GyanByte
Live2024

VizitSure — Visitor Management SaaS

A multi-tenant visitor management SaaS for small companies — security guards capture visitor details and generate gate passes, visitors self-book via QR-code URLs with live camera capture, safety guideline videos, and configurable questionnaires. Supports email, SMS, and WhatsApp notifications.

Node.jsTypeScriptReactAndroidPostgreSQLRedisTwilioWhatsApp Business APIAWSDocker

Category

SaaS Products

Year

2024

Status

Live

The Problem

Small and mid-size companies in India still manage visitors with a paper register at the security gate. A guard writes down the visitor’s name, who they are meeting, and the time — in a notebook that no one ever looks at again. There is no photo ID capture, no digital record, no way to pre-approve visitors, and no notification to the host that their visitor has arrived.

This creates real problems. Security has no way to verify if a visitor was actually invited. Hosts don’t know their visitor is waiting at the gate until the guard calls them (if they even have the host’s number). There is no audit trail of who entered the premises and when. For companies in manufacturing, pharma, or food processing, there are additional compliance requirements — visitors must acknowledge safety guidelines before entering the facility, and the company needs proof they did.

Existing visitor management systems are enterprise-priced, complex, and built for large corporates with IT teams. Small companies with 1–3 security gates and 20–50 visitors a day need something simple, affordable, and ready to use in minutes.

VizitSure was built for exactly this market — a SaaS product where a company signs up, configures their gates and guidelines, and starts managing visitors the same day.

What I Built

A complete multi-tenant visitor management platform with a web dashboard, an Android app for security guards, and a self-booking flow for visitors.

Multi-Tenant SaaS Platform:

  • Companies sign up and get their own isolated tenant — branding, configuration, and data are completely separated
  • Subscription management — free trial, monthly and annual plans with different visitor limits and feature tiers
  • Payment integration for subscription renewals and upgrades
  • Admin users per company — one super-admin (account owner) plus additional admin accounts for HR, facility managers, and reception staff
  • Company profile with logo, address, multiple gate/location support, and custom branding on gate passes and visitor notifications

Security Guard Workflow (Android App + Web):

  • Guard logs into the Android app or web interface at their assigned gate
  • When a visitor arrives, the guard captures:
    • Visitor name, phone number, email (optional)
    • Photo — live camera capture from the device, no gallery upload allowed (ensures the photo is of the actual person present)
    • ID document — camera capture of Aadhaar, PAN, driving license, or company ID. Stored as an image attached to the visit record
    • Purpose of visit — dropdown (meeting, delivery, interview, maintenance, personal) plus free-text notes
    • Host — who the visitor is here to meet, selected from the company’s employee directory
    • Expected duration — the system flags overstays if the visitor doesn’t check out
  • On submission, a digital gate pass is generated instantly — a branded pass with visitor photo, name, host name, gate, date/time, and a unique pass number
  • Gate pass displayed on screen for the guard to show the visitor, and optionally printed on a thermal printer
  • Host notification — the host receives an instant alert (email, SMS, or WhatsApp) that their visitor has arrived, with the visitor’s name, photo, and purpose
  • Check-out — when the visitor leaves, the guard marks them as checked out. If a visitor overstays, the system alerts the guard and the host

Visitor Self-Booking (Pre-Registration):

  • Each company gets a unique booking URL, also available as a QR code that can be printed and displayed at reception, on the company website, or sent to expected visitors
  • Visitors open the link on their phone — no app installation required, runs in the mobile browser
  • Self-booking flow:
    1. Basic details — name, phone, email, who they are visiting, date and expected arrival time
    2. Live camera capture — visitor takes a selfie using the device camera. Only live capture allowed, no gallery upload. This photo is matched against the person who shows up at the gate
    3. Company guidelines videos — the visitor must watch safety/orientation videos configured by the company admin. Videos are mandatory — the “Next” button is disabled until the video completes. For manufacturing or lab facilities, this covers PPE requirements, restricted areas, emergency exits, and hazard warnings
    4. Safety questionnaire — a set of questions the visitor must answer before the booking is confirmed. Questions are fully configurable by the admin (e.g., “Do you have any electronic devices?”, “Have you visited a contaminated zone in the last 14 days?”, “Do you agree to wear provided safety gear at all times?”). Supports yes/no, multiple choice, and free-text question types
    5. Acknowledgment — visitor digitally agrees to the company’s terms and visitor policy
  • On completion, the visitor receives a confirmation with a booking reference and a short link they can show at the gate
  • When the visitor arrives, the guard pulls up the pre-registration by phone number or booking reference — photo, details, and guideline completion status are already there. Check-in takes seconds instead of minutes

