What if I redact the wrong text?

Because Secure Mode redaction is irreversible, you'd need to start over from the original unredacted document. Always keep an unredacted copy in a secure location before redacting. For high-stakes documents, redact a working copy first, review thoroughly, then apply redactions to the final version.

Redact PDF Text Locally

Written by The PDFOutfit Team

Updated Feb 4, 2026 • 7 min read

🔑 Key Takeaways

Permanent removal — Redacted text is gone. Not hidden. Not covered. Gone from the file.
Two modes — Secure redaction (the default) flattens pages to images and truly removes the text; the optional visual-cover mode only draws boxes and leaves the text recoverable.
Batch redaction — Find and redact all occurrences of sensitive text across every page at once.
100% local processing — Your sensitive documents never leave your device. No server. No upload. No risk.
Flexible options — Case-sensitive matching, customizable redaction colors, search or draw modes.

Quick Answer

Redact Text permanently removes sensitive information from PDFs. Enter the text you want hidden (like a name or SSN), and the tool finds and blacks out every occurrence across all pages. Processing happens locally in your browser—your confidential documents never touch a server.

🛡️ Why Local Processing Matters for Redaction

When you're removing Social Security numbers, client names, or confidential financial data from documents, the last thing you want is that information traveling to a third-party server. PDFOutfit processes your redaction entirely in your browser:

No upload: Your file never leaves your device
No storage: Nothing is saved anywhere
No exposure: The sensitive data you're redacting is never transmitted
No trust required: You don't have to trust us—your data literally never reaches us

Real vs. Fake Redaction: Why It Matters

Not all redaction is real. Some tools just draw a black rectangle over text. The text is still there—hidden, but extractable. Copy-paste, text extraction tools, or simple PDF manipulation can reveal everything you thought you hid.

This has caused actual disasters.

Court documents with "redacted" witness names that were actually just black boxes over selectable text. Legal filings where confidential settlements were "hidden" but fully recoverable. Government reports with sensitive data exposed because someone used the highlight tool instead of actual redaction.

🚨 Fake Redaction Methods (Avoid These)

Black highlighting: Text remains selectable and extractable underneath
Drawing shapes: Rectangles can be moved or deleted, revealing text
Image overlays: Can be removed in PDF editors
Low-opacity fills: Sometimes text is even visible through the "redaction"

Real redaction removes the text from the file entirely.

When you use PDFOutfit's Redact Text, the sensitive content isn't hidden—it's deleted from the document data. There's nothing to uncover because the information no longer exists in the file.

Secure Redaction vs. Visual Cover

The tool defaults to secure redaction, which truly removes the text. You can switch to a visual-cover-only mode, but it leaves the underlying text in the file where it can be recovered—so use that only for non-sensitive markup.

Visual cover only

Opt-out — text is NOT removed

Draws solid rectangles over the text
Underlying text stays in the file
Can be copied or extracted from the output
Keeps text searchable, smaller file
Only for non-sensitive visual markup

Default · Recommended

Secure redaction

Flattens pages to images

Every page is flattened to an image
Text is completely removed and unextractable
No hidden text or data layers remain
Larger file, no longer searchable
Recommended for anything sensitive

When to Keep Secure Redaction On

Keep Secure redaction on—it's the default—whenever the consequences of data exposure would be serious: legal filings, HIPAA-protected medical records, documents with financial account numbers. The tradeoff is larger file sizes and loss of text searchability, which is the right price for guaranteed removal.

💡

Secure redaction is on by default—it's the only mode that actually removes the text. If you switch it off, the tool just draws boxes over the text and the original characters stay in the file, where they can be copied or extracted. Only do that for non-sensitive visual markup, and always verify by trying to select and copy the redacted area in the output.

What Should You Redact?

Common types of sensitive information that require redaction before sharing documents:

🔢 Identification Numbers

Personal identifiers

Social Security Numbers (SSNs)
Driver's license numbers
Passport numbers
Employee ID numbers
Student ID numbers

💰 Financial Data

Accounts and transactions

Bank account numbers
Credit card numbers
Routing numbers
Transaction details
Salary/compensation figures

👤 Personal Information

Names and contact details

Names (when confidentiality required)
Home addresses
Phone numbers
Email addresses
Dates of birth

🏥 Medical Information

HIPAA-protected data

Patient names
Medical record numbers
Diagnosis information
Treatment details
Insurance policy numbers

⚖️ Legal Information

Case-sensitive details

Witness names
Settlement amounts
Case numbers (when protected)
Confidential terms
Minor's identifying information

🏢 Business Data

Proprietary information

Trade secrets
Client names
Pricing information
Internal reference numbers
Confidential strategies

Batch Redaction: Find All Occurrences

A 50-page contract might have a client's name on every page. Manually finding and redacting each instance would be tedious and error-prone.

