How to redact sensitive info in a PDF properly

There are two completely different things called "redaction"

Every PDF tool labelled "Redact" or "Black Out" is doing one of two things, and the gap between them is enormous.

• Visual blackout (cheap, dangerous). The tool draws a black rectangle on top of the page. The page now looks redacted. The underlying text stream is unchanged — the original characters are still sitting there in the PDF file, just visually hidden by the rectangle drawn on top. Copy-paste, automated text extraction, or any PDF-aware tool will return the original text. This is the failure mode that produced the most widely-cited modern redaction leak (the U.S. v. Manafort 2019 filing where the visually-blacked-out text was recoverable with a routine copy-paste¹).
• Permanent redaction (the right way). The tool removes the redacted content from the underlying file structure. There are two valid implementations: (a) walk the PDF content stream and delete the text-showing operators that emit the redacted glyphs (the Adobe Acrobat Pro approach, defined by the PDF specification ISO 32000-1²), or (b) rasterise the affected pages so the text stream simply does not contain any text on those pages at all — the page becomes a flat image with the black box burned in. The end result for an attacker is identical: there is nothing to recover.

The ScoutMyTool Permanent Redaction tool implements path (b), rasterisation. It is conceptually simpler than content-stream surgery, produces an equally-secure output, and runs entirely in your browser without an Adobe Acrobat Pro licence.

Step-by-step: permanently redact a PDF in your browser

The tool lives at scoutmytool.com/pdf/pdf-redaction-permanent (a common search query is the short form scoutmytool.com/pdf/pdf-redact — the canonical URL is the "pdf-redaction-permanent" one). Runs client-side, no upload, no signup.

1. Open the tool and drop your PDF. One file at a time. The file is loaded into a sandboxed memory buffer and read with pdf.js; nothing is uploaded. Confirm in the browser network tab if you want independent verification before redacting something sensitive.
2. Identify what needs to be redacted. Open the PDF in another viewer alongside the tool. Note the page numbers and approximate position of every sensitive item — names, addresses, account numbers, salaries, signatures, anything personally identifying. Make a list before you start typing coordinates; jumping back and forth between viewer and tool causes mistakes.
3. Find the (x, y, w, h) coordinates of each rectangle. PDF coordinates use points (1 inch = 72 points), origin at the bottom-left of the page, x grows right, y grows up. A US-letter page is 612 × 792 points; A4 is 595 × 842 points. For a sensitive line about halfway down a US letter, y is roughly 400; if it starts 1 inch from the left, x is 72; a typical line of body text is about 20 points tall. A visual selector is on the roadmap; for now you measure visually or with a coordinate ruler in a viewer like Preview / Foxit.
4. Enter the rectangles, one per line. The textarea takes the format page, x, y, w, h. Lines beginning with # are ignored, so you can leave comments next to each rectangle to remember what it covers (handy when you have a dozen rectangles across a 30-page filing). Example:

   # Page 1: applicant name + address
   1, 72, 700, 220, 18
   1, 72, 678, 280, 18
   # Page 1: SSN
   1, 72, 612, 130, 16
   # Page 3: salary line
   3, 100, 415, 80, 18

5. Pick the rasterisation quality. Three options: Standard (1×), Sharp (2× — recommended default), Print-quality (3×). 2× balances file size and visual sharpness for screen viewing; bump to 3× only if the recipient will print the file at 300 DPI or zoom in heavily. Going higher than 3× rarely produces a visible improvement.
6. Click "Redact PDF". The tool rasterises every page that has at least one rectangle, draws the rectangles as opaque black boxes onto the rasterised image, and replaces the original page in the PDF with the new image-only page. Pages without any redactions are left completely untouched, so file size stays reasonable.
7. Verify before sharing. Open the output and try the standard recovery attempt: click on a black rectangle, drag to select, hit Cmd-C, paste into a text editor. The clipboard should contain nothing (or at most a literal space). If you can paste the redacted text out, something went wrong — re-check that you used Permanent Redaction (not the visual-only Redact PDF tool) and that the rectangle coordinates actually covered the text.
8. Scrub metadata and comments. Redaction only handles visible page content. Run the output through Scrub PDF Metadata to wipe Author, Title, Subject, Keywords, Creator (which may auto-populate from your local app and leak your real name), and remove any embedded comments / sticky notes you do not want shared. Form-field default values are also a known leak vector — flatten or strip them if relevant.
9. If the file is now larger than you want. Rasterised pages are larger than text pages. Run the redacted output through Compress PDF; image-heavy pages compress 3–5× at default quality. If you need search across the redacted pages, run the result through PDF OCR — but be aware that OCR runs on the visible content only, so the redacted areas will produce no text (which is what you want).

How ScoutMyTool compares to Smallpdf, iLovePDF and PDF2Go

The dirty secret of every "Redact PDF" feature in the consumer SaaS PDF tools: they almost all implement visual blackout only. The user thinks the text is gone; it is not. Free permanent redaction in a browser is rare — the paid Adobe Acrobat Pro tool is the historical default.

