The paper visitor logbook in the corporate lobby contains the name 'Donald Duck', entered by a visitor who knew the receptionist wasn't checking. It contains no information about which employee hosted the visitor, where in the building they went, or when they left. The same logbook is visible to every subsequent visitor, exposing the names of everyone who visited before them. It will be stored in a drawer for six months, then disposed of — with no evidence of destruction, no data subject rights exercised, no retention policy complied with. It is a compliance liability and a security void masquerading as an access procedure.
Digital visitor management systems replace this entirely. The visitor is pre-registered by their host before arrival. A QR-coded time-limited credential arrives in their email. At the lobby kiosk, they scan the QR, the kiosk captures their photo and optional government ID, the host receives an instant notification, and a printed badge is ready in under 30 seconds. The turnstile gates open only for the approved zones during the approved time window. When they leave, the credential expires — and in 90 days, when the DPDP retention period ends, the record is automatically purged.
Visitor Management Platform Comparison
| Platform | Pre-Registration | QR Credential | NDA/Forms | ACS Integration | DPDP/ISO 27001 Ready |
|---|---|---|---|---|---|
| Envoy Visitors | Email invitation | Time-limited HMAC QR | Digital NDA, photo | Lenel, Genetec, Brivo | Yes (SOC 2 Type II) |
| Proxyclick | Email + SMS | Time-limited QR | Forms, ID scan | Honeywell, C•CURE 9000, Bosch | Yes (GDPR, ISO 27001) |
| iLobby | Email invitation | Time-limited QR | NDA, ID scan, photo | Lenel, Genetec native API | Yes (SOC 2 Type II) |
| SwipedOn | Email pre-reg | QR badge | Forms, sign-in questions | Limited (API) | Yes (GDPR) |
| ALICE Receptionist | AI receptionist + pre-reg | QR via AI kiosk | NDA, forms, ID | API, Lenel connector | Yes |
Technical Design: Visitor Management Architecture
- Pre-registration workflow: Host invites visitor via VMS portal or calendar integration → visitor receives email with pre-registration link → visitor submits name, company, purpose → QR credential generated with HMAC-SHA256 signature and time/zone validity embedded → host notified of confirmed pre-registration
- Aadhaar QR verification (India): Kiosk scans visitor's Aadhaar card QR code → offline UIDAI decryption confirms name, photo, and ID — no Aadhaar number transmitted to central server; DigiLocker API alternative for digital document verification
- ACS integration (Lenel/Genetec): VMS provisions temporary cardholder in ACS at pre-registration; credential activated at kiosk check-in; time/zone policy applied; ACS cardholder and credential deleted automatically at expiry or manual check-out
- Watchlist screening: Visitor name matched against internal ban list, OFAC consolidated sanctions list, and custom corporate watchlists at pre-registration — host and security notified of match before visitor arrives
- ISO 27001 Annex A.11 evidence: VMS provides searchable digital visitor log with: visitor identity (verified), host name, entry time, exit time, zones accessed — satisfying physical access control documentation requirements for ISO 27001 audit
- DPDP Act 2023 compliance: Consent notice displayed at kiosk; purpose limitation (access control only); data retention automation (90–180 day purge schedule); visitor data deletion on request; India-region cloud storage for data localisation
- Multi-building campus: Single VMS credential valid across multiple buildings on campus, with zone restrictions per building; single check-in at reception grants time-limited access to all approved buildings for that visit duration
AI-Powered Visitor Experience: Predictive Pre-Registration and Face-First Lobby
Future visitor management will combine predictive pre-registration with face recognition lobby entry — eliminating the kiosk step entirely for returning visitors. The system recognises the returning visitor at the lobby entrance by face, matches them against the visitor database, confirms their pre-registered appointment for that day, and activates their access credential — all within the time it takes them to walk from the building entrance to the turnstile. For first-time visitors, a conversational AI kiosk (voice + screen) guides the registration process in under 30 seconds. The lobby receptionist role evolves from data entry and credential issuance to relationship management and exception handling — the routine transactional elements fully automated.