Before a document goes into a discovery production or a public court filing, the protected content has to be removed — not just covered with a black box. This guide covers what gets redacted in legal work, why "redacted" filings keep leaking, the standard for true redaction, and a no-upload workflow for privileged client material.
Most courts and rules of procedure require certain categories of information to be withheld or masked before a document is produced in discovery or filed on the public docket. In practice, redaction in a legal matter falls into four buckets.
Personally identifiable information (PII). Social Security numbers, taxpayer IDs, dates of birth, financial-account and card numbers, home addresses, and the names of minors are the classic categories — many federal and state rules require them to be truncated or struck from filings as a matter of course.
Privileged and work-product material. Attorney-client communications and attorney work product that slip into an otherwise producible document have to be removed before production, typically tracked on a privilege log. A redaction here is also a privilege assertion, so the bar for getting it right is high.
Third-party confidential information. Trade secrets, the personal data of non-parties, medical records, and information covered by a protective order or confidentiality agreement are redacted to protect people and entities who aren't even part of the dispute.
Sealed exhibits and ordered redactions. When a court seals an exhibit or orders specific passages withheld, the public version on the docket has to reflect exactly that — no more visible, no less.
Court filings and government releases have been leaking "redacted" content for decades, and the cause is almost always the same: the redaction was cosmetic. A black rectangle was drawn over live text, but the underlying characters were never deleted. The words are still in the file — recoverable by selecting and copying the passage, by deleting the black box as an object, or by running ordinary text extraction.
The pattern is well documented. In 2019, a court filing by Paul Manafort's lawyers blacked out passages that reporters recovered in minutes simply by copying and pasting. Federal and state agencies, large law firms, and corporations have all shipped documents where the text under the boxes came right back out. The mistake is so common precisely because covering text and removing text look identical on screen — the filer sees a clean page and assumes the job is done.
For a lawyer, the stakes aren't just embarrassment. An improper redaction can waive privilege over the exposed material, breach a protective order, or expose a client's or third party's PII — any of which can draw sanctions, malpractice exposure, or a bar complaint. The duty of technological competence that many jurisdictions now read into the rules of professional conduct includes understanding how the redaction tool you used actually treats the file.
The standard for defensible redaction is simple to state: the protected content must be removed, not covered, and the document's metadata — author, track-changes history, comments, and hidden layers — must be stripped along with it. Two tools meet that standard.
Acrobat Pro's Redact tool genuinely removes the marked content rather than masking it, and its Sanitize Document step strips hidden metadata, layers, comments, and scripts. It's the long-standing benchmark in legal practice and the right choice when you also need OCR-searchable output, text editing, or a certificate-based signature audit trail.
The trade-off is cost, a desktop install, and an Adobe account — and the workflow runs through Adobe's software on your machine like any other desktop application.
BlackoutPDF reaches the same guarantee a different way: it flattens each page to pixels, burns the black boxes into those pixels, and rebuilds a brand-new PDF from the images. Because the output is built from scratch, there is no text layer left under the black and the original metadata doesn't survive — nothing to select, copy, or extract.
Critically for privileged and client material, it runs entirely in your browser — the file is never uploaded to any server. That removes the exposure that an upload creates in the first place.
Most online redaction tools upload your document to a server, process it there, and rely on a "we delete it later" policy. For a privileged client document, that should give you pause. An upload creates a copy outside your control — a copy that can be breached, retained beyond the stated window, handled by a subprocessor, or compelled by subpoena. A retention policy is a promise, not a guarantee, and it doesn't undo the fact that the file left your machine.
BlackoutPDF does all of its processing in the browser, on your own device. The document is read, rasterized, and rebuilt locally; nothing is sent anywhere. You don't have to take that on faith — you can turn off Wi-Fi and redact the file offline, or open your browser's DevTools network panel and confirm that no request carries your document out. For privileged or protective-order material, "it physically never left the machine" is a far stronger position than "the vendor says they deleted it."
A few notes on doing this efficiently across a production set — and an honest account of where another tool is the better fit.
Use Auto-Redact to catch patterned data — SSNs, email addresses, phone numbers, and financial-account numbers — automatically across the document. Then add custom terms for the things only you know to hide, such as party names, witness names, or a specific case identifier.
Scanned discovery arrives as images with no text layer, so pattern matching can't see the content. Run OCR first so Auto-Redact has text to match against, then mask the located passages.
For a production, apply Bates numbering so every page is uniquely identified. BlackoutPDF's merge tool handles Bates stamping when you assemble the set.
Honest constraints: BlackoutPDF's rasterized output is not OCR-searchable, and there's no certificate-based signature audit trail. If the recipient needs searchable text or you need a certified e-signature workflow, Acrobat Pro is the better fit.
BlackoutPDF removes the protected content instead of covering it: pages are flattened to pixels and rebuilt into a fresh PDF, so there's no text layer under the black and metadata is stripped. It all happens in your browser — privileged client material never gets uploaded. Free for short files; Team is $99/yr and covers your whole team at a firm.
Go deeper: why a black box isn't redaction explains how cosmetic redactions leak and how to verify yours held, and redact a PDF without uploading it details the no-upload architecture. See all guides → /guides.
Not legal adviceThis page is general information for legal professionals, not legal advice, and using it does not create an attorney-client relationship. Redaction requirements vary by jurisdiction, court, and the terms of any applicable protective order — confirm your court's rules and your obligations under your jurisdiction's rules of professional conduct, and always verify a redaction before filing or producing it.
Legal redaction generally covers four categories: personally identifiable information (Social Security and taxpayer numbers, dates of birth, financial-account and card numbers, home addresses, and the names of minors, many of which court rules require to be struck); privileged and attorney work-product passages; third-party confidential information such as trade secrets, non-parties' personal data, and material covered by a protective order; and any exhibits or passages a court has ordered sealed. The exact requirements vary by jurisdiction and court rule, so confirm what your court mandates before producing or filing.
Because the redaction was cosmetic. When a black box is simply drawn over live text, the original characters remain in the PDF's text layer, so anyone can select and copy the passage, delete the black box as an object, or run text extraction to read what's underneath. This is exactly how high-profile filings — including the 2019 Manafort filing recovered by copy-paste — and numerous government releases have leaked. The fix is true redaction, which removes the content itself rather than covering it. Improper redaction can waive privilege or breach a protective order, which is why it carries sanctions and malpractice risk.
It depends entirely on whether the tool uploads your file. Most online redaction services send the document to a server and rely on a deletion policy — which creates a copy outside your control that can be breached, retained, or subpoenaed, a real concern for privileged client material. A client-side tool like BlackoutPDF processes the document in your browser and never uploads it; you can verify this by redacting with Wi-Fi off or by watching the network panel in your browser's developer tools. For privileged or protective-order material, a tool that physically never transmits the file is the safer choice.
BlackoutPDF flattens pages to pixels and rebuilds the PDF, which makes redaction destructive but also means the output is an image — it is not OCR-searchable, and the tool does not provide a certificate-based signature audit trail. For patterned PII it offers Auto-Redact plus custom terms, OCR for scanned discovery, and Bates stamping on the merge tool for production sets. If you need searchable redacted output or certified e-signatures, Adobe Acrobat Pro is the better fit. As always, verify any redaction before you file or produce it.