Building for Bharat, Not for the Boardroom
Many technology platforms launched in India are designed in air-conditioned offices in Bengaluru or Mumbai, with assumptions about internet connectivity, device capability, and user sophistication that simply do not reflect the reality of most Indian merchants and customers.
The result is products that work beautifully in demos and fail in the field. Connectivity drops at the wrong moment. The UI is too complex for a shopkeeper serving a queue of five customers. The app crashes on a two-year-old Android.
RynoWallet was designed with the opposite philosophy: start with the hardest environment and build up from there. This means offline-first architecture, audit-backed security, and an interface simple enough for any shopkeeper to use in 10 seconds.
Security: Every Coin Movement Is Audited
In any financial system that creates and transfers value, auditability is not optional—it is fundamental. RynoWallet treats every coin issuance, every redemption, and every balance check as a financial transaction that must be fully traceable.
Every transaction is recorded with:
- Timestamp (exact date and time)
- Merchant ID and shop name
- Customer wallet ID
- Coins issued or redeemed
- Bill amount associated with the transaction
- Transaction reference (from the merchant's POS if API-integrated)
- IP address and session details for fraud detection
This audit trail is immutable—it cannot be edited or deleted by merchants, customers, or staff. In the event of a dispute (a customer claiming they did not receive coins, or a merchant claiming they were unfairly debited), the audit trail provides the definitive record.
The audit system also enables fraud detection. Unusual patterns—large redemptions at unusual times, multiple redemptions in rapid succession, suspicious issuance patterns—are flagged for review. This protects the integrity of the network and the trust of every participant.
Authentication: JWT-Based Security
Merchant portal access and API access both use JWT (JSON Web Token) authentication. JWT tokens are short-lived, cryptographically signed, and stored securely. They cannot be reused after expiry or outside the authorized session context.
API keys—used for billing software integration—are generated from the merchant dashboard and can be rotated at any time. If a key is compromised, the merchant can invalidate it immediately and generate a new one without any disruption to service.
Customer wallets are protected by phone-number-based authentication with OTP verification. No customer can access another's wallet or coins.
Offline-First Design: What It Means in Practice
Offline-first does not mean the system works with no internet. It means the system is designed to handle intermittent connectivity gracefully, without data loss or errors that disrupt the customer experience.
Here is how this manifests in RynoWallet's architecture:
- Lightweight pages: The merchant portal loads on 2G connections and caches key screens for fast re-access
- Customer QR codes: Once loaded, the QR can be screenshotted and used without any internet at the time of redemption
- Graceful degradation: If connectivity is lost mid-transaction, the system waits and retries rather than throwing an error that loses the transaction
- Low data consumption: Every page is optimized for minimal data transfer, essential for merchants on mobile data plans
Designed for Any Device
India has one of the world's most diverse smartphone ecosystems. High-end iPhones and low-end 4,000 INR Android devices exist side by side in the same market. RynoWallet's merchant portal is tested and optimized across this entire spectrum.
The UI uses minimal JavaScript, avoids heavy frameworks, and renders correctly on older Android WebView versions. This is not glamorous engineering—but it is essential engineering for building a platform that actually works for every merchant in India, not just those with flagship devices.
Fair Rules as a Security Feature
The MIR rule and 90-day expiry are not just economic mechanisms—they are also integrity features. By limiting redemptions relative to issuance, the MIR prevents bad actors from gaming the system (joining the network purely to accept redemptions without contributing). The expiry limits the window during which a compromised account could cause maximum harm.
These rule-based constraints are a form of systemic security—protecting the network against exploitation without relying solely on technical authentication measures.
Data Privacy: What RynoWallet Stores and Why
RynoWallet stores the minimum customer data necessary to operate the loyalty program: phone number, name, wallet ID, and transaction history. No payment data (credit card numbers, bank account details) is ever stored. RynoWallet does not process payments—it only tracks coin balances.
Customer data is not shared with third parties and is not used for advertising targeting. The data exists solely to operate the loyalty program for the benefit of the merchants and customers who participate in it.