Batch redaction solves this.

Enter the text you want redacted (like "John Smith" or "123-45-6789"), and the tool automatically finds and redacts every occurrence across all pages. One search, complete coverage.

How Batch Redaction Works

Enter search term: Type the exact text you want to hide
Case-sensitive option: Match exact capitalization or ignore case
Review matches: See how many occurrences were found
Redact all: Every match is redacted in one action
Multiple terms: Redact different text strings in sequence

📋 Example: Redacting a Client Name from a Contract

You have a 40-page service agreement with "Acme Corporation" appearing 87 times. Enter "Acme Corporation" in the search field, enable case-insensitive matching to catch "ACME Corporation" and "acme corporation" too, and click redact. All 87 instances are blacked out. Done in seconds, with zero missed occurrences.

⚠️ Check for Variations

People's names and company names often appear in multiple forms. After redacting "John Smith," also check for "J. Smith," "Smith, John," "Mr. Smith," and any nicknames. Run separate redactions for each variation to ensure complete coverage.

How Redaction Goes Wrong: Real-World Failure Modes

Most leaked confidential documents weren't hacked. They were redacted incorrectly and published.

Understanding how redaction fails is the only way to make sure yours doesn't. Here are the four patterns that have leaked some of the most consequential documents of the past two decades.

Failure 1: Black Box Over Visible Text

A black rectangle is drawn on top of text. The text underneath is untouched — it's just hidden visually. Anyone who copies the text out of the PDF, or selects it, or runs a text-extraction tool gets the original content.

Famous example: The 2019 Paul Manafort court filing. The defense filed a PDF with black boxes over key passages. Within hours, journalists copy-pasted the text underneath, exposing Manafort's contacts with a Russian intelligence officer. The filing had to be re-submitted.

Failure 2: White Highlight or Background Match

Sensitive text is highlighted in white (or the document's background color) so it appears invisible. The underlying text remains in the document's text layer — exactly the same recovery problem as the black box.

Common in: Government FOIA responses created with cheap editing software. Recovered by anyone running "Select All" and copying into a text editor.

Failure 3: Metadata Survival

The visible text is properly redacted, but the PDF's metadata still contains the original information — author name, organization, original filename, edit history, tracked changes, comments, embedded objects, even thumbnail images of unredacted pages.

Famous example: The 2008 U.S. military report on the death of NSA contractor — properly redacted in the body but the original author's name appeared in document metadata, identifying the source of the leak investigation.

Failure 4: Image Layer Bypass

The text layer is redacted, but the underlying image (scanned page or raster background) still shows the original content. Common in scanned legal documents where text recognition added a hidden text layer on top of a picture of the page.

Recovery method: Zoom in on the image layer, screenshot the "redacted" region, run OCR. The image layer was never modified.

How PDFOutfit Prevents These Failures

PDFOutfit's Secure Mode is designed specifically to avoid all four failure modes:

Text removed, not covered. The actual characters are deleted from the PDF's text layer — there's nothing underneath to copy.
Permanent black overlay. A visual block replaces the redacted region so the page still looks complete, but it can't be removed because there's no original text to expose.
Use Flatten PDF after redaction to remove any layer artifacts and bake the redaction into the static page content. Flatten PDF turns the document into a series of fixed images plus a clean text layer.
Use Edit Metadata afterward to clear author, subject, keywords, and creation history. Edit Metadata exposes and clears every metadata field.

Recommended Workflow: Court-Ready Redaction

1. Redact in Secure Mode → 2. Flatten the PDF → 3. Edit Metadata to clear author/history → 4. Verify by copy-pasting the "redacted" region into a text editor (should produce nothing). Only after this 4-step verification should you send or publish.

Compliance Use Cases

Proper redaction isn't just good practice—it's often legally required.

📋 Common Compliance Requirements

HIPAA (Healthcare): Patient identifiers must be removed before sharing medical records with unauthorized parties. This includes names, dates, account numbers, and any other data that could identify a patient.
FERPA (Education): Student educational records require redaction of personally identifiable information before disclosure to third parties.
Court Filings: Many jurisdictions require redaction of SSNs, financial account numbers, dates of birth, and names of minors from public court documents.
FOIA/Public Records: Government agencies must redact exempt information (personal data, trade secrets, security information) before fulfilling public records requests.
GDPR (EU): Personal data must be anonymized or redacted when sharing documents where the data isn't necessary for the purpose.

