Free PDF Redact Tool Online

Black out sensitive text and images permanently. Protect confidential information instantly.

Your files never leave your device
Drop PDF here or click to browse

Supports PDF files · up to 100 MB

How it works: Upload a PDF, draw boxes over sensitive areas on the preview, and click "Apply Redactions" to permanently black out the content. The redaction covers text, images, and all content in the selected areas. The original PDF data is replaced with solid-color rectangles.

About PDF Redaction

PDF redaction is the process of permanently removing or hiding sensitive information from documents. Unlike simple highlighting or covering text with shapes, proper redaction completely removes the underlying data so it cannot be recovered. This tool uses solid-color rectangles to permanently cover content, making it impossible to extract or view the original text or images beneath the redaction.

When to Redact Documents

Redaction Best Practices

Frequently Asked Questions

Is redaction truly permanent and irreversible?

Yes. This tool replaces redacted areas with solid-color rectangles at the PDF rendering level. The original content is permanently covered and cannot be recovered or made visible again. Unlike simple image overlays, PDF redaction modifies the document itself.

Can I redact only part of a page?

Yes. You can draw multiple redaction boxes on the same page to target specific areas. Simply click and drag to create as many rectangular redactions as needed. You can apply different redactions to different pages.

What if I make a mistake while redacting?

Before applying redactions, click "Clear All Redactions" to start over on the current page. Once you click "Apply Redactions," the changes are permanent and cannot be undone. Always review the preview carefully before finalizing.

Does redaction affect file size or document integrity?

Redacted PDFs remain fully functional. The file size may slightly increase due to the additional redaction rectangles. All other content, formatting, and document structure remain unchanged and intact.

Can I undo redactions after downloading?

No. Redactions are permanent once applied to the PDF. Always keep an unredacted backup of sensitive documents before redacting. Once the redacted file is downloaded, the original content beneath the redactions cannot be recovered.

Is my PDF secure and private?

Yes. This tool processes your PDF entirely in your browser. Your file never leaves your device or is uploaded to any server. Redaction happens locally on your computer, ensuring complete privacy and security of your documents.

Can I redact multiple PDFs at once?

This tool processes one PDF at a time. To redact multiple documents, process each file separately by uploading, redacting, downloading, and then uploading the next PDF.

What is a PDF redaction tool?

A PDF redaction tool permanently removes sensitive text, images or regions from a PDF, replacing them with solid-colour rectangles so the underlying content cannot be recovered. The key word is permanently: redaction is not the same as covering. A black rectangle drawn on top of a name with an annotation tool hides the name from view but leaves the original text inside the PDF, where anyone with a text-extraction tool can find it. True redaction deletes the bytes from the file and substitutes opaque shapes in their place. This distinction has caused more than one accidental data leak in court filings, government documents and corporate reports.

This tool implements true redaction. You draw boxes over the regions to remove (names, social security numbers, account details, faces in images, signatures) and the tool deletes the underlying content from each page, then draws an opaque rectangle of your chosen colour over the deleted region. The output PDF carries no trace of what was removed: no extractable text, no hidden form fields, no embedded image data at those coordinates. If the recipient runs a text-search or text-extraction on the redacted PDF, the redacted regions return nothing.

All processing runs in your browser using pdf-lib (PDF manipulation in JavaScript) and pdf.js (PDF rendering). The file is loaded into memory, the redaction operations execute locally, and the redacted PDF is downloaded directly to your disk. No file is uploaded, no cloud processing is involved, and no telemetry is sent. This matters because the documents you most need to redact (legal filings, medical records, financial statements, security reports) are the same documents you should never upload to a third-party processor for any reason.

What is inside the tool

The drop zone at the top takes the PDF to redact. After upload, the first page renders in the preview area and the page-navigation controls appear. You walk through the document page by page. On each page, click and drag to draw redaction rectangles over the regions to remove. Each rectangle is a separate redaction; you can draw as many as needed on each page. The current page shows your in-progress rectangles in semi-transparent red so you can see what you have already marked.

The colour picker controls what colour fills the redacted region in the output. Black is the default and most familiar (matches legal-standard redaction); white can be useful when the page already has a white background and you want the redaction to look like a deletion rather than a censoring mark. You can clear all redactions on the current page (Reset Page) or remove the most recent one (Clear Last). The redaction count shows how many boxes are queued across the entire document, which is useful for sanity-checking before you commit.

Apply Redactions is the irreversible step. When you click it, pdf-lib walks every page, deletes the content under each rectangle from the page content stream, and draws the solid-colour rectangles in their place. The result is a new PDF where the redacted regions are gone, not just covered. The browser then offers the redacted PDF for download. Keep a copy of the original PDF somewhere safe if you ever need to consult it; the tool cannot recover the original content from the redacted output.

