deletion date, an admin can manually delete individual records through the Onfra dashboard. The deletion is cascaded to associated data (photo, OTP log, visit details) and a deletion confirmation log is created. Erasure requests should be processed within the 90-day SLA.
Consent Withdrawal
If a visitor wishes to withdraw consent for ongoing data processing, the admin can remove their records immediately. Onfra’s deletion process is irreversible β deleted records are purged, not simply hidden.
Grievance Redressal
Your organisation’s data rights contact (email / web form) is published in the privacy notice displayed on the Onfra Pad. This contact is the first point of call for any visitor who has a data-related concern.
Module 6: Audit Trail and Compliance Reporting
One of the most important things your organisation needs in a DPDP compliance posture is evidence β documentary proof that you collected consent, that you honoured a deletion request, that access to records was appropriately controlled.
Onfra’s audit trail captures:
- Every consent action (timestamp, consent version, visitor ID)
- Every record access (who, when, which record, what action)
- Every export of visitor data (who, when, what data range)
- Every manual deletion (who, when, which record)
- Every automated deletion (system, when, which record, which policy triggered it)
- Every edit to a visitor record (who, when, what was changed)
These logs are tamper-evident β they cannot be edited through the standard admin interface. They are retained for the mandatory 1-year minimum and can be exported for compliance audits, DPBI investigations, or internal review.
Module 7: DPDP-Aligned Data Processing Agreement
As your Data Processor, Onfra maintains a DPDP-compliant Data Processing Agreement (DPA) for all enterprise customers. The Onfra DPA includes:
- Processing scope: Onfra processes visitor data only on your instructions, for the purposes you define in your configuration
- Security safeguards: Onfra’s infrastructure meets Rule 6 requirements β AES-256 encryption at rest, TLS 1.3 in transit, role-based admin access, regular security audits
- Breach notification: Onfra commits to notify your designated data contact within 24 hours of becoming aware of any breach affecting your data β giving you sufficient time to meet your 72-hour DPBI reporting obligation
- Deletion on instruction: Onfra will process deletion instructions from your admin within the agreed SLA, including cascade deletion from backup systems within a defined window
- Data Principal rights support: Onfra will support your ability to respond to access, correction, and erasure requests from visitors within your 90-day response SLA
- No secondary use: Onfra does not use your visitor data for product analytics, benchmarking, marketing, or any purpose not authorised by you
- Audit rights: You have the right to request compliance documentation and audit certifications from Onfra
The Onfra DPA is available to all enterprise customers. Your legal team can review and request negotiation of specific terms as needed.
The Onfra DPDP Compliance Feature Summary
| DPDP Obligation | Onfra Feature | Status |
| Standalone privacy notice at check-in | Configurable privacy notice screen on Onfra Pad | Available |
| Multi-language privacy notice | Multi-language notice support | Available |
| Explicit consent per data type | Layered consent architecture (separate steps per data type) | Available |
| Consent audit trail | Consent log with timestamp and notice version | Available |
| Data minimisation (configurable fields) | Configurable form builder; optional/required field management | Available |
| Automated data retention | Configurable retention periods per data type | Available |
| Automated deletion engine | Scheduled deletion with confirmation logging | Available |
| Legal hold override | Legal hold flag for specific records | Available |
| Role-based access control | Granular role permissions across reception, security, management, admin | Available |
| Access audit logging | Full audit trail β all record access events | Available |
| Data Principal rights support | Search, export, edit, manual deletion via admin dashboard | Available |
| Processing audit trail | Tamper-evident audit log; 1-year minimum retention | Available |
| DPDP-compliant DPA | Enterprise DPA with all DPDP-required clauses | Available |
| 24-hour breach notification SLA | Committed in Onfra enterprise DPA | Available |
| Encryption at rest | AES-256 for all stored visitor data | Available |
| Encryption in transit | TLS 1.3 for all data transmission | Available |
Getting Started: Your DPDP Compliance Journey With Onfra
If you are an existing Onfra customer:
- Review your current check-in flow configuration against the privacy notice and consent requirements
- Configure retention periods for each data type in your admin dashboard
- Request the Onfra enterprise DPA and have it reviewed and signed by your legal team
- Train your reception and security staff on visitor data rights
- Test the audit trail by simulating a visitor access request
If you are evaluating Onfra as your visitor management platform:
- Request a live demo of Onfra Pad’s DPDP-compliant check-in flow
- Ask for the Onfra DPA and security whitepaper during your evaluation
- Discuss your specific DPDP compliance requirements with our enterprise team β every organisation has unique data practices and we can help you configure Onfra accordingly
The May 2027 deadline is real, the regulator is operational, and your visitor management system is one of your highest-priority compliance areas. Onfra is designed to make that compliance achievable β without slowing down the check-in experience or creating friction for your visitors.
This article describes Onfra’s platform capabilities as of February 2026. Specific features and DPA terms may evolve as the DPDP framework develops. For current feature availability and DPA terms, contact the Onfra enterprise team.
Ready to see DPDP-compliant visitor management in action? Request a free 14-day trial or book a demo β