PDF Sanitizer app icon

PDF Sanitizer support

Help and frequently asked questions · Last updated 20 May 2026

What is PDF Sanitizer?

PDF Sanitizer is a local-first macOS app that inspects PDFs for hidden data — metadata, embedded files, JavaScript, form values, comments, navigation aids, optional content groups — and cleans them out under a profile you choose. Every save is re-opened and verified before the app reports success.

It is a companion to PDF Redaction. Use PDF Sanitizer to clean what’s already invisible in the file; use PDF Redaction to remove what is visible.

Is PDF Sanitizer stable? What does the beta status mean?

PDF Sanitizer is currently in beta. The core engine is feature-complete and every save is verified before completing, but the app has not yet had wide real-world exercise across every kind of PDF in the wild. Treat beta builds accordingly:

How does sanitization work?

PDF Sanitizer’s engine walks the PDF’s object model with the qpdf library, identifies the structures matching your chosen profile, removes them, and writes a fresh linearised output alongside the input. After writing, it re-opens the output and confirms the structures are actually gone:

If verification finds that something we said we’d remove is still in the output, the tainted file is deleted and the save fails loudly. You don’t accidentally ship a file you think is clean.

How is this different from PDF Redaction?

PDF Redaction modifies the visible content of the page: it deletes the actual glyphs of text under a redaction rectangle, blacks out pixels inside images, and overlays a visible black rectangle for clarity. Use it when you need to hide specific text or image regions on the page.

PDF Sanitizer modifies the hidden structures around the page: metadata, embedded files, scripts, form values, navigation aids, comments. The visible content stays exactly as it is. Use it when the document looks ready to share but you’re worried about what might be lurking beneath.

A common workflow uses both: redact the visible names/numbers with PDF Redaction, then run the result through PDF Sanitizer to make sure no metadata or accessibility text mirrors the redacted content.

Where is my data stored?

The PDFs you open stay where you opened them from — PDF Sanitizer does not copy your input files anywhere and never overwrites the original. Inspection reports and profile selections are held in memory while the document is open and discarded when you close the document or quit the app. Sanitized output and exported reports are written only where you tell the dialog to put them.

PDF Sanitizer makes no network connections by default. An optional auto-update check can be enabled in Settings → Updates; if turned on, it makes one HTTPS request per launch to GitHub to look for a new version, and sends no PDF content, no telemetry, no user data. See the privacy policy for the full detail.

System requirements

How do I download the beta?

PDF Sanitizer is in public beta. Download the disk image matching your Mac’s processor:

Not sure which one? Click the Apple menu → About This Mac. If the “Chip” or “Processor” line starts with “Apple”, choose Apple Silicon. If it mentions Intel, choose Intel.

Both disk images are signed with our Developer ID Application certificate and notarized by Apple.

How do I install it?

  1. Double-click the PDFSanitizer-aarch64.dmg (or PDFSanitizer-x86_64.dmg) file to open it.
  2. Drag the PDF Sanitizer app into your Applications folder.
  3. Eject the disk image (drag it to the Trash, or use the eject button in Finder).
  4. Open the app from Applications. On first launch macOS may take a few seconds to verify the notarization; this is normal.

What happens on first launch?

The first time you open PDF Sanitizer after downloading it, macOS will show a confirmation dialog that looks like:

“PDF Sanitizer” is an app downloaded from the internet. Are you sure you want to open it?

[Your browser] downloaded this file today at [time]. Apple checked it for malicious software and none was detected.

[Cancel] [Open]

This dialog is normal and expected — every app downloaded through a web browser triggers it on first launch, regardless of how cleanly it is signed. The reassuring line is “Apple checked it for malicious software and none was detected”: this is macOS confirming that the app’s notarization and signature both check out. Click Open and PDF Sanitizer will launch.

You will then see a one-time first-run modal in PDF Sanitizer itself, explaining the local-only promise and asking whether you want to opt in to automatic update checks. The default is “no”, and you can change your mind later in Settings → Updates.

macOS says the app is from an unidentified developer

This is a different and rare warning. The wording you are looking for is one of:

None of these should happen with the disk image you download from our official link — the app and the disk image are both signed with our Developer ID Application certificate and notarized by Apple. If you do see one of them, please stop and email us at support@whiteforgetech.co.uk before bypassing the warning. It probably means you have an unofficial copy of the app, or that something happened to the download in transit.

The friendly “downloaded from the internet, are you sure?” dialog described in the previous section is not one of these warnings.

Which profile should I use?

Four profiles, each for a different situation:

Can it open encrypted PDFs?

Yes — PDF Sanitizer can sanitize encrypted PDFs if you provide the open password. The output is written without encryption by default; if you need to preserve the encryption, email us and we’ll talk through the workflow.

What about PDF layers / Optional Content Groups?

PDF Sanitizer detects Optional Content Groups (OCGs — PDF’s “layers” feature) and warns clearly when they are present, but it does not remove them. The reason is subtle: removing the /OCProperties wrapper that hides certain layers would not delete the layered content — it would make hidden content visible. That is the opposite of what most users want.

If your document has hidden layers and you need to deal with them properly, use PDF Redaction to remove the visible content the layers will draw, or use Acrobat’s “Flatten Layers” feature first and then run the result through PDF Sanitizer.

Verification failed when I saved — what does that mean?

PDF Sanitizer re-opens every sanitized output and checks that the structures it was supposed to remove are actually gone. If something slipped through, the verification fails: the tainted output is deleted and you see an error with the leak counts.

This is the system working as designed — it means PDF Sanitizer caught a case where it could not be sure the file was clean. Email us a description of the document (or, if you can, a small synthetic document with the same shape that reproduces the failure) at support@whiteforgetech.co.uk and we will look into it.

Finder Quick Action

PDF Sanitizer installs a Finder Quick Action that lets you right-click any PDF and run “Sanitize with PDF Sanitizer” with the Standard Clean profile, without opening the app. Enable or disable it in System Settings → Privacy & Security → Extensions → Finder.

How do I report a bug?

Two channels, whichever you prefer:

Either way, please include:

If the bug only reproduces with a specific document, try to construct a small synthetic document with the same structural shape and share that. Send original documents only if we ask, and only via email.

How do I request a feature?

Open a Discussion on the downloads repo (Ideas category), or email support@whiteforgetech.co.uk. We read every request.

Contact

Whiteforge Technologies Ltd
support@whiteforgetech.co.uk

Back to PDF Sanitizer overview →