← Blog
Security · 5 min

How to redact a PDF safely

Why "black rectangle on top" isn't always enough — and how to make redactions really stick.

The trap

A black rectangle drawn on a page hides the text visually but the underlying glyphs may still live in the PDF's content stream. Copy-paste, or a forensic tool, can recover them.

When a rectangle is enough

  • The redacted region is an image (e.g. a scan).
  • The PDF will only ever be viewed on screen by trusted reviewers.
  • You re-flatten the file afterwards.

Belt-and-braces flow

  1. Use the Redact PDF tool to cover the sensitive regions.
  2. Run the output through a flattening pass — open it in PDF Info and re-save, or use qpdf --object-streams=generate redacted.pdf flat.pdf.
  3. Spot-check by selecting text underneath the redaction area.

Best practice

Treat any redacted document as if it might be re-opened by a motivated attacker. If the stakes are high (legal discovery, GDPR data subject requests), use a tool that removes the underlying objects, not just covers them.

Keep reading

Tutorial

How to merge PDF files online for free

Optimize

How to compress a PDF without losing quality