Skip to content
PDF 8 min read

How to Redact a PDF: Permanently Remove Sensitive Information

Learn the difference between whiteout and true redaction, how to permanently remove text from PDFs by flattening to images, and when redaction is legally required for compliance.

ToolsVito Team

Redaction vs. Covering Up: The Critical Difference

In 2019, a court filing used black rectangles to "redact" text. Someone copy-pasted the PDF content into a text editor, and every redacted word appeared. This happens constantly. A black box drawn on top of text is a visual overlay — the underlying text remains in the PDF's text stream, fully selectable and searchable. True redaction removes the content entirely from the file and replaces the area with a rendered image so nothing remains to extract.

When Redaction Is Legally Required

Several regulations mandate true redaction of personal data before documents are shared:

  • HIPAA (healthcare): Patient names, medical record numbers, dates, and biometric identifiers must be removed before sharing records.
  • GDPR (EU): Personal data must be removed when responding to data subject access requests that involve third-party information.
  • FOIA responses: Government agencies must redact classified, personal, or law-enforcement-sensitive content before releasing documents.
  • Court filings: Social security numbers, financial account numbers, dates of birth, and minor names must be redacted in public filings.
  • Business contracts: Pricing terms, trade secrets, and customer lists shared during due diligence or litigation.

In each case, a black box is legally insufficient. The redaction must be permanent and irreversible.

How True Redaction Works

Proper PDF redaction follows a technical process:

  1. Identify: You mark the areas to redact — rectangles covering text, images, or regions of the page.
  2. Remove: The tool deletes the underlying content objects (text runs, images, vector paths) from the PDF's internal data structure.
  3. Flatten: The redacted area is rendered and rasterized — turned into an image at the page level. This eliminates any remaining selectable or searchable content in that region.
  4. Sanitize: Metadata, annotations, embedded thumbnails, and revision history are stripped from the output file.

After this process, nothing selectable remains where the redaction marks were placed. Copy-pasting yields nothing.

Common Redaction Mistakes

  • Using annotation tools: Drawing rectangles or highlights in a PDF viewer's annotation mode doesn't remove anything.
  • Forgetting metadata: The document title, author name, and file path can contain sensitive information. Strip metadata before sharing.
  • Leaving searchable text: Always search the output PDF for the redacted terms to verify nothing leaked.
  • Redacting images of text: Scanned documents require OCR first, or the entire text region must be redacted as an image block.
  • Sharing the source file: The original unredacted PDF must never be shared — only the redacted output.

Verify Your Redactions

After redacting, perform three checks on the output file: (1) search for the redacted terms, (2) try to copy-paste text from the redacted areas, (3) open the file in a plain text editor and search for the sensitive strings in the raw data. If any of these succeed, the redaction failed.

Redact a PDF Securely

Open your PDF in ToolsVito's Redact PDF tool. Mark sensitive areas, click apply, and download a truly redacted copy — all processed in your browser. Nothing is ever uploaded to a server.

Try it now — free, runs in your browser

Redact PDF

Black out & truly remove
All articles

More articles

Encode & Decode Base64 Encoding & Decoding: The Complete Developer Guide 7 min Security JWT Explained: Decoding JSON Web Tokens Without a Library 8 min Security MD5, SHA-1, SHA-256: Hash Functions Compared for Developers 9 min