If a Redaction Tool Uploads Your File First, Did You Really Redact Anything?
Published 9 July 2026 · 6 min read
Redaction exists for one reason: to permanently remove something from a document before it's shared — a client's account number, a witness's address, a patient's name, a salary figure that shouldn't be in the version going to the wider team. The entire point is that whoever ends up with the redacted copy should never be able to recover what was blacked out. It's a strange kind of contradiction, then, to achieve that by first uploading the fully unredacted document, containing the exact thing you're trying to hide, to a server that isn't yours.
The other thing worth knowing: cosmetic redaction isn't redaction
There's a second, separate problem that has nothing to do with uploads: a lot of "redaction" online is really just drawing a black box on top of the text, visually covering it while leaving the actual text sitting underneath, still selectable, still copyable, still present in the file's data. Anyone who selects all and pastes into a text editor, or opens the PDF in certain readers, gets the "redacted" content right back. This has caused real, publicly documented incidents where organizations released "redacted" documents that turned out to still contain the hidden information underneath the black bars.
Real redaction means the underlying content is actually deleted from the document structure, not just visually hidden behind a shape drawn on top of it.
How FormatDog's redaction tool addresses both problems
FormatDog's Redact PDF tool works entirely inside your browser using pdf-lib, and when you draw a redaction box, it doesn't just paint a black rectangle over the existing content — it rebuilds that region of the page without the underlying text or image data in it. What comes out the other end genuinely doesn't contain what you redacted, not "contains it but hides it visually." And because none of this requires a server, the unredacted original never has to leave your device at any point in the process, either.
Put together, that means the two separate failure modes — "the redaction was only cosmetic" and "the unredacted file got uploaded somewhere" — are both closed off by the same local-processing approach.
Two ways to check this yourself
For the upload question: open developer tools (F12), go to the Network tab, and redact a file. If nothing carrying your file's data shows up as outgoing traffic, it stayed on your device. For the "is it really removed" question: after redacting, try selecting text in the redacted area and pasting it elsewhere, or search the document for a word you redacted. If real redaction happened, there's nothing there to select or find.
Why this one is worth being extra careful about
Redaction mistakes have a track record of becoming public in exactly the way they were meant to prevent — court documents, government releases, and corporate disclosures have all had "redacted" versions leak the very information they blacked out, because the underlying text was still there to be copied. It's one of the few PDF tasks where doing it properly, both technically and privacy-wise, actually matters as much as it sounds like it should.