Home/Help/Security & Contracts/Security & Verification

Security & Verification

Learn about the security systems of Huio, including VNeID verification, CCCD uploads, digital contracts, and device authentication.

Security & Identity Verification

Huio is designed with safety, trust, and legal compliance as our top priorities. Mutual savings groups require high trust, and Huio provides the technical tools to eliminate fraud and defaults.


1. CCCD Document Verification

To verify their real-world identity, members upload their CCCD (Vietnamese Citizen Identity Card) details:


  • Photo Uploads: Members must take and upload clear photos of both the front and back of their CCCD card.

  • Host Review: Hosts can view these documents in their dashboard under the "Identity Verification" panel to confirm that the member's profile name matches their legal ID.

  • GDPR / Privacy compliance: All uploaded ID photos are securely stored in private storage vaults in Supabase with strict Row Level Security (RLS) policies. Only the respective group Host and the document owner have access to view them; unauthorized users are completely blocked.


2. VNeID Integration

For premium security, Huio integrates with VNeID (the official Vietnamese national electronic identification service):


  • VNeID Gateway: Users can launch the VNeID application via a direct deep link (`vneid://`) from the Huio app.

  • State-level Trust: By logging in via VNeID, members verify their status as a level-2 verified citizen, providing a strong legal guarantee to the host and other members in the savings circle. Verified members receive a green tick verification badge next to their name.


3. Digital Financial Contracts & Legal Standing

To protect hosts and members legally, Huio automatically generates binding mutual savings contracts:


  • Automatic Generation: When a Kasca is created, Huio generates a legal contract containing the schedule, base contributions, slot distributions, and host commission rules.

  • Electronic Signature: Every participant must sign the contract electronically within the app. These electronic signatures carry full legal weight, equivalent to handwritten signatures under the Vietnamese Law on Electronic Transactions.

  • Contract Ledger: The contract list ("Hợp đồng của tôi") stores signed documents as proof of transaction. The digital contract, combined with financial transaction logs in Huio, forms complete civil evidence recognized by authorities in case of defaults (giật hụi).


4. App Access Protection

Keep your financial dashboard private with modern device security:


  • App PIN: Set a secure 6-digit PIN code to protect your account. The app will prompt you for the PIN whenever it is opened or active.

  • Biometrics: Enable Face ID or Touch ID to log in to the app instantly and securely.


Requirements:* You must configure a 6-digit App PIN first before you can enable biometrics.
State Syncing:* If you remove or disable your App PIN, biometrics will be deactivated automatically to maintain a consistent security state.
Enhanced Security:* Biometric authentication uses strict app-level PIN fallback (`disableDeviceFallback: true`). If biometrics fail or are cancelled, you must enter your custom App PIN, and you cannot bypass this with your phone's lock screen passcode.
Platform Availability:* Biometric settings are only available on native mobile platforms (iOS and Android). They are completely disabled and hidden in the Web version of the application.


5. Security & Legal FAQs

  • How does a member sign the digital financial contract in the app?
* The member opens the app -> navigates to the group details -> selects the Contracts tab -> reviews the terms, and taps Sign Contract. The system will prompt for the 6-digit PIN code or FaceID/TouchID biometrics to securely apply the legally binding digital signature to the document.
  • Can members join and sign contracts without VNeID verification?
* Yes, members can still join and sign by uploading photos of their physical CCCD card manually, unless the host has enabled "Require VNeID Verification" in the group settings. If enabled, members must complete the VNeID link before they can participate.
  • Are my CCCD photos and VNeID ID encrypted in the database?
* Yes. All uploaded CCCD images, identity metadata, and VNeID IDs are encrypted using the military-grade AES-256 standard at the database layer (Supabase Vault) and can only be decrypted by the document owner or the host of the corresponding group via RLS controls.
  • How does the system detect fake CCCDs or mismatched faces?
* Huio features an AI document-scanning module that checks uploaded images for edits, blurriness, or inconsistencies. Additionally, all new verifications enter a `pending` moderation state and are physically verified by admins in the Huio Control Panel before approval.
  • Can members revoke their digital signature after signing?
* No. Once a contract is signed and the group is activated, signatures cannot be revoked unilaterally to ensure transparency. A signature is only released if the group is closed or if the host approves a slot Transfer to another user.
  • What are the detailed steps for a member to link and verify their identity using a VNeID account in the app?
* Go to Personal Settings -> Identity Verification -> select Verify via VNeID -> the app redirects to the VNeID portal or native VNeID app -> verify via fingerprint/passcode -> authorize basic identity sharing with Huio -> the app updates status to "VNeID Verified" on your profile.
  • What is the process to upload photos of both sides of a CCCD card for manual verification by the host?
* Go to Personal Settings -> Identity Verification -> select CCCD Manual Upload -> capture front side photo -> capture back side photo -> capture face portrait photo -> tap Submit Approval. The status changes to Pending.
  • How does a host review and moderate the CCCD verification status of members in the Huio Control Panel?
* Log in to the Huio Control Panel with Admin/Moderator credentials -> navigate to the Identity Moderation section -> inspect the front/back CCCD photos and portrait comparisons -> click Approve (or Reject with a reason). The verification status will update instantly on the member's mobile app.
  • What is the procedure to export the signed digital contract to use as civil evidence in case of disputes or defaults?
* Go to My Contracts in settings (or the contracts section of a specific Kasca) -> select the target contract -> tap the Export PDF icon -> save the file to your device or share it via Zalo/Email. The PDF contains complete digital signatures and valid system timestamp logs.
  • How do I configure Face ID / Touch ID or a 6-digit PIN code to secure app access?
* Go to Personal Settings -> Security -> toggle App PIN on -> enter a new 6-digit PIN twice to confirm. Setting a PIN is required before you can use biometrics. Once a PIN is created, toggle Biometrics (Face ID/Touch ID) on. If you ever disable your App PIN, biometrics will also be turned off automatically. If biometric authentication fails or is cancelled, you will be prompted to enter your App PIN; fallback to the device passcode is disabled for enhanced security. Note that biometric settings are hidden on the Web platform.
  • What is the troubleshooting procedure if the VNeID name does not match the linked bank account holder's name?
* This error happens when the VNeID registration name differs from the bank account holder's name. Resolution: Go to Personal Settings -> Bank Information -> check the cardholder name (must be capitalized without accents, matching VNeID). If the bank has a different name, the member must link a different bank card matching their official VNeID name.
  • How do I revoke a digital signature on a contract if a member wants to cancel before the group starts?
* Open Kasca details -> Contracts tab -> tap Revoke Signature -> confirm using your PIN/FaceID. The digital signature is removed from the draft contract. Note: This can only be done while the group is in the Draft state.
  • What security steps should a user take to secure their account if they lose a phone containing their Huio PIN and digital signature?
* Perform immediately: 1. Log in to your Huio account on a new mobile device (this invalidates the old session token on the lost phone); 2. Go to Settings -> Security -> select Change App PIN and Deauthorize all other devices; 3. If you do not have a new device, contact the support Hotline or Telegram Support bot to temporarily lock the account.
  • What are the steps for a member to report a bug (Report Bug Tool) to technical support using the Telegram Bot?
* Open App Menu -> select Report Bug -> the app redirects to the Huio Telegram Bot -> click `/start` -> tap Send Bug Report -> enter description and upload screenshot -> click Send.

Was this article helpful?