PDF Sanitizer support
What is PDF Sanitizer?
PDF Sanitizer is a local-first macOS app that inspects PDFs for hidden data — metadata, embedded files, JavaScript, form values, comments, navigation aids, optional content groups — and cleans them out under a profile you choose. Every save is re-opened and verified before the app reports success.
It is a companion to PDF Redaction. Use PDF Sanitizer to clean what’s already invisible in the file; use PDF Redaction to remove what is visible.
Is PDF Sanitizer stable? What does the beta status mean?
PDF Sanitizer is currently in beta. The core engine is feature-complete and every save is verified before completing, but the app has not yet had wide real-world exercise across every kind of PDF in the wild. Treat beta builds accordingly:
- Always keep the original document. PDF Sanitizer never overwrites it by default, but you should keep your own backups regardless.
- Open the sanitized output in a different PDF viewer and check that it looks the way you expect.
- Report anything unexpected — that’s what beta is for.
How does sanitization work?
PDF Sanitizer’s engine walks the PDF’s object model with the qpdf library, identifies the structures matching your chosen profile, removes them, and writes a fresh linearised output alongside the input. After writing, it re-opens the output and confirms the structures are actually gone:
- Metadata:
/Metadata(XMP) +/Infodictionary cleared at catalog and trailer. - Attachments:
/Names /EmbeddedFiles+ file-attachment annotations stripped. - JavaScript actions:
/Names /JavaScript,/OpenAction,/AAstripped at catalog and page level. - Annotations and comments:
/Annotsstripped per page. - Form values:
/AcroFormvalues cleared or the form structure removed (profile-dependent). - Navigation aids:
/Outlines,/Names, page labels, viewer preferences (profile-dependent). - Incremental updates: dropped by linearising the output.
If verification finds that something we said we’d remove is still in the output, the tainted file is deleted and the save fails loudly. You don’t accidentally ship a file you think is clean.
How is this different from PDF Redaction?
PDF Redaction modifies the visible content of the page: it deletes the actual glyphs of text under a redaction rectangle, blacks out pixels inside images, and overlays a visible black rectangle for clarity. Use it when you need to hide specific text or image regions on the page.
PDF Sanitizer modifies the hidden structures around the page: metadata, embedded files, scripts, form values, navigation aids, comments. The visible content stays exactly as it is. Use it when the document looks ready to share but you’re worried about what might be lurking beneath.
A common workflow uses both: redact the visible names/numbers with PDF Redaction, then run the result through PDF Sanitizer to make sure no metadata or accessibility text mirrors the redacted content.
Where is my data stored?
The PDFs you open stay where you opened them from — PDF Sanitizer does not copy your input files anywhere and never overwrites the original. Inspection reports and profile selections are held in memory while the document is open and discarded when you close the document or quit the app. Sanitized output and exported reports are written only where you tell the dialog to put them.
PDF Sanitizer makes no network connections by default. An optional auto-update check can be enabled in Settings → Updates; if turned on, it makes one HTTPS request per launch to GitHub to look for a new version, and sends no PDF content, no telemetry, no user data. See the privacy policy for the full detail.
System requirements
- macOS 11 (Big Sur) or later.
- Apple Silicon (M1 or later) or Intel. PDF Sanitizer ships separate disk images for each — pick the one matching your Mac.
- Around 200 MB of free disk space.
How do I download the beta?
PDF Sanitizer is in public beta. Download the disk image matching your Mac’s processor:
- PDFSanitizer-aarch64.dmg — Apple Silicon (M1, M2, M3, M4).
- PDFSanitizer-x86_64.dmg — Intel Macs.
Not sure which one? Click the Apple menu → About This Mac. If the “Chip” or “Processor” line starts with “Apple”, choose Apple Silicon. If it mentions Intel, choose Intel.
Both disk images are signed with our Developer ID Application certificate and notarized by Apple.
How do I install it?
- Double-click the PDFSanitizer-aarch64.dmg (or PDFSanitizer-x86_64.dmg) file to open it.
- Drag the PDF Sanitizer app into your Applications folder.
- Eject the disk image (drag it to the Trash, or use the eject button in Finder).
- Open the app from Applications. On first launch macOS may take a few seconds to verify the notarization; this is normal.
What happens on first launch?
The first time you open PDF Sanitizer after downloading it, macOS will show a confirmation dialog that looks like:
“PDF Sanitizer” is an app downloaded from the internet. Are you sure you want to open it?
