aahlan.
Get a tag
Security & privacy

Built like a privacy product.
Audited like a serious one.

Aahlan ships with the protections people often only get from compliance work — masked contact, rate-limited public surfaces, audited privileged writes, scoped roles, and consent-first location.

Talk to securityPrivacy policy
Foundations

Five pillars, on by default.

Each one is a default — not a setting buried three menus deep.

Number masking

Strangers never see a phone number. Replies arrive through Aahlan, tied to a per-scan token that expires when the moment ends.

Encrypted sessions

JWT signed with a per-deployment secret · HTTP-only cookies · short rotation. Mobile uses Bearer tokens with the same lifetime guarantees.

Role-based access

Owner, staff, and super-admin scopes. Staff invites are scoped per-tag. Admin endpoints require an explicit role check on every request.

Rate limits + abuse

Per-IP and per-destination caps on every public path. Repeated abuse triggers a quiet block — no captchas to fail, no leaks of state.

Audit log

Every privileged write — admin disable, tag pause, abuse resolve — writes a row to AuditLog with actor, action, entity, and timestamp.

Time-bounded calls

Door video sessions expire after five minutes if no one answers. A finished call clears the signal queue immediately.
HTTP hardening

Tight headers. Locked permissions.

Every response is served with the headers a privacy product is expected to ship — not as an upgrade item.

  • X-Frame-OptionsSAMEORIGIN
  • X-Content-Type-Optionsnosniff
  • Referrer-Policystrict-origin-when-cross-origin
  • Permissions-Policycamera=(self), microphone=(self), geolocation=(self), payment=()
Data lifecycle

What we store. What we don't.

Concrete answers to the question every privacy-aware visitor asks first.

  • We keep
    Account email · phone (for OTP) · tags · scan timestamps · contact requests routed through us.
  • We never store
    Plaintext passwords. Visitor identity. Visitor location unless they consent and act on it.
  • We minimise
    Logs prune to 30 days. Notifications older than 90 days collapse to summaries. Audit logs persist for compliance.
  • You control
    Pause, archive, transfer, or fully delete a tag at any time. Account deletion wipes related rows.
Posture

Where we are, and where we're going.

We're transparent about what's shipped, what's in progress, and what isn't done yet.

GDPR-alignedDPDP-aligned (India)TLS 1.2+ enforcedOWASP Top-10 reviewSOC 2 — planned 2027ISO 27001 — planned 2027

Questions before you order?

Send a security questionnaire, request a deeper architecture review, or just ask. We answer fast.

Contact securityRead the privacy policy