Secure Authentication & User Identity
Comprehensive Guide to Signup, Login, and OTP Systems
Security is the foundation of Zwet Food. In rural environments where digital literacy is growing, we've designed a system that is both incredibly secure and remarkably easy to use. Our authentication flow ensures that your account is always protected by multi-layered verification.
1. The Signup Process: A Fresh Start
Signing up for Zwet Food is designed to be frictionless. We require only the essential information to get your food delivered safely:
- Full Name: To personalize your experience and for the rider to identify you.
- Phone Number: Your primary identity on the platform. We use 10-digit Indian phone numbers.
- Email Address: Used for sending OTPs, order receipts, and security alerts.
- 4-Digit PIN: Your personal key to access the app without needing an OTP every time you reopen it.
OTP Verification Logic
During signup, we don't just take your word for it. Our system sends a 4-digit Time-based One-Time Password (OTP) to your email. This ensures that we have a verified way to reach you for security updates and order tracking.
Security Tip: Never share your OTP with anyone, even Zwet Food employees.
2. Secure Login: Returning Users
Returning to Zwet is even faster. Once your account is verified, you can log in using your Phone Number and the 4-digit PIN you created. This "Quick Login" feature is optimized for users on the move.
2.1 Multi-Device Security
Our backend tracks session tokens securely. If you log in on a new device, our system ensures that your previous session is handled safely, preventing unauthorized access to your wallet and address book.
3. Forgot Password? Secure Recovery
We understand that people forget PINs. Our "Forgot Password" flow is robust and secure:
- Identity Request: Enter your registered phone number.
- Cloud Verification: Our system checks if the user exists and is active.
- Email Challenge: A recovery OTP is sent to your registered email.
- Reset Access: Upon successful verification, you are allowed to create a new 4-digit PIN.
4. Account Deletion & Reactivation
We respect your right to privacy. If you choose to delete your account, we don't just wipe your data immediately. We use a Soft-Delete mechanism:
- Your status is marked as 'deleted'.
- Your sensitive tokens and push notification keys are cleared.
- If you decide to return within a certain period, you can Reactivate your account and keep your history.
- Alternatively, you can choose a Fresh Start, which wipes all old orders and reviews, giving you a clean slate.
5. Technical Safety Measures
Under the hood, our authentication is powered by Vercel Serverless Functions and a secure proxy. We use HMAC SHA-256 signatures to ensure that the data being sent between your phone and our database hasn't been tampered with. Your PINs are never stored in plain text; they are protected by multi-layered encryption at the database level.