History and background

Paper-era redaction with markers and photocopies

Before digital documents, redaction was physical: a clerk marked the sensitive passages with a black felt-tip pen, then photocopied the marked-up page. The photocopy of the marked-up page became the released version. The marker physically obscured the ink underneath, and the photocopy preserved only the black blocks. This was slow and labour-intensive but secure: there was no way for the recipient to recover what was under the marker without the original. Government agencies and law firms ran entire departments dedicated to manual redaction throughout the twentieth century.

The early digital era and the redaction failure pattern

When documents moved to digital formats in the 1990s and 2000s, redaction tools lagged behind. The most common mistake was using the highlighter or shape-drawing tools to cover sensitive text with black boxes, then exporting to PDF. The black boxes hid the text visually but left it intact in the PDF text layer. Anyone with Adobe Reader could copy the text from under the black box, or open the PDF in a text editor and read it directly. This pattern caused dozens of high-profile leaks in legal filings, government reports and corporate documents from roughly 2000 to 2015.

Famous redaction failures (2003-2014)

A short and incomplete list: in 2003 the US Department of Justice released a redacted Bechtel Iraq reconstruction contract; the redactions were image overlays and the underlying text was still copyable. In 2010 a court filing related to the Bradley Manning case had similarly extractable redacted text. In 2011 the TSA airport security operations manual was published with the redacted sections still readable in the source. In 2014 a court filing by Paul Manafort had improperly redacted passages that journalists read in minutes. Each incident embarrassed the producing organisation and prompted internal policy reviews. These failures pushed government and legal industries toward dedicated redaction tools rather than ad-hoc highlighting.

Adobe Acrobat adds proper redaction (2006)

Adobe added a dedicated Redact tool to Acrobat Professional 8 in 2006, then promoted it heavily after the early-2000s redaction failures. The Acrobat tool marks regions for redaction, then a separate Apply step actually deletes the content from the page stream and writes opaque rectangles. The two-step design (mark, then apply) was deliberate: the marking step is reversible, the apply step is not, and users are warned before the irreversible operation. Adobe also added the Find and Redact feature that locates patterns like social security numbers or email addresses across an entire document.

PDF/A and the redaction standard (ISO 32000-2, 2017)

The ISO 32000-2 standard published in 2017 added a formal Redact annotation type (section 12.5.6.23) that defines how redaction marks should be encoded and how the apply step should produce a permanently-redacted output. Conforming PDF tools can interpret Redact annotations consistently. The standard also recommends sanitising metadata, embedded files, hidden form fields, JavaScript and other non-visible content during the apply step. This explicit specification reduced the divergence between vendor implementations and made cross-tool workflows more reliable.

Browser-based redaction comes of age (2020 onwards)

As pdf.js and pdf-lib matured, browser-based redaction became feasible. Earlier cloud redaction services (Smallpdf, iLovePDF, PDF24) required uploading sensitive documents to a third-party server, which defeated the purpose for users redacting medical records, legal documents or financial data. Client-side browser tools that run entirely in JavaScript solved the privacy problem: the document never leaves the device, but the redaction logic still works. This tool follows that line of development, using pdf-lib's content-stream manipulation to actually delete the redacted bytes rather than overlay them.

Practical workflows

Legal discovery production

In civil and criminal litigation, parties produce documents to opposing counsel under discovery rules. Some of those documents contain privileged communications, work product, third-party private information or trade secrets that must be withheld even though the surrounding document is producible. Redaction removes the privileged content while preserving the rest. The redacted PDF is what gets bates-stamped and produced. Doing this with a true redaction tool rather than highlighting avoids the well-documented embarrassment of producing a redacted document that opposing counsel can un-redact in five seconds.

FOIA and public records responses

Government agencies responding to Freedom of Information Act requests (United States), Access to Information Act requests (Canada), or equivalent statutes worldwide must release the requested records but may redact specific content under enumerated exemptions: national security, personal privacy, law enforcement methods, attorney-client privilege. The redaction must be permanent because the released document goes to the requester and often to journalists who actively look for redaction failures. A true-redaction tool is essential here.

HIPAA-compliant medical record sharing

United States health care providers must redact protected health information (PHI) from medical records before sharing for research, billing audits, insurance claims investigation or legal proceedings. PHI includes names, dates other than year, geographic identifiers smaller than state, contact information, social security numbers, account numbers and a long list of other identifiers. Redacting all of these from a multi-page medical record by hand is tedious but the only way to comply with the Privacy Rule. A client-side redaction tool keeps the records on the device, which itself helps with HIPAA compliance.

