How to Redact a PDF Online: Black Out Sensitive Information (2026)
Sharing a PDF that contains sensitive information is one of the most common data privacy risks in everyday professional life. A contract sent to a new vendor might contain another client's pricing. A medical referral might include a patient's full history. An HR document shared for review might list employee salaries. Proper redaction is the solution — but it has to be done correctly, or it doesn't protect anything.
This guide covers what PDF redaction actually is, why it matters, which information to redact, how to do it with PDFTash's AI redaction tool, and the difference between manual and AI-powered redaction.
What Is PDF Redaction vs. Deleting Text?
Redaction means permanently removing information from a document so it cannot be recovered. When done correctly, redacted text is replaced with a solid black box, and the underlying data is completely erased from the PDF's content stream — not just hidden from view.
This is critically different from simply drawing a black rectangle over text in a PDF editor, or changing the font colour to black. Both of those methods hide the text visually but leave the original data intact inside the PDF file. Anyone who opens the file in a text editor, copies all text, or uses "find" can still read the supposedly hidden information. High-profile data breaches have occurred exactly this way — including a famous incident where a US government legal brief had names "blacked out" with a text box that could be copy-pasted away in seconds.
True redaction, as performed by PDFTash, physically removes the data from the PDF and renders it as a genuine black rectangle that contains no underlying information.
Why Proper Redaction Matters
Professional and legal contexts where redaction is essential include:
- Court and legal documents: Filed documents often require redaction of personal identifiers (names of minors, Social Security numbers, financial account numbers) under court rules.
- Medical and healthcare: HIPAA (US) and GDPR (EU) require that patient health information is protected when sharing documents with third parties who don't need the full details.
- Human resources: Salary information, disciplinary records, and personal details of employees must be protected when sharing HR documents with auditors, lawyers, or other departments.
- Government and FOIA requests: Agencies responding to freedom of information requests routinely redact exempt information before releasing documents.
- Financial services: Account numbers, card numbers, and financial statements shared with third parties require redaction of any identifying information that isn't relevant to the recipient.
What Information Should You Redact?
Common categories of personally identifiable information (PII) and sensitive data to redact:
- Full names (when combined with other identifiers)
- Social Security numbers, national ID numbers, passport numbers
- Email addresses and phone numbers
- Home addresses and location data
- Bank account and credit card numbers
- Medical record numbers, diagnoses, and prescription details
- Salaries, financial details, and trade secrets
- Signatures and dates of birth
- IP addresses and device identifiers in technical documents
GDPR tip: Under European data protection law, even a name combined with a job title can constitute personal data. When in doubt about what to redact for compliance purposes, consult your data protection officer.
Step-by-Step: AI Redaction with PDFTash
PDFTash offers both manual redaction (you draw the black boxes yourself) and AI-powered automatic redaction (the tool identifies and redacts specified categories automatically).
- Go to pdftash.com/redact-pdf.
- Upload your PDF by clicking the upload area or dragging the file in.
- Choose your redaction mode:
- Manual: The PDF opens in a viewer. Click and drag to draw black redaction boxes over any area you want to remove. Use the page navigator to work through multi-page documents.
- AI Auto-Redact: Type the terms or categories you want redacted (e.g., "email addresses", "phone numbers", or specific names like "John Smith"). The AI scans the full document and marks all instances for your review.
- Review the marked redactions in the preview. Add or remove any marks before applying.
- Click Apply Redactions. This permanently removes the underlying data from the PDF.
- Download your redacted PDF. The black boxes in the output are permanent — the data beneath them is gone.
Manual vs AI Redaction: A Comparison
| Feature | Manual Redaction | AI Auto-Redaction |
|---|---|---|
| Best for | Specific sections, images, signatures | Large documents with repeated PII |
| Speed | Slow on long documents | Fast — scans 50+ pages in seconds |
| Accuracy | 100% for what you select | 95%+ for standard PII categories |
| Custom terms | Yes (you draw anywhere) | Yes (type any term or phrase) |
| Scanned PDFs | Yes (draws over image) | Requires OCR first |
Frequently Asked Questions
Is a black box in a PDF truly safe? Can the text underneath be recovered?
Only if the redaction was done incorrectly (e.g., by placing a black-coloured shape over the text without removing the text layer). PDFTash performs true redaction — the text data is permanently deleted from the PDF's content stream before the black rectangle is rendered. The downloaded file contains no recoverable data under the black areas.
Can redacted text ever be recovered from a PDFTash-redacted file?
No. Once you apply redactions with PDFTash and download the resulting file, the underlying data is gone. There is no undo or recovery — which is exactly the point. If you are unsure about any redaction, review the preview carefully before clicking Apply. We recommend keeping the original unredacted file in a secure location separately.
How accurate is AI redaction for detecting sensitive information?
For well-formatted text PDFs, PDFTash AI redaction achieves over 95% accuracy for standard PII categories (emails, phone numbers, SSNs, credit card numbers). Accuracy is lower for highly unstructured text or unusual formats. Always review the AI's suggested redactions in the preview before applying — you can add any missed instances manually before finalising.
Can I redact custom terms — like a specific company name or project code?
Yes. In AI Auto-Redact mode, you can type any specific word, phrase, name, or number pattern. The tool will find every occurrence of that term across all pages and mark it for redaction. This is ideal for redacting specific client names, project codenames, or internal reference numbers before sharing a document externally.
Does redaction work on mobile?
Yes, though manual redaction (drawing boxes) is easier with a touchscreen than with a mouse — it feels natural to tap and drag on a phone or tablet. AI auto-redaction works identically on mobile and desktop. No app installation is required; PDFTash runs entirely in your browser.