Security & Trust
Your safety is our foundation
Every layer of ParcelPal — from identity verification to data encryption — is designed to protect you. Here's how we keep the platform safe, compliant, and trustworthy.
Data Protection
How we protect your data
Security isn't an afterthought — it's built into every layer of our infrastructure.
Encryption Everywhere
All data is transmitted over HTTPS/TLS. Sensitive fields like Aadhaar and PAN are encrypted at rest. We never store raw passwords — authentication is handled by Supabase with industry-standard hashing.
Row-Level Security
Our database enforces row-level security (RLS) policies. Users can only access their own data — a buyer cannot see another buyer's orders, and a traveler cannot access another traveler's trips.
Minimal Data Collection
We collect only what's necessary to operate the platform. Identity documents are processed by our KYC partner Didit and are not stored on our servers. Payment details are handled by payment partners.
No Password Storage
ParcelPal uses Supabase Auth for authentication. Passwords are never stored in our database — they're hashed and managed by Supabase's secure authentication infrastructure.
Identity Verification
KYC verification process
Start Verification
Navigate to Settings → KYC Verification and initiate the process. You'll be redirected to our partner Didit's secure verification portal.
Submit Documents
Upload a government-issued photo ID (Aadhaar, PAN, Passport, or Driving License). Didit verifies the document's authenticity in real time.
Liveness Check
Complete a quick selfie or liveness check to confirm you are the person on the document. This prevents identity theft and impersonation.
Verified Badge
Once approved, your profile is marked as KYC-verified. Travelers must complete KYC before they can accept any buyer requests.
Why KYC matters
- Prevents fake accounts and impersonation
- Builds trust between buyers and travelers
- Required for PMLA compliance in India
- Enables accountability in dispute resolution
- Documents are processed by Didit — not stored on our servers
Anti-Fraud & Compliance
Built for regulators from day one
ParcelPal is not a grey-market workaround. We're building a compliant platform that regulators can trust.
Price Validation
Every product request is validated against live market pricing via the Rainforest API. If a buyer's listed price deviates significantly from the actual retail price, the system flags it — preventing inflated pricing that could mask hawala-style transfers.
Anti-Hawala Detection
Our platform is designed to comply with India's Prevention of Money Laundering Act (PMLA). Transactions that resemble informal value transfers are flagged and reviewed. We actively discourage any use of the platform for purposes other than legitimate product delivery.
Prohibited Items Screening
Requests for items that violate Indian customs regulations, FSSAI rules, or DGCA restrictions are not permitted. Product categories are screened, and users who repeatedly attempt to list prohibited goods may be suspended.
IT Act Compliance
ParcelPal operates as an intermediary under Section 79 of the Information Technology Act, 2000. We maintain reasonable due diligence, provide grievance redressal mechanisms, and cooperate with law enforcement when required under Indian law.
Dispute Resolution
Fair process, transparent outcomes
If something goes wrong, we have a structured process to investigate and resolve disputes fairly for both parties.
Step 1
Raise a Dispute
Either party can raise a dispute from their order dashboard within 7 days of the expected delivery date.
Step 2
Submit Evidence
Both buyer and traveler submit their side — screenshots, photos of the item, chat history, and any relevant proof.
Step 3
Team Review
Our team reviews all evidence within 3–5 business days. We may reach out for additional information if needed.
Step 4
Resolution
A fair resolution is communicated to both parties. This may include a refund of the connection fee, account warnings, or suspension for policy violations.
Data Handling
What we collect and why
Transparency about data handling is core to our trust promise. Here's exactly what we collect, why, and who has access.
Data
Purpose
Shared With
Name, email, phone
Account creation & communication
ParcelPal only
Aadhaar, PAN, Passport
KYC identity verification
Didit (KYC partner)
UPI / payment details
Fee collection & settlement
Payment partner
Flight PNR & travel dates
Trip verification
ParcelPal only
Product URLs & prices
Price validation
Rainforest API (anonymized)
Chat messages
Buyer-traveler coordination
Stream (chat provider)
Name, email, phone
Purpose: Account creation & communication
Shared with: ParcelPal only
Aadhaar, PAN, Passport
Purpose: KYC identity verification
Shared with: Didit (KYC partner)
UPI / payment details
Purpose: Fee collection & settlement
Shared with: Payment partner
Flight PNR & travel dates
Purpose: Trip verification
Shared with: ParcelPal only
Product URLs & prices
Purpose: Price validation
Shared with: Rainforest API (anonymized)
Chat messages
Purpose: Buyer-traveler coordination
Shared with: Stream (chat provider)
For the full details, read our Privacy Policy.