PDFs carry more than the text you see on the page. Resumes, contracts, tax forms, medical records — they often contain hidden metadata, unremoved edits, or no protection at all. Here's how to keep your PDFs safe, without installing anything or uploading your files to a stranger's server.

1. Strip hidden metadata before sharing

Every PDF stores metadata: author name, software used, sometimes even GPS location if it was scanned from a phone. Before sending a document externally, remove this info.

Why it matters: A leaked author field once revealed an anonymous whistleblower's identity in a real court case. Metadata is invisible until it isn't.

2. Password-protect sensitive documents

If a PDF contains financial, medical, or legal information, add a password. This is a two-second step that stops casual access if the file ends up in the wrong inbox or synced folder.

Tip: Share the password separately — by text or call, never in the same email as the file.

3. Redact, don't just cover

Drawing a black box over text in a PDF viewer often doesn't delete the underlying text — it just hides it visually. Anyone can select and copy "redacted" text if it wasn't properly removed. Always use a tool that actually deletes the content, not just draws over it.

4. Watch out for embedded links and JavaScript

PDFs can contain clickable links or, rarely, embedded scripts. Be cautious opening PDFs from unknown senders, and avoid enabling "trust this document" prompts unless you know the source.

5. Compress before you delete — not after

When people compress a PDF to shrink file size, some tools keep old cached versions of removed pages or content in the file structure. Always compress after you've made your final edits, not before.

6. Prefer client-side tools for sensitive files

Many free PDF tools upload your file to a server to process it — meaning your resume, ID, or contract briefly lives on someone else's machine. Client-side tools process everything using your browser's own engine, so your document stays on your device from start to finish.

7. Check before you share — every time

Before hitting send, ask:

  • Does this PDF have metadata I don't want visible?
  • Is it password protected if it needs to be?
  • Did I use real redaction, or just a black box?

A 10-second check prevents most PDF privacy mistakes.


Protect your PDFs right now

PaperStack's redaction, password protection, and metadata removal tools run entirely in your browser — no uploads, no servers, no data left behind.

Explore Free Tools →