Notification System:

  • Multi-channel delivery — email, SMS (via Twilio), and WhatsApp (via WhatsApp Business API)
  • Admin configures which channels to use per event type:
    • Visitor arrival → notify host via WhatsApp + email
    • Pre-registration confirmed → send booking reference via SMS + email to visitor
    • Visitor overstay → alert host and admin via SMS
    • Check-out → optional confirmation to host
  • Short link support — all notifications include a short URL that opens the gate pass or booking details. Generated using an internal short link service, no third-party dependency
  • Message templates configurable by admin — company name, logo, and tone can be customized
  • Delivery status tracking — the system logs whether each notification was delivered, failed, or pending, with retry logic for transient failures

Admin Dashboard:

  • Live view — real-time list of visitors currently on premises across all gates, with check-in time, host, and overstay flags
  • Visitor log — searchable, filterable history of all visits. Filter by date range, gate, host, visitor name, or purpose. Export to CSV/PDF for compliance reporting
  • Analytics — daily/weekly/monthly visitor counts, peak hours heatmap, average visit duration, most visited hosts, busiest gates
  • Employee directory — manage the list of hosts (employees) that visitors can select when booking or checking in. Bulk import via CSV
  • Gate & guard management — add gates/locations, assign guards to gates, manage guard accounts and shifts
  • Self-booking configuration:
    • Upload safety guideline videos (multiple videos supported, ordered sequence)
    • Create and edit questionnaire — add/remove/reorder questions, set question types, mark questions as mandatory
    • Customize the visitor policy acknowledgment text
    • Enable/disable self-booking per gate or company-wide
    • Set booking windows — how far in advance visitors can book, and cutoff time before arrival
  • Subscription & billing — view current plan, usage (visitors this month vs limit), upgrade/downgrade, payment history
  • Branding — upload company logo, set accent color for gate passes and visitor-facing pages

Android App (Guards):

  • Purpose-built for security guards — large buttons, simple flow, works on budget Android devices
  • Camera integration for visitor photo and document capture
  • Offline support — if internet drops, the guard can still capture visitor details locally. Data syncs when connectivity returns
  • Pre-registration lookup — search by visitor phone number or booking reference to pull up pre-registered visitors
  • Check-in and check-out with one tap
  • Visitor history per gate — guard can see recent visitors without going to the admin dashboard
  • Push notifications for overstay alerts and new pre-registrations expected at their gate

Technical Challenges

  • Multi-tenant data isolation — Every company’s data must be completely isolated. Built with a shared database, tenant-scoped queries approach — every table has a tenant_id column, and a middleware layer injects the tenant context into every query automatically. Row-level security in PostgreSQL as an additional safety net. API endpoints validate tenant context on every request, so even a miscoded query cannot leak cross-tenant data.

  • Live camera capture enforcement — For both guard check-in and visitor self-booking, only live camera capture is allowed — no gallery uploads. On the Android app, the camera intent is locked to capture mode. On the web self-booking flow (mobile browser), the <input capture="user"> attribute forces the front camera. The backend checks image EXIF metadata for capture timestamps to flag suspicious uploads, though the primary enforcement is on the client side.

  • Configurable questionnaire engine — Admin-defined questionnaires need to support multiple question types, conditional logic (show question B only if question A is answered “Yes”), mandatory/optional flags, and ordering. Built a JSON-schema-based questionnaire definition stored in PostgreSQL. The React frontend renders the questionnaire dynamically from the schema. Responses are validated against the schema on the backend before the booking is confirmed.

  • Video completion tracking — Safety videos must be watched fully before the visitor can proceed. The frontend tracks video playback progress and only enables the “Next” button when the video reaches 95%+ completion (accounting for minor seek imprecision). The backend records that the video was completed with a timestamp — this is the compliance proof that the visitor watched the guidelines.

