Verutap Guide
Everything you need to roll Verutap out at a new site, onboard guards, and run the daily patrol workflow. Conventions: we call the people wearing the phones guards, the checkpoints they visit checkpoints, the places they work sites, and the operator who manages them all the admin. Adapt the names to your industry.
1. Getting started
To begin, email [email protected] with your organization name, the number of sites you expect to manage, and roughly how many guards will use the system. We create the account, provision an initial admin user, and share the credentials privately.
Sign in at app.verutap.com with your admin username and password. First login lands on the dashboard. Any time you see "admin," "supervisor," and "guard" in this guide — they map to account_role values 1, 2, and 5 respectively inside the system.
Admin can do everything: create sites, add users, view all reports, approve incidents. Supervisors can view active patrols, review incidents, and pull reports for their scope. Guards see only their own shift, their own scans, and the scanning/incident/activity actions while on shift.
2. Setting up a site
A site is a physical property — a hotel, shopping plaza, warehouse, or office building — that your guards patrol. Each site has its own checkpoints and its own patrol history. Admins can manage multiple sites under one organization.
From the admin dashboard, open Sites in the sidebar and click + Add Site.
Fill in the site name (what shows up in reports and leaderboards), address, and optional description. The lat/lon is populated by geocoding the address and is used for GPS-based scan validation — supervisors get flagged when a scan's recorded location is far from the site's registered location.
Save. The site is immediately active and ready to accept checkpoints.
3. Registering checkpoints
A checkpoint is a specific physical location inside a site that a guard must visit — a stairwell landing, a delivery dock, a pool perimeter gate. Each checkpoint is tied to either an NFC tag, a printed QR code, or both. A checkpoint with both can be scanned with either method depending on what the phone supports.
3.1 Pick your tag type
The single most important decision. See the full compatibility table on /about, but the short version:
- NTAG213 / 215 / 216 — recommended for any new deployment. Cheap ($0.10 each bulk), works on every modern phone including iPhone.
- MIFARE Classic — works great on Android, does not work on iPhone (Apple platform block). If any of your guards carry iPhones, swap to NTAG.
- Printed QR codes — works on every phone with a camera. A good fallback to place next to NFC tags.
3.2 Physical placement
- Mount the tag where the guard can comfortably touch it without bending. Waist-to-eye level is ideal.
- Avoid metal surfaces. NFC stops working when the tag is on bare metal — put a piece of cardboard or a plastic plate between the tag and the metal. Metal holes in doors are especially problematic.
- In wet environments (pool decks, exterior gates) use IP-rated tags or laminated QR codes.
- Mark the tag location visually so guards know where to tap — a small sign or a colored sticker helps during the first week.
3.3 Register the tag in the system
Two paths — pick whichever fits where the tag is physically.
Field registration (tag already mounted)
When a tag is on the wall and you don't know its UID yet, let a guard discover it:
A guard on an active shift taps Scan on the home screen and holds the phone to the new tag.
Because the tag isn't matched to any checkpoint, the app opens a "Register this tag?" prompt with the UID pre-filled. The guard types a name (e.g., "Pool Deck North"), picks the site, and saves.
Checkpoint is live. The next scan of the same tag flows through the normal scoring pipeline.
Admin-desk registration (UID known in advance)
When you have a pile of pre-programmed tags or have already read a tag's UID with another tool, register from the web UI:
Admin UI → Checkpoints → Add Checkpoint.
Fill in the checkpoint name, pick the site, paste the NFC tag UID (uppercase hex, no separators — e.g., 04A1B2C3D4E580), and save.
Either path lands the checkpoint in the same place. Use field registration for new installs; admin-desk for bulk pre-provisioning or replacements.
Register a test tag at your own desk with a clear name like "Admin Test". Use it to smoke-test the scanning flow any time you change devices or push a new app build.
4. Adding guards
From the admin dashboard, open Users → + Add User. Select role Guard.
Enter the guard's first and last name, a username (we recommend a site-specific convention like 808PSI0042), and a phone number if they'll use the fast PIN login (recommended).
Set an initial password and, if you added a phone number, a 4-6 digit PIN. Share these with the guard privately — in person is safest, text is fine.
Save. The guard can log in immediately.
Guards can sign in two ways. Phone + PIN (at /pin) is faster for shift starts — just tap the digits — and works well when their hands are full. Username + password is the fallback. Admins and supervisors always use username + password. After 5 wrong PIN attempts, the account locks for 15 minutes; an admin can unlock it instantly from Users → [guard] → Unlock PIN.
5. The guard app
Installation
- Android — pushed through your MDM (we use WeGuard). Guards don't manually install anything; the app appears on their company phone.
- iPhone — distributed via TestFlight. Apple sends the invited user an email; they install TestFlight from the App Store, tap the invite link, and Verutap installs.
First launch
On first launch, the app requests permissions: location (always — for background GPS during shifts), NFC (read-only, for tag scans), camera (for QR scanning and incident photos), and notifications (for supervisor alerts). Grant all.
Login
Guards see the login screen on open. Tap Guard? Sign in with PIN at the bottom to use phone + PIN, or sign in with username + password directly. After login, the app goes to the home screen showing current shift status.
6. Running a patrol
Start shift. Tap Start Shift on the home screen. Pick the site you're working. The app begins tracking GPS in the background, caches the site's checkpoint list for offline scanning, and marks you active on the supervisor's dashboard.
Scan a checkpoint. Walk to the checkpoint. Tap Scan. Hold the phone near the tag.
- On Android, the scan happens passively — just touch and wait ~300ms for the beep and haptic.
- On iPhone, the iOS "Ready to Scan" sheet appears first; present the phone within 20 seconds. Sheet closes, the app shows a green checkmark.