✓ Redaction Best Practices for Compliance

Always use real redaction tools, never black highlighting
Use Secure Mode for highly regulated documents
Verify redaction by attempting to select/copy text in the output
Keep an unredacted copy in a secure location
Document what was redacted and why (for audit trails)

HIPAA Safe Harbor: The 18 Identifiers

HIPAA's Safe Harbor method (45 CFR §164.514(b)(2)) defines protected health information as anything containing any of 18 specific identifier types. To share a record under Safe Harbor, all 18 must be redacted:

Names
Geographic subdivisions smaller than a state
Dates (except year) related to the individual
Telephone numbers
Fax numbers
Email addresses
Social Security numbers
Medical record numbers
Health plan beneficiary numbers
Account numbers
Certificate/license numbers
Vehicle identifiers (incl. license plates)
Device identifiers and serial numbers
Web URLs
IP addresses
Biometric identifiers
Full-face photos and comparable images
Any other unique identifying characteristic

Missing any one of these can void Safe Harbor protection. Use batch redaction to systematically remove each identifier type in sequence.

GDPR Article 17 vs Redaction

The GDPR "right to erasure" (Article 17) is often confused with redaction — they're different obligations:

Article 17 (right to erasure): When triggered, you must delete the data entirely from your systems — not redact, not pseudonymize, delete. Backups, logs, derivative records, everything.
Article 32 (security of processing): Requires "appropriate technical measures" to protect data. Redaction qualifies when sharing documents externally — but doesn't satisfy a Article 17 erasure request.
Pseudonymization (Article 4): Replacing identifiers with codes is a separate concept. Pseudonymized data is still personal data under GDPR; redacted/erased data is not.

FOIA Exemption Codes

Federal agencies responding to FOIA requests typically annotate redactions with exemption codes:

Exemption 1: National defense / foreign policy classified
Exemption 2: Internal personnel rules and practices
Exemption 3: Specifically exempted by other statute
Exemption 4: Trade secrets and commercial information
Exemption 5: Deliberative process / attorney-client / work product
Exemption 6: Personal privacy
Exemption 7: Law enforcement records (sub-categories A through F)
Exemption 8: Financial institution supervision
Exemption 9: Geological and geophysical information

When redacting for FOIA response, mark each redaction with the applicable exemption code in the surrounding text (e.g., "[Redacted — b(6)]"). Add Watermark can stamp the page with the responding agency's details and FOIA case number for audit-trail purposes.

Attorney-Client Privilege and Work Product

Document productions in discovery typically require redaction of:

Attorney-client communications — Any text revealing legal advice between attorney and client, even when surrounding non-privileged text is produced
Work product — Mental impressions, conclusions, opinions, or legal theories of an attorney prepared in anticipation of litigation (Federal Rule 26(b)(3))
Joint defense / common interest communications between co-defendants or co-counsel

Always use Secure Mode for privilege redactions. A privilege waiver from incomplete redaction has resulted in malpractice claims and case-dispositive sanctions.

How to Redact Text

Upload your PDFDrop the file or click to browse (max 10MB). Your document stays in your browser.

Enter text to redactType the sensitive text you want to hide. The tool finds all occurrences automatically.

Keep secure redaction onSecure redaction is the default and truly removes the text. Switch to visual-cover only for non-sensitive markup—it leaves the text recoverable.

Download redacted PDFClick "Redact Text" and your document downloads with all sensitive information permanently removed.

When Redaction Isn't Enough

Redaction is the right tool when you need to share a document with specific information removed. Sometimes a different tool is the better answer.

If you need to delete the document entirely

For GDPR Article 17 right-to-erasure requests, redaction is not enough — the data must be permanently removed from all systems including backups. Delete the file, purge backups according to your retention policy, and document the deletion.

If the entire document is sensitive

Don't redact 80% of every page. Either don't share it, or rebuild the necessary information as a new document with only the non-sensitive content. Heavily-redacted documents leak information through the structure of what's left visible (paragraph lengths, headings, page counts).

If you need to restrict who can open it

Redaction doesn't control access — it removes content. To require a password to open or modify the document, use Add Password. The two tools serve different purposes: redaction removes information from the document; encryption controls who can read what remains.

If you need to remove entire pages

For a document where some pages are confidential and others are public, use Delete Pages. Removing pages is faster, cleaner, and impossible to reverse — versus redacting every line on every confidential page.

If you need to remove form data, annotations, or comments

Redaction targets visible text. Hidden fields, form data, comments, and tracked changes need Flatten PDF to bake interactive elements into the static page and remove the underlying interactive layer.

Redact Text vs Other Approaches

There are at least six different things people mean when they say "hide this content." Knowing which tool maps to which intent saves time and prevents data leaks.

