Maatrachhaya
Book a demo
Zero-knowledge by design

The only restaurant POS we couldn't read if we tried.

Maatrachhaya is end-to-end encrypted from the device in your shop to the storage in our data centre. Your customers' numbers, your sales, your recipes — sealed with a key only you hold. We chose to build it this way so we'd never have to ask you to take our word for it.

Book a security walkthroughHow it works

In plain English

Maatrachhaya is the first restaurant POS in India built end-to-end encrypted. Customer data is encrypted on the merchant's device using AES-256-GCM. Maatrachhaya holds no decryption keys and cannot read customer data — not for support, not for analytics, not under legal compulsion. By architecture, not by policy.

How it works

Four steps. No magic. No shortcuts.

  1. Step 01

    Keys are born on your device.

    When you set up Maatrachhaya, your billing machine generates a key pair using your device's secure keystore. The private key never leaves the device. We never see it.

  2. Step 02

    Data is encrypted before it leaves the shop.

    Every record — a bill, a customer phone number, a recipe — is encrypted on your device with AES-256-GCM. Only the encrypted blob is sent to our servers, alongside metadata strictly necessary for routing (which outlet, what timestamp).

  3. Step 03

    Our servers store ciphertext.

    Maatrachhaya's database stores only encrypted blobs. The application code on our side reads opaque bytes. Even our own engineers — peering at the database — see nothing readable.

  4. Step 04

    Decryption happens only on your devices.

    Reports, exports, and dashboards decrypt locally on devices that hold your key. Walk away from a device — log out — and nothing on it can be decrypted again until you sign back in.

AES-256-GCM · TLS 1.3 in transit · per-outlet keys · open-spec

Threat model

What can't happen.

We build software the way a locksmith builds a safe — by stating what attacks the design rules out. Here's what isn't possible with Maatrachhaya, by construction:

  • We can't read your data.

    Not a support engineer. Not the founder. Not a database admin. We don't hold the keys.

  • A breach of our database returns ciphertext.

    Even a complete compromise of our servers exposes encrypted bytes — useless without your keys.

  • Legal demands return ciphertext, not data.

    If served a court order, we can produce only the encrypted blobs. We have no decryption capability to surrender.

  • An acquirer doesn't inherit access.

    If Maatrachhaya is ever acquired or wound down, the new owner gets the same view we have — encrypted bytes. Your local data stays yours.

Our commitments

Beyond what the code enforces.

  • Data residency in India. All encrypted blobs stored in Indian data centres.

  • Annual third-party security review of our encryption design and implementation. Reports published openly.

  • Vulnerability disclosure: if you find a security issue, write to security@maatrachhaya.in. We respond within one business day.

  • Free CSV export of your data, any time, in one click. You don't ask permission.

  • If we shut down, a 90-day window for export and a clear, signed wind-down plan.

  • Plain-English security documentation. No legalese. We update it whenever the design changes.

Frequently asked

Questions owners ask before trusting us with the till.

What does end-to-end encrypted mean for a POS?

It means your data — customer names, phone numbers, sales, recipes, and reports — is encrypted on your device before it ever leaves it. Maatrachhaya's servers store ciphertext only. Decryption happens only on devices you control, using a key only you hold. Nobody at Maatrachhaya, no support engineer, no court order to us, can produce a readable copy of your data.

What is a zero-knowledge POS?

A zero-knowledge POS is software where the vendor has no technical means to read your data. The architecture, not the privacy policy, prevents access. Maatrachhaya is the first restaurant POS in India built this way: keys are generated and held on the merchant's device, and our servers handle only encrypted blobs.

Which encryption is used?

Customer and sales records are encrypted with AES-256-GCM using per-outlet keys. Keys are derived on your device and never transmitted in plaintext. Transit uses TLS 1.3. We publish the encryption scheme in plain language so any developer or auditor can verify how it works.

Where is my data stored, and who owns it?

Encrypted blobs are stored in Indian data centers. You own your data. You can export everything (sales, items, recipes, customers) as CSV at any time. We never sell, share, or train on your data — and architecturally, we couldn't even if we wanted to.

What happens if Maatrachhaya is acquired or goes out of business?

Your data stays useful to you and useless to anyone else. Because we don't hold decryption keys, an acquirer cannot inherit access to readable data. Your local export remains yours. We commit in writing to a 90-day data export window if the service is ever wound down.

How does support work if you can't see my data?

Two ways. For most issues, you share an anonymized log file with us — no customer names, no phone numbers, no order content. For deeper debugging, you can grant time-boxed access from your device that decrypts only the slice you choose, only for as long as you choose. The default is no access.

Still have questions? Talk to us.

See it run a real service.

Book a 20-minute demo. We'll walk through your menu, your workflow, and answer the questions other vendors dodged.

Book a demo View pricing