The Hidden Metadata in Your Word and PDF Documents
Published 11 July 2026 · 7 min read
A lawyer sends over a contract draft. An HR team shares a policy document. A job candidate submits a cover letter built from an old template. In every one of these, the visible text is only part of what's actually inside the file — and the part nobody looks at is often the part that matters most.
What a .docx file remembers
A Word document is actually a small zip archive of XML files under the hood, and several of them track information that never appears on the page. The author who created it, the name of whoever last edited it, the company name tied to the Office license used to make it, and a running revision count are all stored as plain document properties — readable by anyone who knows where to look, including several free online tools that will show you a stranger's document metadata in seconds.
If the document started life as a copy of an older file — a common shortcut, reusing last quarter's template for this quarter's memo — it can carry over the original author's name and company even though everyone involved this time is completely different. This is a genuinely common way an internal or draft document ends up quietly naming the wrong person, or the wrong company, as its source.
The part that trips people up: tracked changes don't fully disappear
Track Changes is meant to be temporary — you review edits, accept or reject them, and move on. But every insertion and deletion made while it was switched on is stored in the document's underlying XML as its own tagged element, tied to whoever made it and when. Clicking "Accept All Changes" updates what Word displays; it does not necessarily strip those XML elements from the file in every case, especially in documents that have been saved, re-opened, and edited multiple times across different reviewers. A document that looks clean on screen can still have an editable, extractable history of who deleted what, and what the original text said.
For a document that ever goes external — a contract sent to the other side of a negotiation, a legal filing, a press release before it's supposed to be public — that's the difference between "we removed the sensitive clause" and "we removed the sensitive clause, and also handed over a file that still contains it."
PDFs have their own version of this
PDFs carry a similar but smaller set of hidden fields: Title, Author, Subject, Keywords, the software that created it, and both a creation and last-modified timestamp. These are less likely to expose a whole edit history the way a Word document can, but they still routinely leak information nobody meant to share — the internal codename a document was drafted under, the actual name of whoever wrote it (which may not be the name on the letterhead), or software details that reveal more about your internal tooling than intended.
How to actually check, instead of guessing
Word has a built-in Document Inspector (File › Info › Check for Issues › Inspect Document) that scans for comments, tracked changes, and personal information, and can strip them — but it requires knowing to run it, and it's a different tool for Word files versus PDFs. FormatDog's File Privacy Report is built to answer the more basic question first: what's actually in this specific file, right now? Upload a PDF, a Word document, or a photo, and it reads back exactly what's hidden inside — author, company, dates, and for Word files specifically, whether unresolved tracked changes or comments are still present — before you decide what to do about it. Everything happens locally in your browser; the file itself is never uploaded anywhere to generate that report.
Where a field can be safely cleared — author, title, company, and similar identifying metadata — the tool's "Clean & Download" option does that in one step.
Why it doesn't try to auto-fix tracked changes and comments
This is worth being direct about: the tool will flag unresolved tracked changes and comments if it finds them, but it deliberately doesn't try to automatically resolve them. Rewriting a Word document's internal edit history correctly, for every possible document structure, is a much riskier operation than clearing a metadata field — done wrong, it can corrupt the file. If your report flags this, the safer path is Word's own "Accept All Changes" and "Delete All Comments," then a re-check, rather than trusting any tool to silently rewrite that part of the file for you.
Who this actually matters for
Anyone sending a document outside their own organization has some version of this risk, but it's sharpest for legal documents (where an opposing party recovering deleted language is a real, documented problem), HR and hiring materials, and anything drafted collaboratively before being sent externally as if it were a clean, single-author file.