Approach	Removes underlying data?	Best for
Redact Text (Secure Mode)	Yes — text deleted, overlay added	HIPAA, FOIA, privilege, court filings
Black highlight / shape over text	No — text still in document	Nothing. This is the Manafort failure mode.
White highlight / background-color text	No — text still in document	Nothing. Trivially recoverable.
Delete Pages	Yes — entire pages removed	Whole-page confidential sections
Add Password (encrypt)	No — data remains, just locked	Limiting who can open / edit
Flatten PDF	Removes interactive layer, not text	Form data, comments, annotations
Edit Metadata + Delete file	Yes — full removal	GDPR Article 17 erasure

Decision rule

Want to share the document with some content removed? Use Redact Text (Secure Mode), then Flatten, then Edit Metadata to clear hidden traces.

Want to limit who can read it? Use Add Password.

Want to remove the document from existence? Delete the file and purge backups per your retention policy. Redaction is not deletion.

Frequently Asked Questions

Is the redaction permanent?

With Secure redaction—which is the default—yes. The page is flattened to an image, so the redacted text is removed from the file and can't be recovered. If you turn Secure redaction off, the tool only draws a box over the text and the underlying characters stay in the file, where they can be copied or extracted. Always verify by trying to select and copy the redacted area, and keep your original unredacted document in a secure location.

What is Secure redaction?

Secure redaction—on by default—converts each page to an image after applying the redaction boxes. There's no text layer left at all, just pixels, so the hidden text is completely unextractable. It's what makes the redaction truly permanent; only turn it off for non-sensitive visual markup.

When should I keep Secure redaction on?

Keep it on—it's the default—for HIPAA-protected medical records, documents containing SSNs or financial account numbers, legal filings, or any document where data exposure would have serious consequences. Only switch it off for non-sensitive visual markup, where leaving the text recoverable doesn't matter.

Is my file sent to a server?

No. All processing happens locally in your browser. Your document—and the sensitive information you're redacting—never leaves your device. We can't see what you're redacting because the data never reaches us.

Can I redact images or areas, not just text?

Yes. The tool offers both Search Text mode (find and redact text across all pages) and Draw Boxes mode (visually select areas to redact on any page). Use Draw Boxes for redacting images, logos, signatures, or any visual content.

How do I verify the redaction worked?

Open the redacted PDF and try to select or copy the area where the sensitive text was. You should see the redaction box, but no selectable text underneath. You can also use Extract Text on the redacted file—the removed text should not appear.

Is Redact Text free?

Yes. Guest users get 2 free uses per day. Free accounts (email signup, no credit card) get 5 daily. Pro subscribers get unlimited access to all 18 PDF tools.

What if I need to redact different text variations?

Run multiple redaction passes. First redact "John Smith," then run again for "J. Smith," then "Smith, John." The tool allows you to perform sequential redactions before downloading the final document.

Can redacted text be recovered?

If redaction is done correctly (Secure Mode in PDFOutfit), no. The underlying text is deleted from the PDF, not just visually covered. If someone used the wrong tool—a black highlight, a shape over text, or a white-text-on-white-background trick—the text remains in the document and can be recovered by selecting and copying the "redacted" region. Always verify your redaction worked by trying to copy from the output.

Does PDFOutfit also remove document metadata?

No—Redact Text removes only the visible text you specify. PDF metadata (author, title, edit history, embedded thumbnails) can still contain identifying information. After redacting, run the file through Edit Metadata to clear those fields, and Flatten PDF to remove any hidden layers.

Is image-based redaction safer than just covering the text?

Yes. Secure redaction (the default) converts each page to a flat image, eliminating the text layer entirely, so nothing can be copied or extracted. Simply covering text with a box leaves the original characters in the file, where they can be recovered—that is not real redaction. The trade-off for the image approach is a larger, non-searchable PDF, which is the right call for any sensitive document.

What does HIPAA require for proper redaction?

HIPAA's Safe Harbor method requires removing all 18 specific identifier types (names, dates, addresses, SSNs, medical record numbers, etc.) before a record can be shared as de-identified. The Privacy Rule also requires that the covered entity have no actual knowledge that the remaining information could re-identify the individual. Use Secure Mode and verify each identifier type — see the Compliance Use Cases section above for the full list.

Does GDPR right-to-erasure mean the same thing as redaction?

No. GDPR Article 17 (right to erasure) requires DELETION of the data from all systems, including backups. Redaction is a separate concept—it removes data from a document for sharing purposes, but the original document still exists. For an Article 17 request, you must delete the file itself, purge it from backups per your retention policy, and document the deletion.

Can I use Redact Text for court-admissible redaction?

Yes, when done correctly. Use Secure Mode, then Flatten PDF, then Edit Metadata to clear hidden fields. Verify by copying from the redacted region (should produce nothing). For privilege redactions in litigation, document what was redacted and the basis (privilege, work product, etc.)—many courts require a privilege log alongside the redacted production.

Related PDF Tools

Redact Text works well with these other tools in the PDFOutfit toolkit:

Redact Text

Security Options