Repeat. Continue to the next checkpoint. Each scan is recorded with a timestamp, the guard's GPS position, and a scoring bonus for streaks and checkpoint freshness.
Log activity or an incident as needed (see §7).
End shift. Tap End Shift from the home screen. The app finalizes scoring, stops GPS, and sends any still-queued offline scans.
If the phone loses signal mid-patrol, scans queue locally in encrypted storage. The app retries with exponential backoff when connectivity returns, so nothing is lost. The badge on the home screen shows how many scans are still queued. Guards don't need to do anything — it drains automatically.
7. Handling incidents
From the guard home screen, Report Incident opens a form. Guards select an incident type (theft, damage, medical, etc.), set severity (low / medium / high / critical), write a short description, and attach photos.
Each incident is tied to the guard's current shift and site. Supervisors see the incident in the dashboard within seconds (live refresh every 10s). Incidents can capture:
- Damages (property, vehicle, equipment) with estimated repair cost
- Contacts (witnesses, victims, suspects) with their statements
- Injuries (minor/moderate/severe/critical, body part, EMS dispatched)
- Impacted parties (businesses, tenants, public)
Supervisors review and approve, reject, or request edits. The full edit history is kept in an audit trail — every field change is logged with who and when.
8. Supervisor dashboard
The admin and supervisor web UI at app.verutap.com/admin is the ops view. The main dashboard shows:
- Active patrols — who's on shift right now, at which site
- Live scan feed — every scan as it happens, with the checkpoint name, guard, and time
- Open incidents — filtered to unresolved, sorted by severity
- Scan count over the last 24h / 7d / 30d
The Scoring page shows the leaderboard: total points per guard, shift performance, and per-guard detail including streaks and flagged scans (scans that happened too far from the checkpoint's registered GPS location).
Individual pages for Shifts, Checkpoints, Sites, Incidents, Users, and Reports cover CRUD for each entity.
9. Client reports
Under Reports in the admin UI, generate a client report by selecting a site and a date range. The system produces a clean printable HTML report covering:
- Site info + header
- Shift summary — who patrolled, when, how long
- Per-shift scan log with timestamps, checkpoint names, and GPS validation
- Any incidents filed during the window
- Scoring summary and completion percentage
The report URL is signed with a short-lived token, so you can share it with non-Verutap recipients (property managers, clients) without exposing a login. Print-to-PDF from the browser for a clean archive.
Automated nightly email of per-site reports to a configured recipient list. Today: on-demand only. Reach out if this is a blocker.
10. FAQ & troubleshooting
A guard says they get "network error" when trying to sign in.
First check phone connectivity — open any browser, load google.com. If that works, the app's backend connection is blocked. Usually this is one of: (a) the app was installed from an old build pointing at a previous domain, (b) a new domain wasn't whitelisted in CORS on the backend. Force-close the app (swipe up in the app switcher, swipe away), reopen. If it persists, reinstall the latest app build from MDM / TestFlight.
A scan on iPhone doesn't register — "Ready to Scan" pops up but nothing happens.
Two common causes. First, antenna position: iPhone's NFC antenna is at the very top-back of the phone, right around the camera bump. Hold the top inch flat against the tag, don't wave. Second, tag type: iPhones cannot read MIFARE Classic tags — that's a platform restriction we can't work around. If the same tag scans fine on Android but not iPhone, it's MIFARE Classic and needs swapping to NTAG. See the compatibility table.
A guard got locked out of PIN login.
After 5 wrong PIN attempts, the account is soft-locked for 15 minutes. They can wait, or an admin can unlock instantly from Users → [guard] → Unlock PIN. If they forgot their PIN, Users → [guard] → Set PIN lets an admin assign a new one. Passwords work the same way.
A scan shows up as "unregistered" on the dashboard.
This means the tag's UID wasn't matched to any checkpoint in your company's site list. The scan is still recorded as evidence that the tag was tapped, but not tied to a named checkpoint. To fix: find the tag, register it through the field-registration flow (see §3.3), and the next scan will be correctly named. Old unregistered scans auto-expire from the queue after 24 hours.
A scan was flagged for being "far from checkpoint."
The system compares the guard's GPS at scan time against the checkpoint's registered lat/lon. If they're off by more than a threshold (typically 50 m) the scan is flagged for supervisor review. Usually this is one of: the checkpoint's registered location was set inaccurately, the guard's phone took a GPS fix before moving to the checkpoint, or the tag was moved. Admins can re-register checkpoint GPS or manually clear flags.
Shifts are showing up with a weird 12-hour end time even though the guard didn't end them.
The system auto-closes shifts left running for more than 12 hours. This prevents dead shifts from skewing leaderboards when a guard forgets to tap "End Shift" (or the phone died mid-patrol). If your shifts legitimately run longer than 12 hours, tell us — we'll raise the cutoff or switch to a different auto-close strategy for your account.
GPS seems off during a patrol.
Indoor/basement GPS is often unreliable — concrete, steel, and underground locations can't fix on satellites. The app falls back to WiFi-based location when GPS isn't available, but it's less precise. If guards routinely patrol underground garages or concrete basements, expect occasional missing GPS points. The scan itself is still recorded with the NFC UID and timestamp; only the GPS attachment may be missing or stale.
How do I add a new site?
See §2. Admin → Sites → + Add Site.
Can guards use the app offline?
Yes, for the scanning and incident flows. Scans and incidents queue locally and sync when back online. The dashboard and admin UI require an internet connection.
Is my data kept private?
Yes. Your patrol data is stored on your organization's Verutap backend, isolated by company. We never sell, aggregate, or share data across clients. NFC tag UIDs in logs are redacted in production builds. See the data & privacy section on /about for details.
More help
Anything this guide doesn't cover — email [email protected]. We read everything and respond within a business day.