macOS
PDF Sanitizer
Inspect and clean the hidden data in a PDF — metadata, embedded files, scripts, form values, comments, navigation aids — before you share it. Every save is verified. Companion to PDF Redaction.
Why this exists
A PDF that looks clean on screen can still contain a lot of data you didn’t intend to share: the original author’s name, the file’s editing history, embedded attachments, JavaScript actions, form field values that the user can’t see, accessibility tags that mirror visible text, navigation outlines describing redacted content, and so on. Every one of these has caused a real-world leak when PDFs were thought to be safe.
PDF Sanitizer surfaces these structures, lets you pick a sanitization profile that matches how sensitive your share is, removes the structures, and re-opens the output to verify they’re actually gone before reporting success.
How it works
-
Inspect first
Open any PDF and PDF Sanitizer lists every hidden structure it can detect: Info dict + XMP metadata, annotations (with link breakdown), file attachments, embedded files, JavaScript / Launch / Open actions, form fields and their values, outlines, named destinations, page labels, viewer preferences, optional content (layers), encryption, signatures.
-
Pick a profile, never overwrite
Four built-in sanitization profiles — Metadata Only (quick scrub), Standard Clean (recommended for ordinary sharing), Strict Privacy (full sweep), and Inspector Only (review and report, produce no output). The original PDF is never overwritten; a sanitized copy is written alongside.
-
Verification on every save
After every sanitization, PDF Sanitizer re-opens the output and confirms the requested structures are gone. If anything leaked through, the tainted output is deleted and a clear failure with leak counts is surfaced — you don’t accidentally ship a file you think is clean.
-
Report for the record
Every run can export a JSON or Markdown report describing what was detected, what was removed, and what verified. Useful for SAR/FOI workflows where you need to document the chain of custody.
Features
-
Single file or batch
Sanitize one PDF at a time or queue a folder. Per-file profile selection; per-file verification report.
-
Encrypted PDFs
PDF Sanitizer can sanitize encrypted PDFs if you provide the open password. Output is written without encryption by default (preserving the password requires a different workflow — ask).
-
Quick Action support
Right-click a PDF in Finder → Quick Actions → Sanitize with PDF Sanitizer applies the Standard Clean profile inline. Configurable in macOS System Settings.
-
Honest about its limits
PDF Sanitizer does not remove the visible content of Optional Content Groups (PDF layers). It detects hidden layers and warns clearly, because stripping the layer wrapper would make hidden content visible, not gone. For layer-level cleanup, use PDF Redaction or Acrobat.
What PDF Sanitizer is not
PDF Sanitizer does not redact visible page content. If you need to hide specific text or image regions on the page (drawing a redaction over a name, an address, an image), that’s PDF Redaction’s job.
PDF Sanitizer does not certify legal or regulatory compliance. It helps you remove common categories of hidden data; it doesn’t certify your workflow against any specific standard.
Privacy
PDF Sanitizer makes one network connection on first launch to activate your licence key. After that, it makes no further network connections. PDFs are processed entirely on your device. There are no analytics, no telemetry, no servers in the data path. See the privacy policy for full details.
Requirements
macOS 11 (Big Sur) or later. Apple Silicon (M-series) Macs. Distributed as a Developer ID signed and Apple-notarized disk image — not via the Mac App Store.
Support
For bug reports and feature requests, see the support page. For anything else, email support@whiteforgetech.co.uk.