[Your browser] downloaded this file today at [time]. Apple checked it for malicious software and none was detected.
[Cancel] [Open]
This dialog is normal and expected — every app downloaded through a web browser triggers it on first launch, regardless of how cleanly it is signed. The reassuring line is “Apple checked it for malicious software and none was detected”: this is macOS confirming that the app’s notarization and signature both check out. Click Open and PDF Sanitizer will launch.
You will then see a one-time first-run modal in PDF Sanitizer itself, explaining the local-only promise and asking whether you want to opt in to automatic update checks. The default is “no”, and you can change your mind later in Settings → Updates.
macOS says the app is from an unidentified developer
This is a different and rare warning. The wording you are looking for is one of:
- “… cannot be opened because it is from an unidentified developer”
- “… cannot be opened because Apple cannot check it for malicious software”
- “… will damage your computer”
None of these should happen with the disk image you download from our official link — the app and the disk image are both signed with our Developer ID Application certificate and notarized by Apple. If you do see one of them, please stop and email us at support@whiteforgetech.co.uk before bypassing the warning. It probably means you have an unofficial copy of the app, or that something happened to the download in transit.
The friendly “downloaded from the internet, are you sure?” dialog described in the previous section is not one of these warnings.
Which profile should I use?
Four profiles, each for a different situation:
- Metadata Only — quickest. Strips XMP metadata and the Info dictionary (author, title, application names, edit timestamps). Leaves everything else. Use when you trust the document content and just don’t want to reveal who or what produced it.
- Standard Clean — recommended default for ordinary sharing. Metadata + comments/annotations + attachments + scripts + form values. Keeps web links and intra-document navigation so the document still works for readers.
- Strict Privacy — the full sweep. Everything Standard Clean removes, plus links, AcroForm structure, outlines (table of contents), named destinations, page labels, viewer preferences. Use when you need the leanest possible output.
- Inspector Only — review the file and save a JSON/Markdown analysis report. Produces no sanitized output. Useful when you want to know what’s in the document before deciding which profile is right.
Can it open encrypted PDFs?
Yes — PDF Sanitizer can sanitize encrypted PDFs if you provide the open password. The output is written without encryption by default; if you need to preserve the encryption, email us and we’ll talk through the workflow.
What about PDF layers / Optional Content Groups?
PDF Sanitizer detects Optional Content Groups (OCGs — PDF’s “layers” feature) and warns clearly when they are present, but it does not remove them. The reason is subtle: removing the /OCProperties wrapper that hides certain layers would not delete the layered content — it would make hidden content visible. That is the opposite of what most users want.
If your document has hidden layers and you need to deal with them properly, use PDF Redaction to remove the visible content the layers will draw, or use Acrobat’s “Flatten Layers” feature first and then run the result through PDF Sanitizer.
Verification failed when I saved — what does that mean?
PDF Sanitizer re-opens every sanitized output and checks that the structures it was supposed to remove are actually gone. If something slipped through, the verification fails: the tainted output is deleted and you see an error with the leak counts.
This is the system working as designed — it means PDF Sanitizer caught a case where it could not be sure the file was clean. Email us a description of the document (or, if you can, a small synthetic document with the same shape that reproduces the failure) at support@whiteforgetech.co.uk and we will look into it.
Finder Quick Action
PDF Sanitizer installs a Finder Quick Action that lets you right-click any PDF and run “Sanitize with PDF Sanitizer” with the Standard Clean profile, without opening the app. Enable or disable it in System Settings → Privacy & Security → Extensions → Finder.
How do I report a bug?
Two channels, whichever you prefer:
- Public Issue tracker at github.com/whiten1968/PDFSanitizer-downloads/issues. Faster for us to triage, and other users can see what’s being worked on. Don’t attach actual documents here — it’s a public repository.
- Email support@whiteforgetech.co.uk for anything you’d rather keep private (e.g. you need to attach a sensitive document to reproduce the issue).
Either way, please include:
- What you were doing when the problem happened;
- What you expected and what actually happened;
- Your macOS version (Apple menu → About This Mac);
- The PDF Sanitizer version (Settings → bottom of the panel).
If the bug only reproduces with a specific document, try to construct a small synthetic document with the same structural shape and share that. Send original documents only if we ask, and only via email.
How do I request a feature?
Open a Discussion on the downloads repo (Ideas category), or email support@whiteforgetech.co.uk. We read every request.
Contact
Whiteforge Technologies Ltd
support@whiteforgetech.co.uk