GDPR subject access response

European Union businesses responding to a GDPR subject access request must provide the requester with the personal data the business holds, while redacting personal data of any other person mentioned in the same documents. If a company email thread mentions both the requester and three colleagues, the colleagues' names, contact details and personal information must be redacted from the version provided to the requester. The redaction must be permanent so subsequent recipients cannot recover the third-party data.

Insurance claim documentation sharing

When an insured shares a claim file with a third party (adjuster, broker, attorney, regulator), they often need to redact medical or financial details from supporting documents. Bank statements include other transactions unrelated to the claim. Medical bills include conditions and treatments unrelated to the claim. Redacting irrelevant information protects the insured's privacy while still providing the data needed to evaluate the claim. The redacted PDF can be emailed or uploaded to the relevant portal.

Research data anonymisation

Academic and corporate researchers working with documents that contain personally-identifying information (court transcripts, medical records, social-media exports) often need to anonymise the source data before sharing with collaborators or publishing in research output. Redacting names, locations and identifiers from each document produces an anonymised version that can be cited in papers and shared with co-authors. Ethics board approvals (IRBs in the United States) often require this kind of permanent redaction as a condition of approval for research involving human subjects.

Common pitfalls

Cover is not the same as delete

The most common redaction failure is drawing a black rectangle over sensitive text with a shape or highlight tool, then exporting to PDF. The rectangle is a separate object that sits on top of the page. The text underneath is still in the PDF, fully extractable by anyone who selects it with the cursor, opens the PDF in a text editor, or runs a text-extraction tool. Always use a tool that performs true redaction (deletes the underlying content and replaces it with the rectangle), not covering. This tool does true redaction; many ad-hoc workflows do not.

Metadata leaks the redaction story

PDF metadata (author, title, modification date, producer software) can reveal who edited the document and when, even after the visible content is redacted. The Microsoft Office metadata of an exported Word-to-PDF document can include comments, tracked changes and prior author names. The PDF metadata can include the original filename, which might itself be sensitive. Sanitise metadata as part of the redaction workflow: use the PDF metadata tool or a redaction tool that strips metadata as part of the apply step. Document inspectors in Acrobat Pro do this; many quick tools do not.

Form fields, JavaScript and attachments persist

PDF can carry interactive form fields, embedded JavaScript, attached files, audio, video and 3D content that does not visibly render on the page. A redaction rectangle on the visible page does not touch any of these. If a form field contained the sensitive content (a hidden name field auto-populated from a database, for example), redacting the visible page leaves the form data intact. Strip form data, JavaScript and attachments as a separate pass. The pdf-lib library this tool uses removes form fields when you apply true redaction, but always verify by opening the output in a viewer that exposes form data.

Comparing redacted and unredacted versions exposes the secret

If both a redacted version and an earlier unredacted version of the same document leak, a pixel-by-pixel comparison shows exactly what was redacted. This is how journalists sometimes reconstruct redacted content from court filings: by finding an earlier draft. Never distribute multiple versions of the same document; once a redacted version is released, the unredacted version becomes a security risk and should be controlled or destroyed. This is more an operational pitfall than a tool failure but it is the most common vector for redaction-defeating leaks.

OCR can recover text from inadequately-redacted scans

For scanned PDFs (where the text is an image rather than selectable text), drawing a rectangle over the scanned image is generally safe because there is no text layer to extract from. The exception is when the scan went through OCR and the recognised text is stored alongside the image as a hidden text layer. Redacting the visible image leaves the OCR text layer intact, recoverable by text-extraction tools. Either redact the OCR layer along with the image, or strip the OCR layer before producing the redacted scan.

Font width disclosure for character-level redactions

For very short redactions (a single word in a long passage), the width of the rectangle can leak information: a wider rectangle suggests a longer word. For names this might narrow possibilities. For numbers this can be conclusive if the format is known (a redacted nine-digit number is probably an SSN). To prevent width-based inference, redact entire lines or whole sentences rather than precise character runs, and use a standardised rectangle width for the same kind of redaction regardless of the underlying content length.

Privacy and data handling

The PDF you upload, the redaction rectangles you draw, and the redacted output PDF all stay on your device. pdf.js handles rendering, you mark redactions on a transparent canvas overlay, and pdf-lib executes the redaction operations and generates the output file all in JavaScript inside your browser. No network request carries the file contents, no upload occurs, no telemetry is collected about what you redacted. This matters more for redaction than for almost any other PDF operation: the whole point of redaction is to protect sensitive content, so any tool that uploads the document defeats the purpose before you even start.

