Why Secure a PDF Before Sharing
When you export a PDF from Word or Google Docs it usually carries the author's real name and organization, creation and edit timestamps, the software version, and sometimes tracked-changes history or "resolved" comments β none of it visible on the page. For legal, medical, financial, or business documents shared with a counterparty, that hidden layer is a real confidentiality risk. (For the full list of hidden data, how PDF encryption works, and documented leak cases, see the Learn article on PDF security.)
Secure a PDF in 5 Steps
- 1Inspect the metadata first. Open Document Properties in your PDF viewer to see the embedded author name, organization, creation software, and modification history β all of it transmitted automatically every time you share the file.
- 2Redact properly, never visually. True redaction overwrites the underlying text; drawing a black rectangle leaves the words fully selectable and searchable beneath it. Use a tool that certifiably deletes the data, not one that just covers it.
- 3Strip the metadata. Use a browser-based tool like PrivaPDF to remove the embedded author, organization, software, and revision history before the file goes out β or "print to PDF" from a fresh viewer to drop most of it.
- 4Add AES-256 password protection. Set an open password (required to view) and, where supported, a permissions password to block copying, printing, or editing by the recipient.
- 5Deliver safely. Send the password through a different channel than the file itself (a phone call or message β never the same email), then ask the recipient to confirm receipt so you can delete the copy from cloud storage and your sent folder.
PDF Security Best Practices
When you need a clean, metadata-free version of a document, print to PDF from a fresh application rather than exporting from the original source software β this typically strips most embedded metadata and revision history. For legally binding redaction β court filings, legal discovery, regulated industry documents β use tools specifically designed for certified redaction rather than general-purpose PDF editors. Several high-profile document leaks have occurred because journalists or officials used visual covering shapes rather than true content deletion. Be especially cautious with PDFs received from unknown or untrusted sources β PDF files can contain embedded JavaScript that executes automatically when opened, hyperlinks to tracking URLs that reveal when and where you opened the document, and exploit code targeting vulnerabilities in PDF reader software. Always keep your PDF reader software up to date β Adobe Acrobat and other readers regularly patch serious security vulnerabilities that attackers actively exploit through malicious PDF files.