Privacy Policy

Last updated: 24 March 2026  |  Effective from: 24 March 2026

1. Who We Are

MaskAadhaar ("we", "us", "our", "the Service") is a privately operated online tool that enables individuals and businesses to mask (redact) Aadhaar and PAN card numbers from document images and PDFs, entirely within the user's own web browser. Our website is accessible at maskaadhaar.com.

MaskAadhaar is operated as an independent private entity. We are not a government website, not a UIDAI portal, not a government-approved tool, and not a government-authorised agency of any kind. We have no official relationship with any Indian government body.

For privacy-related queries, contact us at support@maskaadhaar.com.

2. Scope of This Policy

This Privacy Policy applies to all users of maskaadhaar.com, including visitors who use the free browser-based masking tools, registered account holders, and API subscribers. By using the Service, you agree to the practices described in this policy.

3. Information We Do NOT Collect — The Privacy Core

When you use the Aadhaar or PAN masking tool on this website:

• Your document images and files are processed entirely within your own browser using JavaScript. They are never uploaded to, transmitted to, or processed by our servers.
• We do not see, receive, store, log, or share your Aadhaar number, PAN number, name, date of birth, address, biometric data, photograph, or any other personal information printed on your documents.
• The masked output file is generated locally in your browser and downloaded directly to your device. No copy is retained by us.
• We have no technical means to access the content of documents you process through the browser-based tool.

4. Information We Do Collect

We collect only what is strictly necessary to operate and improve the Service:

• Account data: If you create an account, we collect your email address and a hashed password. We do not store passwords in plain text.
• Subscription and payment data: Payments are processed by Razorpay and/or Stripe. We receive transaction confirmation and your subscription plan. We do not receive or store your card number, CVV, or banking credentials.
• Anonymised analytics: We use Google Analytics to collect anonymised data such as page views, session duration, browser type, device type, and approximate geographic region (country/city level). No document content is included in analytics data.
• API usage logs: For API subscribers, we log the number of API calls made, timestamps, and HTTP response codes — for billing and rate-limiting purposes. We do not log the content of files submitted to the API.
• Cookie consent preferences: Stored locally in your browser's localStorage under the key maskaadhaar_cookie_consent.
• Contact form submissions: If you contact us via the contact form or email, we retain the content of your message and your email address for support purposes.

5. Cookies and Tracking

We use the following categories of cookies:

• Strictly necessary cookies: Session tokens required for login functionality. These cannot be disabled.
• Analytics cookies (optional): Google Analytics cookies that track anonymised usage patterns. You may opt out via our cookie consent banner at any time.
• Advertising cookies (optional): Google AdSense cookies used to serve relevant ads on free-tier pages. Enabled only with your explicit consent via the cookie banner.

You can withdraw cookie consent at any time by clearing your browser's localStorage key maskaadhaar_cookie_consent or by visiting our cookie settings panel.

6. How We Use Information

• To authenticate users and manage subscriptions
• To process payments and deliver API access
• To send transactional communications (payment receipts, API key notifications)
• To analyse aggregate, anonymised usage patterns for product improvement
• To respond to support and contact requests
• To enforce our Terms of Service
• To comply with applicable laws and court orders

We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

7. Third-Party Service Providers

The following third parties process limited data on our behalf:

• Google Analytics — anonymised website usage analytics
• Google AdSense — advertising (only with cookie consent)
• Razorpay / Stripe — payment processing. Subject to their respective privacy policies.
• Vercel — website and API hosting. Standard server access logs (IP, request path, timestamp) may be retained per Vercel's data retention policy.

These processors are contractually bound to handle data only for the specified purpose and in accordance with applicable data protection laws.

8. Aadhaar Act Compliance Notice

MaskAadhaar is aware of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, and the Aadhaar (Sharing of Information) Regulations, 2016. We operate in a manner consistent with UIDAI's publicly stated guidelines that masked Aadhaar — showing only the last 4 digits — may be used as a valid form of address proof for non-authentication purposes.

We are NOT a Requesting Entity (RE), Authentication User Agency (AUA), KYC User Agency (KUA), or Sub-AUA under the Aadhaar ecosystem. We do not perform Aadhaar authentication, biometric verification, or any function regulated under the Aadhaar Act. We are a utility tool that helps users comply with UIDAI's own masking recommendations.

Users who process third-party Aadhaar documents through this Service are solely responsible for ensuring they have lawful authority to do so under the Aadhaar Act and applicable privacy laws.

9. Data Retention

• Document data: Never stored. Nothing to retain.
• Account data: Retained as long as the account is active. Deleted within 30 days of account deletion request.
• API usage logs: Retained for 12 months for billing reconciliation, then deleted.
• Analytics data: Retained per Google Analytics' standard retention policy (14 months).
• Payment records: Retained for 7 years as required under applicable financial and tax laws.

10. Your Rights

Subject to applicable law, you have the right to:

• Access, correct, or delete your account and personal data
• Withdraw consent for analytics or advertising cookies
• Request a portable copy of data we hold about you
• Object to or restrict certain processing activities
• Lodge a complaint with a relevant data protection authority

To exercise any of these rights, write to us at support@maskaadhaar.com. We will respond within 30 days.

11. Security

Because document processing occurs entirely within your browser, there is no server-side document storage and therefore no risk of a server-side breach exposing your documents. Account credentials are stored with industry-standard bcrypt hashing. All data in transit is encrypted over HTTPS/TLS. API keys are stored as hashed values.

No method of electronic storage or transmission is 100% secure. We recommend users exercise caution when using any online service with sensitive documents.

12. Children's Privacy

The Service is not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email (for registered users) or a prominent notice on the website. The "Last updated" date at the top of this page will always reflect the most recent version. Continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.

14. Contact

For any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data, contact us at support@maskaadhaar.com.