Why “redacted” documents keep leaking
Every few months the same story runs: a court filing, regulatory disclosure, or corporate document published with black boxes — and reporters recover the hidden text with select-all and copy. It has exposed sealed grand-jury material, merger terms, and identities of confidential witnesses.
The mechanics of the failure
PDF is a layered format. Text lives in content streams; annotations and shapes are drawn on top. A black rectangle is just another object in the stack. Unless the underlying text object is deleted or the page rebuilt, the "redacted" content ships inside the file to everyone who receives it.
People fail this way because visual feedback lies: on screen, covered text looks gone. There is no visible difference between a cosmetic box and a true redaction — until someone checks.
Adjacent failure: metadata and history
Even when page text is handled, files carry author fields, revision data, and sometimes embedded previews of earlier versions. Redaction that ignores the container is half a redaction.
The fix is structural, not procedural
Training people to "remember to sanitize" fails at scale. The reliable fix is using a method where failure is impossible by construction: flattening. Re-render every page as an image with redactions burned in, rebuild the document from those images, and the sensitive text simply does not exist in the output — nothing to copy, nothing to extract, no metadata carried over.
RedactSafe uses exactly this method, and runs entirely in your browser so the unredacted original is never uploaded anywhere. Free to use; verify it yourself with your network tab open.
Redact a PDF now — nothing gets uploaded