Why do KYC portals cap Aadhaar PDF at 200KB?

Bank and CKYC portals enforce upload caps for storage cost, screening throughput, and mobile-app compatibility. 200KB is a common ceiling because it accommodates a typical full-colour Aadhaar scan with the QR readable while keeping the per-account documentation footprint small. Some banks use 100KB caps for older eKYC stacks; mutual fund houses sometimes allow up to 1MB. Check the portal's exact cap before compressing.

Will the QR code still scan after compression?

Yes at Medium compression. UIDAI's mAadhaar app and most government and bank portals reliably decode the compressed QR. The QR uses a high-contrast pattern that survives standard JPEG/zlib compression. For the 100KB-cap case where High compression is needed, test the QR with the receiving portal's app before submitting — High setting reduces image resolution more aggressively.

Will my Aadhaar PDF be uploaded to PDF Mavericks?

No. PDF Mavericks runs the compression entirely inside your browser using pdf-lib and WebAssembly. The Aadhaar PDF never leaves your device. Verify by disconnecting from the internet after the page loads — the compress tool keeps working because all computation happens locally. This matters because Aadhaar carries your biometric photo, demographic data, and the masking-resistant QR; the moment that file touches a third-party server, the trust boundary is broken.

Should I mask or compress first?

Depends on the receiving portal's masking policy. For bank full-Aadhaar eKYC, compress only — the bank needs the unmasked version. For non-eKYC sharing (rental, gym, courier), mask via /aadhaar-mask first (UIDAI permits the first 8 digits hidden), then compress. The order matters because masking adjusts the rendered image, and compressing the already-masked PDF gives a cleaner final size estimate.

Can I compress a password-protected e-Aadhaar?

Yes, but you must unlock it first. e-Aadhaar PDFs from the UIDAI portal are locked with the first 4 letters of your name in uppercase + your year of birth (YYYY). Use /unlock-pdf to remove the password locally, then compress. Both steps run in the browser; the password is never transmitted.

Does compression remove the UIDAI digital signature?

No. The UIDAI digital signature is preserved through pdf-lib compression — only image streams and redundant data are reduced. Bank KYC systems verify the UIDAI signature against UIDAI's public key; the signature object inside the PDF is untouched by image compression. Banks doing offline eKYC verification will still see a valid UIDAI signature on the compressed Aadhaar.

What if my compressed Aadhaar is still over 200KB?

Try High compression. Typical Medium output is 120-180KB for a UIDAI-issued Aadhaar; High pushes that to 60-100KB. If High still doesn't fit, your input PDF is probably a re-scanned physical Aadhaar (multi-page with high-DPI images) — re-download the digital e-Aadhaar directly from uidai.gov.in, which starts at 300-500KB rather than 2-5MB.

Compress Aadhaar PDF Under 200KB (Browser-Local)

Why portals cap at 200KB (and which portals cap at 100KB)

Upload size caps are operational, not regulatory. Banks, mutual fund houses, and government portals choose them based on storage cost per customer, screening-pipeline throughput, and mobile-app compatibility on low-end Android devices common in tier-2 and tier-3 cities. The result is an unposted matrix of caps you have to discover by trial and error.

Common 200KB caps: SBI YONO eKYC, HDFC NetBanking address-update, ICICI iMobile re-KYC, Axis Mobile Aadhaar upload, CKYC registration via NSDL portal, most SEBI-regulated mutual fund KYC flows (CAMS KRA, KFintech KRA). Common 100KB caps: UMANG app, EPFO Member Portal, NSP scholarship portal, several state government citizen-service portals (e.g., Karnataka Seva Sindhu, Telangana T-Hub). 1MB caps are seen on some private bank business-account opening flows and certain visa applications.

The e-Aadhaar PDF downloaded directly from uidai.gov.in is typically 300-500KB. A re-scanned physical Aadhaar runs 1-5MB depending on scanner DPI. Both need compression to fit the 200KB cap; the re-scanned version may need re-downloading from UIDAI to start from a cleaner baseline.

The 4-step compress workflow (browser-local)

Unlock if password-protected. e-Aadhaar PDFs from UIDAI are locked with the first 4 letters of your name (uppercase) + your year of birth (YYYY). Use /unlock-pdf to remove the password locally.
Mask first if needed. For non-KYC sharing, run /aadhaar-mask to hide the first 8 digits per UIDAI's masking guidelines. Skip this step for full-Aadhaar eKYC.
Compress. Open /compress, drop the Aadhaar PDF, choose Medium for 200KB target or High for 100KB target. Output is generated in seconds.
Verify and submit. Open the compressed PDF. Confirm the QR is scannable (use mAadhaar or any QR scanner app). Confirm the printed Aadhaar number is legible. Upload to the portal.

