How to Redact a PDF — Permanently Remove Sensitive Information

Redaction vs. Covering: A Critical Difference

Drawing a black rectangle over text in a PDF editor is not redaction. The text is still in the file — anyone can copy it, search it, or remove the rectangle to reveal it. This mistake has caused real-world data breaches: court documents with "redacted" names that could be selected and pasted, government reports with social security numbers hidden behind a black box that could be lifted in seconds.

True redaction permanently deletes the underlying data from the PDF, replacing it with an opaque mark. Once applied, the original content is gone — it cannot be recovered by any tool. This is the only safe method for removing sensitive information from documents you plan to share.

When to Redact a PDF

Redaction is necessary any time you need to share a document while withholding specific information:

• Removing Social Security numbers, ID numbers, or financial details before sharing with third parties
• Stripping confidential clauses from contracts shared with non-parties
• Censoring personal information in public records or FOIA responses
• Hiding patient data in medical records shared for research or audit
• Removing proprietary formulas or trade secrets from technical documents
• Preparing court filings where certain information is sealed

If you're unsure whether to redact or simply delete pages, the rule is simple: redact when you need to keep the document structure intact but hide specific content within it. Use page deletion when entire pages should be removed.

How to Redact a PDF Properly

1. Browser-Based Redaction

FileKit's Redact PDF tool lets you draw redaction areas on any page. When you apply the redaction, the content under each area is permanently removed from the file — not just covered. The tool renders each page as an image and reconstructs the PDF, ensuring no hidden text layers survive. Everything happens in your browser, which is critical for documents containing sensitive information — the file never leaves your device.

2. Adobe Acrobat Pro

Acrobat's dedicated Redact tool (Tools → Redact) follows a two-step process: first you mark areas for redaction (shown as red outlines), then you apply the redactions in a separate step (converting them to permanent black boxes). This two-step approach lets you review before committing. Acrobat also offers a "Remove Hidden Information" feature that strips metadata, hidden text layers, comments, and embedded objects — a step you should always take after redacting.

3. LibreOffice Draw (Free Desktop Option)

Open the PDF in LibreOffice Draw, which converts it to an editable format. You can then select and delete text objects directly. Export back to PDF when done. This approach works but has a significant downside: the conversion may alter formatting, fonts, and layout. It's best for simple documents.

The Redaction Workflow

A proper redaction process has five steps, not just one:

1. Identify sensitive content. Search the document for names, numbers, addresses, and any information that needs to be hidden. Use Ctrl+F / Cmd+F to find specific terms.
2. Mark areas for redaction. Draw redaction boxes over each piece of sensitive content. Be generous with your selection — it's better to redact slightly more than to leave a partial phone number visible.
3. Apply redactions. This is the irreversible step that permanently removes the content.
4. Remove hidden metadata. Strip document properties, comments, hidden text layers, and edit history. In FileKit, you can flatten the PDF to remove all interactive layers.
5. Verify the result. Try selecting and copying text from the redacted areas. Try searching for terms you redacted. If anything is still findable, the redaction was not applied properly.

Common Redaction Mistakes

• Using highlight or rectangle annotation tools. These are cosmetic overlays that can be removed by any PDF editor. The text beneath is fully extractable.
• Changing text color to white. Invisible to the eye but still present in the file. Select all → paste into a text editor reveals everything.
• Forgetting metadata. The document properties (File → Properties) may contain author names, organization names, edit timestamps, and revision history that leak information.
• Not checking hidden layers. Some PDFs have OCR text layers behind scanned images. Redacting the visible image doesn't touch the hidden text layer — it must be removed separately.
• Incomplete coverage. Leaving a few digits of a social security number visible (e.g., "XXX-XX-1234") combined with other information in the document may be enough to identify someone.

After Redaction: Additional Security Steps

Redaction removes visible content, but consider these additional measures:

• Flatten the PDF to merge all layers and remove form fields, annotations, and JavaScript.
• Password-protect the file if it still contains sensitive information that isn't redacted.
• Compress the result to remove any unused data streams left behind.

Legal Considerations

In legal and government contexts, improper redaction can have serious consequences. Courts have sanctioned attorneys for inadequate redaction that revealed sealed information. Regulatory bodies may impose fines for improperly redacted personal data under GDPR, HIPAA, or similar privacy laws. If you're handling documents with legal obligations, always verify your redaction with the five-step workflow above and consider having a second person check the result before distribution.