Mask Aadhaar online

Why mask Aadhaar at all

Your Aadhaar number is a shared secret that unlocks a lot — eKYC flows, DigiLocker, subsidy claims, bank-account linkage. UIDAI and the RBI have both issued circulars reminding citizens to share masked Aadhaar (first 8 digits hidden, last 4 visible) whenever a full Aadhaar is not strictly required. With the Digital Personal Data Protection Act rules notified in November 2025, companies that receive your Aadhaar are now data fiduciaries under the Act, and they face enhanced liability if they mishandle it. Reducing the Aadhaar data you hand out reduces the risk of that mishandling affecting you. Even when a portal will technically accept your full Aadhaar, sending the masked version is the cautious default.

The concrete risk is not abstract. Scanned Aadhaar copies sent over email, WhatsApp, or third-party HR portals are routinely leaked — from broker-site scrapes, from forgotten S3 buckets, from a recruiter's personal laptop. Once your 12-digit Aadhaar number plus a photo of your face plus your date of birth are in a dump, the combination is enough for a surprising number of impersonation flows. Masked Aadhaar is not a cryptographic guarantee of anything, but it removes 8 digits from the leak, which is the difference between a low-effort lookup and actual reconstruction.

UIDAI does provide a masked-Aadhaar download on their portal, but it is a five-step OTP flow that requires a working Aadhaar-linked mobile number and network connectivity to UIDAI. If you are trying to email your masked Aadhaar to a landlord at 10pm on a Sunday from a phone with spotty signal, that flow is not great. DocRedact.in is the offline alternative: one photo, one tap, one download, no OTP, no dependency on a government portal being up. The masking follows the same first-8-digits convention UIDAI itself uses, so recipients who are used to the UIDAI format recognize the output immediately.

The tool also masks PAN (full number, since PAN has no partial-mask convention), passport MRZ (the two-line machine-readable zone at the bottom of the photo page), and the UIDAI secure QR code. The QR matters because a decoded QR contains the full Aadhaar number, DOB, gender, and address — so masking only the printed digits while leaving the QR intact accomplishes almost nothing. Everything happens in the same pass on the same page.

How our tool works

When you drop a file or take a photo, your browser runs three things on your device: (1) Tesseract, an open-source OCR engine, reads the text on the card; (2) a tiny face detector finds your photograph; (3) a QR decoder looks for the UIDAI secure QR. Each of these is a WebAssembly module that is loaded only when you actually use the tool — no heavy bundle on first page load. Detected Aadhaar numbers are validated with the Verhoeff checksum that UIDAI itself uses, so any random 12 digits that happen to match the regex (phone numbers, order IDs, OCR errors) are correctly rejected rather than masked. Verhoeff validation is the difference between a tool that masks the wrong 12 digits (worse than useless) and a tool you can actually trust.

PDF input goes through an extra step: each page is rasterized to a canvas at double resolution via pdf.js, then the detection pipeline runs on that canvas as if it were a photograph. This means the tool handles both camera-captured scans and native PDFs from official portals, without treating them differently. Multi-page PDFs run the detection on every page up front, so when you open the preview you can navigate across pages and see what was found on each.

The detected regions are drawn onto a canvas in your browser as solid black rectangles over the first 8 Aadhaar digits, over the PAN, over the UIDAI QR, and over the face photograph. (We originally used a Gaussian blur on the face but switched to a solid rectangle — blur can be reversed with known-σ deblurring and modern face super-resolution; a solid rectangle cannot.) The page image and the mask layer are then flattened together and written into a new image-only PDF in your browser, again using an open-source library. The flattening step is what makes the output safe to email — because the output has no text layer at all, nothing running `pdftotext` or doing a copy-paste will recover the masked digits. The tradeoff is that the output PDF is larger than the input (usually 2–5×) and is not searchable, which is worth paying for a card that you are sharing as proof of identity.

When you click Download, you are downloading a Blob that the browser built locally from the flattened PDF bytes. Your operating system treats it exactly as if you had saved a file you created yourself. It never traversed our infrastructure because our infrastructure never saw it. The browser does not forward the download through any server — there is no server to forward it through.