  • Multi-channel notification reliability — Email, SMS, and WhatsApp have different failure modes and delivery semantics. Built a notification dispatcher that queues messages in Redis, processes them asynchronously, and tracks delivery status per channel. Failed messages retry with exponential backoff. If WhatsApp delivery fails (user not on WhatsApp), the system falls back to SMS automatically. Admin can see delivery status for every notification sent.

  • Offline-first Android app — Guards at factory gates often have unreliable connectivity. The Android app stores visitor check-ins locally in SQLite when offline. A sync service runs in the background and pushes queued records to the server when connectivity returns. Conflict resolution handles the edge case where a pre-registration was modified on the server while the guard was offline.

  • Short link generation — Every gate pass and booking confirmation includes a short link. Built an internal short link service rather than depending on third-party URL shorteners (which have rate limits and could go down). Base62-encoded IDs with a dedicated redirect endpoint. Links are tenant-scoped and expire after a configurable period.

Architecture

  • Web Frontend — React application with role-based views for super-admin, admin, and guard roles. Dynamic questionnaire renderer. Real-time visitor dashboard with polling. Responsive for tablet use at reception desks.
  • Android App — Native Android app for security guards. Camera integration for photo and document capture. Offline-first with local SQLite storage and background sync. Push notifications via FCM.
  • Visitor Self-Booking — Mobile-optimized web flow accessed via QR code URL. No app install required. Live camera capture, video player with completion tracking, dynamic questionnaire.
  • API Layer — Node.js + TypeScript REST API. Tenant-scoped middleware on every route. JWT authentication with role-based access control. Rate limiting per tenant.
  • Notification Service — Async message dispatcher with Redis queue. Integrates with Twilio (SMS), WhatsApp Business API, and email (SES). Delivery tracking and automatic fallback across channels.
  • Short Link Service — Internal URL shortener for gate pass and booking links. Base62-encoded IDs, tenant-scoped, with configurable expiry.
  • Database — PostgreSQL with tenant-scoped tables and row-level security. Stores visitor records, photos (S3 references), questionnaire schemas, responses, subscription data, and audit logs.
  • File Storage — AWS S3 for visitor photos, ID document scans, safety guideline videos, and company logos. Pre-signed URLs for secure access.
  • Cache — Redis for notification queues, session management, and caching active tenant configurations.
  • Infrastructure — AWS deployment. Docker containers on ECS. RDS for PostgreSQL. ElastiCache for Redis. S3 for media. SES for email. CloudWatch for monitoring and alerting.

Results & Impact

  • Paper register eliminated — companies go from a handwritten notebook to a searchable digital visitor log with photos, documents, and timestamps from day one
  • Self-booking reduces gate wait times — pre-registered visitors check in within seconds since their details, photo, and guideline acknowledgment are already in the system
  • Safety compliance documented — for manufacturing and pharma clients, every visitor’s video completion and questionnaire response is recorded with timestamps, providing audit-ready compliance proof
  • Multi-channel notifications — hosts know their visitor has arrived instantly via WhatsApp/SMS/email, eliminating the “guard calling the wrong extension” problem
  • Works on budget hardware — the Android app runs smoothly on entry-level smartphones that guards already carry, with offline support for unreliable connectivity
  • SaaS model for small companies — affordable subscription pricing makes professional visitor management accessible to companies that cannot justify enterprise VMS pricing
  • Sole architect and developer — designed and built the entire platform: multi-tenant backend, React admin dashboard, Android guard app, visitor self-booking flow, notification system, and cloud infrastructure

Stack Deep Dive

  • Node.js + TypeScript for the backend API — tenant-scoped middleware, notification dispatcher, questionnaire engine, and subscription management
  • React for the admin dashboard and visitor self-booking web flow — dynamic forms, real-time visitor dashboard, and video player with completion tracking
  • Native Android app for security guards — camera capture, offline-first with SQLite, background sync, and push notifications via FCM
  • PostgreSQL with row-level security for multi-tenant data isolation — shared database, tenant-scoped queries
  • Redis for notification queues (async multi-channel dispatch), session caching, and tenant configuration caching
  • Twilio for SMS delivery, WhatsApp Business API for WhatsApp messages, AWS SES for email
  • AWS S3 for visitor photos, ID documents, safety videos, and company branding assets
  • Docker on AWS ECS for containerized deployment with RDS, ElastiCache, and CloudWatch
← PreviousMulti-lingual Video Streaming POC
Next →RAG Knowledge Bot

Interested in working together?

Get in Touch