DPDP Rules 2025 compliance deadline is approaching. Is your visual data ready?
Check NowTrusted by India's largest enterprise risk teams
Every industry depends on visual verification — insurance claims, field operations, legal documentation. But standard cameras and messaging apps strip provenance instantly.
You are making business-critical decisions based on anonymous, vulnerable pixels. Software detection models are failing against modern generative AI.
WhatsApp, Telegram, email — they all strip GPS, timestamps, and device info. Forwarded photos become unverifiable.
Anyone can generate convincing photos with AI tools. Detection models are always one step behind the generative capabilities.
The same photo submitted across multiple claims, projects, or deliveries. No way to detect cross-submission reuse.
Photos have zero proof of when, where, or how they were taken. Completely inadmissible as robust legal evidence.
The phone's security chip — the same hardware that protects your bank PIN — signs every Veritas capture at the moment of shutter. No software can fake it. No editor can remove it.
Phone Camera
Photo Bytes + SHA-256 Hash
StrongBox / TEE Hardware Chip
Signs: hash + GPS + time · Private key: NEVER exported
Cryptographic Signature
Veritas Server
Verifies signature against Google Hardware Attestation Root CA
Signed inside StrongBox or TEE — the same hardware that secures banking apps and biometrics.
Every byte stays in Mumbai. Zero data crosses the border. DPDP Rules 2025 compliant by architecture, not by policy.
C2PA 2.1 standard. IT Act 2000 Section 65B compatible. Merkle-proofed for court submissions.
Photo UI mockup
CAPTURE
Your team — field agent, delivery partner, inspector, or surveyor — opens the Veritas SDK and captures the photo. Hardware-secured metadata is embedded at the moment of shutter.
Hardware key sealed
SIGN
Phone hardware chip signs the photo with GPS coordinates, timestamp, and device identity — in 3 seconds. The private key never leaves the secure enclave.
Score: 94/100 ✓ GOLD
VERIFY
Your system receives a Trust Score (0-100) via API, with full Merkle proof and PDF export — ready for claims, deliveries, audits, or courtroom submission.
No slides. No deck. Just the product in action.
Book a Demo CallAnnual insurance fraud in India (IRDAI estimate)
YoY increase in bank fraud — FY25 (RBI data)
Hardware signing time per photo
Data centres outside India
Sources: IRDAI Annual Report, RBI Financial Stability Report FY25. Veritas performance measured on Samsung Galaxy S21+ (StrongBox).
Stop guessing if a photo is real. Our mathematical trust threshold eliminates human bias instantaneously.
Web uploads, WhatsApp photos, AI-generated images. Reject or investigate.
Software-signed captures. Basic verification. Flag for human review.
TEE hardware-signed capture. GPS + IMU motion verified. Suitable for field claims.
StrongBox hardware. Highest security chip. Full chain of custody. Auto-approve eligible.
94/100 — the score a Samsung Galaxy S21+ capture gets.
21/100 — the score a WhatsApp-forwarded photo gets.
The gap is not a setting. It is physics.
INSURANCE & CLAIMS · VERIFIED
Veritas was designed around DPDP Rules 2025 from day one. Not adapted, not patched — architecture-level compliance.
Every Veritas capture is tagged data_residency: IN at the moment of hardware signing. All processing happens in Mumbai. Full audit log exportable for Rule 7 breach reporting. Right to erasure supported under Rule 13.
Same standard used by Adobe, Microsoft, and Truepic globally. Cryptographically verified content authenticity manifests embedded in every photo.
PDF/A exports include the complete Merkle proof chain, compatible with Section 65B of the Information Technology Act, 2000 for electronic evidence admissibility in Indian courts. Hardware-signed captures have been recognised as tamper-evident records.
AES-256 at rest. TLS 1.3 in transit. Google Hardware Attestation Root CA validates every capture. Play Integrity API verified. Logs retained for minimum 1 year per Rule 6(1)(e) of DPDP Rules 2025.
The global leader in photo verification cannot offer data residency in India. For Indian enterprises under Rule 14 of the DPDP Rules 2025, this is not a preference — it is a strict legal requirement.
Not a claim. Verify Rule 14 →No. AI tools cannot generate a valid StrongBox or TEE hardware signature. We validate the attestation certificate chain against Google's Hardware Attestation Root CA — only genuine, unmodified hardware chips produce valid signatures. AI-generated images also leave detectable forensic artifacts (frequency domain anomalies, JPEG quantisation table fingerprints) that our server-side checks flag automatically.
WhatsApp strips ALL metadata — GPS coordinates, timestamps, device info, and C2PA signatures — before delivery. A WhatsApp photo scores 21/100 maximum, well below the verified threshold of 50. This is by design: photos without chain of custody are legally worthless under IT Act Section 65B. Veritas SDK replaces WhatsApp for field capture entirely, giving your team a purpose-built tool that preserves every piece of evidence metadata from the moment of capture.
Our PDF/A exports include the complete Merkle proof chain, compatible with Section 65B of the Information Technology Act, 2000 for electronic evidence admissibility. Hardware-signed captures have an unbroken chain of custody from device to server. We recommend retaining a digital evidence advocate for actual court submissions, as admissibility depends on the specific proceeding and jurisdiction.
Google Play Integrity API detects rooted devices, unlocked bootloaders, and emulators before any capture begins. The capture is rejected outright. Additionally, we perform runtime checks for instrumentation frameworks (Frida, Xposed) and virtual camera injection (DroidCam, OBS). A compromised device cannot produce a valid capture.
Browsers have no hardware security chip, no IMU motion sensor, and GPS can be spoofed in 10 seconds via Chrome DevTools. Without hardware attestation, motion seal validation, and trusted GPS, a score above 50 would be a false claim of security. Web uploads are useful for analysis (EXIF parsing, AI detection, duplicate checks) but cannot reach verified status. This ceiling is intentional and permanent.
All data is processed and stored exclusively in Mumbai, India. Zero data crosses Indian borders — no CDN edges in foreign jurisdictions, no sub-processors outside India. This satisfies Rule 14 of the DPDP Rules 2025. We provide a signed Data Residency Certificate for enterprise clients to present to auditors and the Data Protection Board.
No. The anti-replay nonce system requires a server round-trip before every capture to prevent replay attacks. This is a security architecture decision, not a limitation. Without server-issued nonces, an attacker could re-submit old signed photos indefinitely. Internet connectivity is required at the moment of capture.
Veritas proves WHO took the photo (device identity), WHERE (GPS coordinates), WHEN (exact timestamp), and that the photo has not been modified since capture. It does NOT verify what is IN the photo — a fraudster can take a genuine Veritas-signed photo of a pre-existing accident. You still need a human to verify the claim amount makes sense. We eliminate the photo fraud problem, not the judgment problem.
Android SDK integration takes 2-4 hours. The SDK is a single AAR file with 3 API calls: init(), captureAndVerify(), and release(). Enterprise custom integration (white-label, geo-fence rules, custom IRDAI reports) takes 1-2 weeks with a dedicated support engineer.
Veritas uses a tiered attestation model. GOLD tier requires StrongBox (dedicated secure chip, Samsung S21+ and above). SILVER tier uses TEE (ARM TrustZone, available on most phones since 2018). BRONZE tier uses software-only signing for the oldest devices. The Trust Score clearly reflects which tier was used — enterprise clients can set their own threshold for acceptance.
See a hardware-signed capture live on a real phone. We’ll walk you through the Trust Score, cryptographic manifest, and DPDP-compliant data residency.