Third-party gating, redaction implementation, size caps, and Pro-tier availability taken from each vendor's public pricing and product pages as of May 2026 and may change. "Visual blackout only" means the underlying text stream is not modified.

Pre-share checklist for genuinely sensitive PDFs

1. Used Permanent Redaction (not visual-only)? — verify with copy-paste.
2. Scrubbed metadata? — Author, Title, Subject, Keywords, Creator.
3. Removed embedded comments / sticky notes?
4. Flattened or removed form fields?
5. Checked attachments and bookmarks for stray references?
6. For court filings: confirmed with counsel that pixel-rasterised redaction satisfies the court's redaction rule (most do; a few require text-stream surgery).
7. Sanity-pass: opened the file in a different reader and tried to recover redacted content.

Related PDF tools on ScoutMyTool

• Permanent Redaction — the tool this guide is about: rasterise pages so redacted text is genuinely gone.
• Redact PDF — the find-text + visual-rectangle quick tool. Use only when the recipient does not need the redaction to be secure.
• PDF OCR — restores searchability on rasterised pages without exposing redacted content.
• Compress PDF — shrink the file after rasterising redacted pages.
• Protect PDF — add a password to the redacted file before emailing.
• PDF Editor — apply whiteout or annotations alongside redaction (whiteout alone is NOT secure redaction).
• Merge PDF — combine the redacted file with a cover letter or affidavit.

Frequently asked questions

What's the difference between visual redaction and permanent redaction?

Visual redaction draws a black rectangle on top of the page; the original characters remain in the PDF's underlying text stream. Anyone who copy-pastes from the file, opens it in a developer tool, or runs a one-line pdf-extract script can recover the redacted text. Permanent redaction rasterises the affected page (re-renders it as a high-resolution image), burns the black rectangles onto the bitmap, and replaces the original text-bearing page with that image. The underlying text is structurally gone — not just hidden, not just blacked out, gone. For anything that could appear in discovery, FOIA, court records, or a press leak, permanent redaction is the only acceptable choice.

How is the ScoutMyTool tool different from Adobe Acrobat Pro's redaction?

Acrobat Pro implements true text-stream removal: it walks the PDF's content stream, deletes the operators that emit the redacted glyphs, and patches the offsets. ScoutMyTool's Permanent Redaction takes a simpler-but-equivalent-in-effect path: it rasterises the page so the text stream no longer contains any text at all for that page (the page becomes an image). The end result for someone trying to recover the redacted text is the same — there is nothing to recover. The tradeoff is that the affected pages lose searchability and selectable text; you can re-OCR them if you need search.

Is the redacted PDF safe to share with journalists or in court?

If you used Permanent Redaction (not the visual-only Redact PDF), yes — the affected pages contain no text under the rectangles, only pixels. Standard "did the lawyers actually redact this" press disasters (the U.S. v. Manafort 2019 incident is the canonical example^{<a href="#fn-1">1</a>}) all involved visual-only blackouts where the text could be copy-pasted out. Permanent rasterisation prevents that class of failure. For maximum safety, also check the PDF metadata fields and any embedded comments / form fields with the metadata-scrub tool, since redaction does not touch those.

What about images of text inside the PDF — like a scanned ID card?

A scanned PDF page is already an image, so the redaction rectangles burn straight into the pixels with no underlying text to leak. The black box you place is the only thing there. For embedded images inside a native PDF (e.g. a screenshot embedded on page 3), the same applies once Permanent Redaction rasterises that page — the underlying image and the burn-in box become a single flat picture.

How do I find the right (x, y, w, h) coordinates for my rectangles?

PDF coordinates use points: origin at the bottom-left of the page, x grows right, y grows up, 1 inch = 72 points. A standard US-letter page is 612 × 792 points; A4 is 595 × 842 points. The easiest way to read coordinates is to open the PDF in any viewer that shows a coordinate ruler (Preview on Mac, Foxit on Windows), or measure visually: if a sensitive line is about halfway down a US-letter page, y is roughly 400; if it starts about 1 inch from the left, x is roughly 72. A visual selector is on the ScoutMyTool roadmap; for now the textarea takes one rectangle per line in "page, x, y, w, h" format.

Will the file size explode after redaction?

Only modestly. Permanent Redaction rasterises only the pages that have redactions on them — every other page passes through untouched. A 50-page PDF where you redact 2 pages will see those 2 pages grow from ~30 KB of text + a few embedded images to ~150–500 KB of rasterised image at 2× scale (the default). The other 48 pages stay the same size. If file size matters, run the redacted PDF through Compress PDF afterwards.

Does redaction touch metadata, comments, or form fields?

No — redaction only handles visible page content. PDF metadata (Author, Title, Subject, Keywords), embedded comments / sticky notes, form field default values, and embedded file attachments are separate objects and are not affected. After redacting, also run the file through Scrub PDF Metadata to wipe the metadata fields, and if you used PDF Form Fill, flatten or remove the form fields before sharing.