Skip to main content

Data Handling

TxnCheck processes sensitive personal information (PII) including mobile numbers, PAN, Aadhaar, and UPI addresses. This guide covers best practices for handling this data securely and compliantly.

Data Classification

Data Minimization

Only request and store data you actually need:

Selective Data Storage

Data Masking

Mobile Number Masking

PAN Masking

VPA Masking

Hashing for Storage

Use cryptographic hashing when you need to look up data but don’t need the original value:

Encryption at Rest

For data that must be stored in recoverable form:

Secure Logging

What to Log

What NOT to Log

Log Sanitization Middleware

Data Retention

Retention Policies

Implementing Retention

Data Access Controls

Role-Based Access

Audit Trail

Database Security

Encryption in Database

Field-Level Encryption with ORM

Data Export & Portability

For GDPR/data portability requests:

Checklist

  • Only collect necessary data
  • Document purpose for each data field
  • Obtain proper consent
  • Encryption at rest enabled
  • Sensitive fields hashed or encrypted
  • Access controls implemented
  • Retention policies defined
  • Logging sanitization in place
  • Masking for display
  • Audit trail for sensitive access
  • Automated retention enforcement
  • Right to deletion process
  • Backup purging included

Compliance

Regulatory compliance guidance

Security Overview

Complete security guide