There's a mistake that has embarrassed governments, law firms, and major corporations more than once: someone "redacts" a sensitive document by drawing black rectangles over the confidential parts, sends it out, and the recipient simply copies the text from underneath the boxes — or removes the boxes entirely — and reads everything that was supposed to be hidden. The black boxes were never redaction. They were decoration. Understanding the difference between hiding text and removing it is the single most important thing about redacting a PDF correctly.
What redaction actually means
Proper redaction permanently removes content from the file. When you redact a name, an account number, or a confidential clause correctly, the underlying text data is deleted from the PDF — not just covered up. After proper redaction, there is nothing beneath the black box to recover, because the content no longer exists in the document.
Drawing a black box does not redact. In many PDF editors, adding a filled black rectangle over text creates an annotation layer on top of the page. The text underneath is completely intact. Anyone who receives the file can:
- Select and copy the text from beneath the box (it's still selectable)
- Delete the box annotation to reveal the text
- Extract the text programmatically, ignoring the visual layer entirely
- Search the document and find the "hidden" words
This is exactly how the famous redaction failures happened. The visual looked redacted. The data wasn't.
Warning
A black rectangle drawn over text in a PDF editor hides the text visually but leaves it fully present in the file. This is not redaction — it's a cosmetic cover-up that any recipient can trivially undo. Real redaction deletes the underlying data.
Why the difference matters
Redaction is used precisely on the documents where exposure has the most serious consequences:
Legal disclosure. Court filings and discovery documents often must have third-party personal data, privileged content, or sealed information removed. Improper redaction in a legal filing can breach a court order, expose a client, or compromise a case.
Data protection compliance. Under GDPR, HIPAA, and similar regulations, sharing a document that still contains recoverable personal data — even if it looks hidden — is a data breach. The legal exposure is the same whether the data was visible or merely concealed by a removable box.
Commercial confidentiality. Contracts shared beyond the original parties often need pricing, terms, or party names removed. If those can be recovered, the commercial harm is real.
Freedom of information responses. Public bodies responding to FOI requests must remove exempt material properly. A recoverable redaction defeats the legal exemption entirely.
How to redact a PDF properly
The correct process has three parts: find every instance, remove the data permanently, and verify nothing leaked.
1. Find every instance of the sensitive content. Use your PDF reader's search function to locate every occurrence of a name, number, or phrase across all pages — not just the obvious one. Sensitive data often repeats: a name in the body, in a header, in a signature block, in a footer.
2. Remove the data, don't just cover it. Use a redaction tool that deletes the underlying content, not one that draws a box over it. iSavePDF's Redact PDF tool removes both the visual content and the underlying text data from the areas you mark.
3. Verify the redaction held. Open the redacted file and try to select text where the redactions are. Try to search for the redacted words. If nothing is selectable and the search finds nothing, the redaction worked.
Redact a PDF without uploading it
There's an obvious problem with online redaction tools: to redact a sensitive document, you'd have to upload the unredacted version — the one full of the exact content you're trying to protect — to someone else's server. That's the opposite of what redaction is for.
iSavePDF's Redact PDF tool runs entirely in your browser. The unredacted document never leaves your device.
- Open the Redact PDF tool
- Drop your PDF onto the upload zone
- Draw rectangles over every area you need to remove, across all pages
- Click Apply Redactions — this permanently deletes the underlying content
- Download the redacted PDF and verify the content is gone
Free tool
Redact a PDF free — your file never leaves your browser
Black out sensitive content on PDF pages.
Try Redact PDFDon't forget the metadata
Visible page content isn't the only place sensitive information hides in a PDF. The document's metadata — author name, title, subject, keywords, and creation software — can contain identifying information. So can comments, annotations, and tracked changes. For a thorough redaction of a legally sensitive document:
- Clear the PDF metadata (author, title, keywords) using a PDF editor
- Remove or flatten any annotations and comments
- Check for hidden layers or invisible text
Note
After redacting, consider running the file through Flatten PDF to convert any remaining annotations and form fields into static content. This removes interactive layers that could otherwise carry hidden information.
A note on what redaction can't do
Even proper redaction has limits. If a redacted value can be inferred from context — a redacted salary that's the only number consistent with the visible total, a redacted name that's obvious from the surrounding text — removing the characters doesn't remove the information. Redaction handles the data on the page; it can't handle what a clever reader can deduce. For highly sensitive disclosures, consider whether the surrounding context needs adjusting too.
FAQ