Why the privacy story is real and verifiable

Most online redactors promise privacy in the way a hotel promises it will not read your mail. There is a server somewhere; they claim they will not look at the file; you have to take their word for it. That model can be fine if the operator has legal incentives aligned with yours, but it is fundamentally a promise — there is nothing a user can check from the outside. Our privacy model is different because there is nothing there to trust. The tool is a static bundle of JavaScript, HTML, and WebAssembly that your browser downloads when you visit the page. Everything runs on your CPU, in your tab. You can check this in three ways:

• Open your browser's DevTools (right-click → Inspect on desktop; dev-tools enabled from Settings → Safari → Advanced on iOS), switch to the Network tab, then use the tool. You will not see any request carrying your document.
• Disconnect your internet after the page has loaded. The tool still works. No redaction feature depends on a server call. The lazy WASM modules are cached by your browser after first use, so subsequent redactions on the same device work fully offline.
• Read the code on GitHub. The detection pipeline, the mask renderer, and the PDF writer are all in the repository under an AGPL-3.0 licence. A continuous integration test in the repository asserts that no network request carrying document data escapes the tab during redaction; if someone ever tries to add server-side processing, that test fails and the pull request cannot merge.

We still ship two network-visible pieces, and we want to be explicit about them. First, the page uses Cloudflare Web Analytics, which counts page views from same-origin only and captures nothing about your document — no file size, no OCR text, no detection coordinates, no filenames. It is the single small beacon per page view that you will see in the Network tab. Second, the optional contact form and B2B waitlist form send their own fields (email, company name, message) to a Cloudflare Worker so we can respond to you. Neither of those two requests happens during redaction, and neither carries any part of your uploaded file. If you never touch the forms, neither beacon ever carries any personal data.

The AGPL licence is the other half of the verifiability story. If someone builds a closed-source hosted service on top of this codebase (for example, by putting it behind a SaaS signup wall), the AGPL requires them to publish their source too. That means the tool cannot quietly become a spy; any serious fork has to show its work. We are not opposed to commercial derivatives — we run a B2B API ourselves — we just think the mechanism for trust should be verifiable rather than contractual.

Frequently asked questions

Is it safe to upload my Aadhaar to this site?

You are not uploading anything. DocRedact.in runs entirely in your browser tab — no server ever sees your file. Open your browser DevTools → Network tab while you use it and verify this for yourself. Our code is public on GitHub under AGPL-3.0.

What is masked Aadhaar, and why do I need it?

A masked Aadhaar hides the first 8 digits of your 12-digit Aadhaar number, leaving only the last 4 visible. UIDAI and the RBI recommend using masked Aadhaar instead of the full card whenever possible — for KYC verification, tenancy agreements, employment onboarding, and similar flows where someone needs proof of identity but not your full Aadhaar number. Under the DPDP Act (rules notified November 2025), data fiduciaries who mishandle Aadhaar face fiduciary liability, so many now prefer receiving masked copies.

What does this tool actually mask?

By default: (1) the first 8 digits of your Aadhaar number, (2) your PAN number, (3) passport MRZ (machine-readable zone), (4) the UIDAI QR code, and (5) your face photograph on the card. Each detection appears as a checkbox — you can uncheck anything that is a false positive or that you want to leave visible.

Can I use this on my phone?

Yes. On mobile, the primary button is "📷 Take Photo" — it opens your phone camera, you photograph the card, and the redaction runs entirely on-device. No photo gallery upload, no server round-trip.

What file types work?

JPG, PNG, and PDF, up to 20 MB. PDFs are re-rendered as image-only PDFs (no searchable text layer) so nothing can be recovered via pdftotext or similar tools.

How does the Aadhaar detection work?

The tool runs Tesseract OCR on your document in the browser, finds any 12-digit sequence, and validates it against UIDAI's Verhoeff checksum. Only numbers that pass the Verhoeff check are treated as Aadhaar candidates — this prevents false positives from phone numbers, order IDs, or garbled OCR.

Does the tool read my biometric data or Aadhaar database?

No. It does not touch the UIDAI database, does not resolve the QR payload, and does not extract biometric information. It only finds the printed number, the photo, and the QR on the paper/PDF card in front of you.

Is the output file safe to email or upload to a portal?

The output PDF is flattened to an image-only PDF — the original text layer is discarded, so whoever receives it cannot extract the masked digits with copy-paste or pdftotext. The masked regions are drawn as solid black rectangles on the image, so they cannot be un-masked. You should still verify the output before sharing.

Why is the output file bigger than the input?

Image-only PDFs are larger than text-layer PDFs — that is the cost of guaranteeing that masked content cannot be text-extracted. Expect 2–5× the input size for typical scans.

Why are you giving this away free?

The consumer tool is free forever; we make money through an API for businesses (HR tech, fintech KYC) that need to integrate this into their pipelines. See /api-waitlist if that is you.

Verify for yourself

The repository at github.com/shadabkhan/doc-redact-in contains every line of detection, preprocessing, masking, and PDF-rewriting code used on this page. Commit history is preserved (no squashes, no force-pushes on main). External contributions are welcome. See how it works for an architecture diagram, or our privacy policy for the plain-English version of the data practices described above.