New: Hypersign is now eIDAS 2.0 ready verifiable credentials and EUDI Wallet compliance built in. See case studies →
← Back to Resources
ComplianceIndia

The PII Liability Hiding in Every Indian Event Company's Database and How to Stop Storing It

A ticketing platform running large venues doesn't just process payments it accumulates ID scans, face photos, and gig-worker documents by the thousand, every event. Under India's DPDP Act, every one of those records is a liability sitting in your database. Here's how to verify people without owning the data.

Hypersign Team·July 8, 2026·7 min read

Run enough large-format events in India ticketed concerts, stadium shows, multi-day festivals and a pattern emerges that has nothing to do with entertainment. Every event means an entry gate that has to verify age or identity, a security team that wants a face check at the door, and a temporary workforce ushers, riggers, vendors, security, crowd control hired fresh for the weekend. Each of those touchpoints asks for ID. Most platforms respond by collecting it: scanning the document, storing the photo, keeping the gig worker's paperwork on file for the next event. That instinct made sense before India's Digital Personal Data Protection Act 2023 gave every one of those stored records a set of rights attached to it purpose limitation, erasure, breach notification and a Data Protection Board that can act on them. What used to be a operational convenience is now a standing liability sitting in the company's own database, growing with every event.

Two PII Problems Stacking on Top of Each Other

Large-scale event and ticketing operations carry a heavier data burden than most consumer platforms because they're collecting on two fronts at once:

  • Attendee verification. Age checks for alcohol-serving venues, ID verification for high-value or restricted-entry tickets, and increasingly a face check at the gate to cut ticket fraud and resale abuse each one an opportunity to collect more than the moment actually requires.
  • Gig workforce onboarding. A mid-size event can run through hundreds of temporary staff, most of whom will work for other event companies the following week. Right now, each company independently collects and stores the same ID documents and background-check paperwork for the same people, repeatedly the exact pattern of duplicated, siloed identity collection that drives up breach exposure without making anyone safer.

Neither of these is solved by storing more data more carefully. It's solved by not storing most of it in the first place a shift that DPDP compliance for any regulated business increasingly depends on structurally, not just procedurally.

🪪
ID Document
Aadhaar, passport, or driver's licence scan collected at entry or onboarding
Sitting in your database
🙂
Facial Biometric
Selfie or photo captured for a gate check or security screening
Sitting in your database
✉️
Email & Phone Number
Collected at ticket purchase or gig-worker onboarding
Sitting in your database

Every card above becomes a DPDP-regulated record the moment it lands in your systems a retention schedule, an erasure obligation, and a breach-notification liability, all before the event even starts.

Verify a Claim, Not the Document Behind It

Selective disclosure using zero-knowledge proofs changes what actually gets requested at the gate or during onboarding. Instead of scanning a full ID to confirm someone is over 18, the system proves the specific threshold true age is at least 18 without the date of birth, the document number, or the document image ever crossing into your systems. For an age-gated event or bar entry point, that's the difference between your platform receiving a pass/fail verdict via webhook and your platform receiving (and now being responsible for) a stored photo ID with a full birthdate on it. Unless a specific field is explicitly requested and consented to, the underlying document doesn't travel with the result the same mechanism a background check for a gig worker can use to return "cleared" rather than the full report.

Selective Disclosure Gate Check · ProofOfAge
Attribute requestedage ≥ 18
ID document received by you✕ Never
Date of birth received by you✕ Never
Face image received by you✕ Never
What lands in your database✓ Pass / Fail

Face Verification Without Building a Facial Recognition Database

It's worth being precise here, because the honest version of this story is better than the vague one. Hypersign's biometric verification does 1:1 face matching a live selfie checked against the photo on the presented document at the moment of verification not 1:many facial recognition against a stored population of faces. That's a deliberate design choice specifically to avoid the liability profile of a "mass biometric database," and it means an event company doesn't need to build, secure, or justify retaining a growing archive of every attendee's or gig worker's face. The verification happens at the moment it's needed: onboarding a new gig worker, confirming a ticket holder's identity at a restricted gate. Whatever biometric data does need to persist for a legitimate reason (re-verifying a multi-day event credential, for instance) sits inside an encrypted identity vault with a separate, per-customer encryption key generated in a hardware security module not a database the event company's own engineering team has to build and secure, and not one where the platform operator itself can read the underlying record.

What most platforms build
1:Many Face Recognition
  • Every face ever scanned stored in a growing database
  • New entry checked against the entire population
  • Database itself becomes a high-value breach target
What Hypersign runs
1:1 Face Verification
  • Live selfie checked against one presented document
  • No population database to build, breach, or justify
  • Persisted data (if any) isolated in an encrypted, per-customer vault

Gig Workers Shouldn't Re-Submit Documents at Every Company That Hires Them

A security guard, rigger, or vendor who works a dozen events across a year at a dozen different companies currently proves the same background check, the same right-to-work status, a dozen separate times, with a dozen separate copies of their documents sitting in a dozen separate databases. A reusable, W3C Verifiable Credential lets that verification travel: once cleared, the worker holds a credential the next event company can accept directly. Two things worth being exact about. First, this is the same "verify once, reuse everywhere" shift already reshaping how marketplaces and gig platforms verify sellers and gig workers under their own brand results land in your system, not an external portal. Second, a reusable credential by default can carry full verification detail, so pairing it with selective disclosure matters: what the second event company actually needs to receive is "background check: cleared, right-to-work: verified," not a copy of the underlying documents all over again. Reusability without minimization just moves the liability around instead of shrinking it.

What Actually Changes Under DPDP

None of this removes an event company's data-fiduciary obligations for whatever it does still collect payment details, ticket ownership records, contact information. What it changes is the size of the surface those obligations apply to. A gate check that returns a threshold proof instead of a document image never creates a record that needs a retention schedule or an erasure workflow, because the raw data was never received. A biometric check that runs 1:1 at the moment of verification, with anything that must persist held in an isolated, encrypted vault, doesn't require the company to build and defend its own facial-recognition-grade database. And a hosted vault deployment stores verification results as part of the verification session itself effectively removing the step where a company has to stand up, encrypt, and secure a PII datastore of its own just to run identity checks at scale.

The event industry's instinct has been to collect first and figure out compliance later mostly because storage used to be the cheap, invisible part of the stack. Under DPDP, it's the opposite: every record retained without a specific, current purpose is exposure with no offsetting benefit. The companies that adjust first won't be the ones with the most sophisticated data-protection policy documents. They'll be the ones with the least data sitting around to protect in the first place.

About Hypersign

Hypersign lets event and ticketing platforms verify age, identity, and gig-worker eligibility as a pass/fail claim instead of a stored document zero-knowledge selective disclosure, 1:1 biometric verification, and an encrypted vault with per-customer keys, so the liability of holding thousands of IDs and faces never has to sit in your own database at all.

Ready to add identity verification to your platform?

See how Hypersign's on-chain KYC and reusable credential infrastructure works book a 30-minute demo.

Book a Demo →