Total time: under 60 seconds. No account creation, no upload progress bar, no email entry, no waiting for server-side queueing.

Why uploading Aadhaar to a third-party tool is the wrong trade

Smallpdf, iLovePDF, and most online PDF compressors upload your Aadhaar to their servers, run the compression there, and serve back the result. They promise to delete the file after a few hours. That deletion window is the problem. Anyone with access to their infrastructure during the window — an engineer, a misconfigured backup, a breached log pipeline — sees your full Aadhaar, biometric photo, demographic data, and QR.

The damage from a leaked Aadhaar is durable. Unlike a leaked password, you can't rotate your Aadhaar number. Once it's in a dark-web marketplace alongside your name, DOB, address, and father's name, it underwrites fake Aadhaar-linked KYC for financial fraud — loans taken in your name, SIMs activated under your identity, mule bank accounts opened with your Aadhaar cited as proof. The 2025 India Post eKYC breach and 2024 Star Health breach both started from internal access at supposedly trusted entities — the same risk pattern applies to PDF tool servers, whose security posture you cannot audit.

Server upload undoes the privacy benefit

Once the unmasked Aadhaar reaches a third-party server, the privacy boundary is already broken. Whatever happens downstream — bank KYC, government portal — only protects against the final recipient, not the intermediate processor.

Browser-local processing closes that exposure. PDF Mavericks runs the compression entirely on your device using pdf-lib and WebAssembly. The page loads, the JavaScript runs, the compression happens in memory, the file downloads. No network request carries your Aadhaar content. Verify in DevTools Network tab: zero outbound transfers of file data during the compress step.

Mask, compress, or both? Tier-by-tier guidance

Tier 1 — Full Aadhaar eKYC (banks, SEBI, demat opening)

Compress only. The bank or SEBI-regulated entity needs the unmasked Aadhaar to verify against UIDAI's database via offline eKYC. Masking would fail the verification. Use Medium compression to hit the 200KB cap; verify the QR scans with mAadhaar before submitting.

Tier 2 — Address proof (rental, courier, society NOC)

Mask first, then compress. The receiving party needs name + DOB + address (which is on the back of the Aadhaar) but does not need your Aadhaar number. UIDAI explicitly permits the masked variant (first 8 digits hidden) for non-eKYC use cases. Use /aadhaar-mask then /compress.

Tier 3 — Identity-only sharing (gym, event registration, online classified)

Mask + redact + compress. After masking, use /redact-pdf to also hide your address, father's name, and the QR code (which decodes the full Aadhaar in plain text). What's left: your photo and name. That's the minimum the receiving party needs.

Common situations: bank KYC, CKYC, mutual funds, EPFO

Bank KYC / re-KYC (200KB cap): SBI YONO, HDFC NetBanking, ICICI iMobile, Axis Mobile, Kotak 811. Compress at Medium; output typically 120-180KB. Submit unmasked.

CKYC registration (200KB cap): via NSDL or CAMS-KRA. CKYC creates a single KYC record reusable across all SEBI-regulated entities. Once your Aadhaar is in CKYC, you generally don't re-upload it for each mutual fund.

Mutual fund onboarding (typically 200KB-1MB cap): Coin (Zerodha), Groww, Kuvera, INDmoney, ETMoney. Most accept compressed Aadhaar up to 1MB; Medium compression is plenty.

EPFO portal (100KB cap): Member portal, UMANG app, PF transfer claims. Use High compression for 60-100KB output. Verify QR scans; UMANG's offline-Aadhaar verification depends on it.

Government job portal / NSP scholarship (100KB cap): UPSC, SSC, state PSCs, NSP. High compression. The receiving portal often does OCR on the uploaded Aadhaar to extract the number, so make sure printed text stays legible.

Troubleshooting: still over 200KB? QR not scanning?

Still over 200KB after High compression: the input is probably a multi-page re-scanned Aadhaar. Re-download the digital e-Aadhaar from uidai.gov.in (or use mAadhaar's offline-Aadhaar download). The digital version starts at 300-500KB and compresses cleanly to under 200KB at Medium.

QR scans before compression but not after: you've used High compression on an already-low-resolution scan. Drop back to Medium and accept the larger output. If Medium still doesn't fit, the input is over-compressed at source — re-download from UIDAI.

Portal rejects the compressed file: some portals validate file structure beyond just size. If the portal rejects with "invalid PDF" after compression, try recompressing without masking, or convert to a flattened PDF first via /redact-pdf (which re-flattens the content stream as a side effect).