Practical implication: you can disconnect from the internet after the page loads and run the entire redaction workflow offline. Many legal and medical workflows require this kind of air-gapped processing as a matter of policy, especially when redacting documents subject to privilege, attorney-client confidentiality, or HIPAA. The redacted file appears as a normal browser download; nothing is saved anywhere except where you choose to save the downloaded file. Keep the original PDF in a separate, controlled location and treat the redacted output as the only version safe to share.

When not to use this tool

When the PDF is password-encrypted (unlock first)

If the PDF requires a password to open, pdf.js cannot render it and the tool cannot load it for redaction. Remove the password first with the PDF unlock tool (you need to know the password), then redact, then optionally re-apply password protection on the redacted output. Doing it in this order works because the redacted output is a new PDF that can be encrypted independently of the original.

For pattern-based search and redact (use desktop Acrobat Pro)

If you need to redact every social security number, every email address, or every instance of a specific name across a thousand-page document, drawing rectangles by hand is impractical. Adobe Acrobat Pro's Find and Redact feature lets you specify a pattern (regex for SSN, email, phone numbers) and automatically marks every match across the entire document. This browser tool focuses on manual region-based redaction. For pattern-based bulk redaction at scale, use the desktop Acrobat workflow.

For redacting the source document rather than the export

If the document originates in Word, Google Docs or another editable format and you want to permanently remove text from the source, do that in the source application, not in the PDF. Delete the sensitive text in Word, save the new Word file, then export to PDF. This avoids the chain-of-custody issue where a redacted PDF still has an unredacted source somewhere. PDF redaction is the right move when the PDF is the authoritative original (a court order, an existing filing) or when you do not have access to the source.

For redacting only metadata (use a metadata-stripper)

If the visible content of the PDF is fine but the metadata contains sensitive information (author name, original filename, edit history), you do not need a redaction tool. Use a metadata-strip tool to clear the document information dictionary and the XMP metadata. The PDF metadata tool in this site reads metadata; some PDF tools provide a Sanitise Metadata or Document Inspector function that clears it. Redaction tools focus on visible content; metadata strippers focus on invisible content.

More questions

How can I verify the redaction is truly permanent?

Open the redacted PDF in a text editor (any editor that handles binary files), or run a text-extraction tool against it. Try to select and copy text from the redacted regions in any PDF viewer. If the redaction worked, all three approaches return nothing for the redacted areas. Another check: open the PDF in Adobe Acrobat and run Document Inspector; it will list any extractable content that survives. If you see no redacted text in any of these checks, the redaction is real.

Does this tool clean the PDF metadata?

pdf-lib rewrites the PDF when you apply redactions, which by default does not preserve every metadata field from the original. The author name, modification date and producer string are commonly reset. However, this is not a comprehensive metadata strip. For sensitive workflows, run the redacted output through a dedicated metadata-strip step (or use the PDF metadata tool to inspect and clear specific fields) before sharing.

What colour should I use for the redaction rectangles?

Black is the legal and government standard, instantly recognisable as redaction. White can be useful when the document background is also white and you want the redaction to look like a deletion rather than a censoring mark, but it can be visually ambiguous (looks like blank space rather than redacted content). For most professional purposes, use black: it is unambiguous, conventional and signals to the recipient that something was deliberately removed.

Will the redacted PDF be larger or smaller than the original?

Usually slightly smaller because the redacted content is deleted from the page stream. The rectangles drawn over the redacted regions are minimal additional data. Occasionally the file size increases by a small amount because of how pdf-lib rewrites the content streams. The change is usually negligible for documents up to a few hundred pages. If file size is a constraint, run the redacted output through a PDF compress step.

Is the redacted output acceptable for court e-filing systems (PACER, ECF)?

The redacted PDF is a standard PDF and works in any e-filing system that accepts PDF, including PACER, state court e-filing systems and federal agencies. Most courts require that redactions be permanent (which this tool produces). Check the specific local rules for your jurisdiction: some require that redactions be flagged with the redaction stamp (a courtroom-recognised graphic identifying what kind of exemption was applied), which is a workflow on top of basic redaction. The basic deletion-and-replacement that this tool provides meets the technical requirement of permanence.

Can I redact images in addition to text?

Yes. Redaction rectangles are region-based, not content-type-based: any pixels under the rectangle are removed, whether they came from text or an image. Drawing a redaction box over a face in a photograph permanently removes the image data in that region of the page. This works for screenshots, photographs, diagrams, signatures and any other graphical content. For full-page image-only PDFs (scans), the redaction works the same way as for text-based PDFs.

Related Tools