Redaction, done right
How to redact a PDF without uploading it
Short answer: you can. QuillPDF redacts a PDF entirely in your browser — the tool never uploads your file to any server — and it removes the content underneath the mark instead of just drawing a black box over it. For a sensitive document, both of those matter.
The “black box” trap
The most common redaction mistake is covering text with a black rectangle. In most PDF editors that rectangle is just a shape drawn on top of the page — the original text and image data are still in the file. Anyone who receives it can select the text under the box, copy it, extract it with a script, or delete the box entirely. Newspapers, courts, and government agencies have all leaked information exactly this way.
Real redaction has to remove the content beneath the mark, not hide it.
How QuillPDF removes the content: rasterize-on-redact
When you export a redacted PDF from QuillPDF, each region you marked is flattened to an image with the sensitive content painted out. The text and vector data beneath the mark are gone from the exported file — there is nothing left to select, copy, or recover in the redacted area.
That is a real trade-off worth knowing: redacted pages become images, so they are no longer searchable and the file can grow. We think that is the right default for redaction — the point is that the removed content is actually removed. The exact mechanism and its costs are documented on our transparency page.
Why redacting in your browser matters
Most online PDF tools upload your file to a server, process it, and send the result back. For redaction that is backwards: the unredacted, plaintext original is what travels to and is processed on someone else's infrastructure. QuillPDF runs every tool in your browser tab, on your own hardware — the original never leaves your device, so there is no server-side copy to leak, log, or be compelled to hand over. Once the page has loaded, redaction even works with your network disconnected.
Redact a PDF in four steps
- Open the Redact PDF tool and choose your file — it loads into the page, not onto a server.
- Draw a mark over every area you need to remove.
- Export. QuillPDF rasterizes each marked region so the content beneath is removed.
- Open the exported file and confirm nothing under the marks is selectable before you share it.
Questions people ask
Can you redact a PDF without uploading it to a server?
Yes. QuillPDF's Redact tool runs entirely in your browser tab — the tool never uploads, transmits, or stores your file on any server. You can confirm it yourself: open your browser's DevTools Network tab while you redact, and you'll see no file leave your device.
Does drawing a black box over text actually remove it?
No — and this is the common, dangerous mistake. In many PDF editors a black rectangle is just a shape drawn on top of the page. The text and image data underneath are still in the file, so anyone can select, copy, or extract them, or simply delete the box. Real redaction has to remove the content beneath the mark, not cover it.
How does QuillPDF actually remove the redacted content?
QuillPDF uses rasterize-on-redact: the region you mark is flattened to an image with the sensitive content painted out, so the underlying text and vector data beneath the mark are gone from the exported file — not hidden under a rectangle. There is nothing left to select, copy, or recover in the redacted area.
Why does client-side redaction matter for sensitive documents?
If a document contains anything confidential — legal filings, medical records, financials, PII — uploading it to a third-party server means the plaintext, unredacted file travels to and is processed on someone else's infrastructure before the redaction happens. Redacting in your browser means the original file never leaves your device, so there is no server copy to leak, log, or subpoena.
Is QuillPDF's redaction free?
Yes. QuillPDF is free, requires no account, and is in open beta. It does not upload or monetize your documents; development is supported by optional GitHub Sponsors donations.
Is QuillPDF a HIPAA-compliant service for redacting PHI?
Not in the certification sense — and for redaction, the architecture matters more than a certificate. Because the tool runs entirely in your browser, your file never reaches us to begin with: there is no server copy of the unredacted document to leak, log, or subpoena. That is a stronger protection than a vendor holding your PHI under a BAA, not a weaker one. You stay responsible for your own device, and it is always worth reviewing a redacted export before you share it.