When you need to redact PDF documents containing sensitive information, choosing the right provider matters. You’re trusting them with confidential data, potentially personal details, financial records, or legally privileged documents. Before uploading anything to a service in the cloud, ask these questions:
1. Is the Company Legitimate and Identifiable?
An anonymous tool with no clear ownership is a red flag. A trustworthy service to redact PDF documents should be straightforward to verify: look for a registered company name, company number, a physical address, and named individuals who stand behind the product. Check whether the company appears in an official business register.
2. Where Is Your Data Processed?
Data sovereignty matters, particularly when you redact PDF files containing personal information subject to regulation. If you are handling EU personal data, the safest choice is a provider that processes files within the European Union on infrastructure subject to GDPR and European data protection law.
Pay attention to where the service provider’s infrastructure is actually hosted, not just where the company is incorporated. A European company can still run its servers on US-owned cloud infrastructure. Under the CLOUD Act, US authorities can compel American companies to hand over data regardless of where it is stored.
The minimum requirement is that any data transfer is covered by an adequate privacy framework, i.e. for transfers from EU to the US, the EU–US Data Privacy Framework. However, the Court of Justice of the European Union has already struck down two EU–US data transfer frameworks: Safe Harbour in 2015 and EU–US Privacy Shield in 2020; on the grounds that US surveillance law did not meet EU fundamental rights standards. Although the EU–US Data Privacy Framework survived a legal challenge in September 2025, the judgment was narrow, and further challenges are already being prepared.
3. What Do the Terms of Service and Privacy Policy Actually Say?
Read beyond the marketing copy. Specifically:
- Does the provider use your documents to train AI models?
- How long are files retained after redaction completes?
- Is there a clear data deletion policy, or only vague assurances?
- Who has access to your documents: humans, automated systems, or third-party AI providers?
4. How Is Your Data Encrypted?
TLS in transit should be standard, but not regarded as sufficient. Look for additional security measures, such as:
- Is the document encrypted at rest on the provider’s servers?
- Is encryption applied in the browser before upload, or only after the file arrives?
- Are encryption keys stored separately from the data they protect?
Note that any cloud redaction service must temporarily decrypt your document to read and process its contents. That is an unavoidable technical reality. The question is whether the surrounding architecture minimises exposure: who or what performs the decryption, on what infrastructure, and whether any decrypted content is retained afterwards.
5. Does the Service Use External AI Providers?
In this AI era, it is relevant to investigate if the redaction service sends document content to third-party large language model (LLM) APIs (OpenAI, Anthropic, Google, and others) to identify personal data. This introduces an additional party into the data chain, with its own terms of service, retention policies, and jurisdictional exposure.
Ask whether the provider’s AI models run on their own infrastructure, or whether your document content is transmitted to an external API. A provider that runs proprietary models in-house offers a simpler, more auditable data chain.
Checklist Summary
| Question | What to look for |
|---|---|
| Is the company identifiable? | Registered company, company number, named leadership |
| Where is data processed? | Infrastructure located in the same jurisdiction as your data obligations |
| (EU only) Who owns the hosting infrastructure? | EU-headquartered provider; or at minimum, EU–US Data Privacy Framework coverage |
| What do the terms say? | Explicit deletion policy, no model training on user data |
| How is data encrypted? | Encryption at rest; ideally browser-side before upload |
| Are external AI providers used? | Proprietary in-house models preferred |
How RedactPDF.io Handles Your Documents
RedactPDF.io is a free PDF redaction tool built and operated by Ante ApS, a Danish company that has been running enterprise redaction software since 2019. The following is a transparent account of how we address each criterion in the checklist above.
The Company
RedactPDF.io is provided by Ante ApS, CVR no. 38703722, registered in Denmark and listed in the official Danish business register. You can read more about the team and our background on the About page.
Where We Host Your Data
Our infrastructure runs on Scaleway, a European cloud provider headquartered in Paris. We use Scaleway’s Paris data centre. Scaleway operates exclusively in Europe and is fully subject to EU data protection regulations. When you redact PDF files using our service, your data never leaves Europe, and it is never processed on infrastructure subject to US jurisdiction.
How We Redact PDF Documents – And Keep Your Data Safe
The redaction pipeline works as follows:
- You upload a PDF through your browser over an encrypted HTTPS connection.
- The document is encrypted using a one-time encryption key in your browser, then uploaded to our servers, where it is stored in encrypted internal storage and queued for redaction.
- Our redaction engine decrypts your document, extracts text (via PDF parsing and OCR), runs it through our ML models to classify personal data, and redacts the identified entities directly in the PDF.
- The redacted PDF is then encrypted using the same key and made available for download.
- Once downloaded, both the original and redacted files are deleted from our servers. Intermediate data (extracted text, identified entities) is deleted immediately after redaction completes. At no point is your document stored longer than necessary.
How We Encrypt Your Documents
All traffic between your browser and our servers is protected with TLS encryption, preventing anyone from intercepting or reading your data in transit.
Your documents are encrypted directly in your browser using AES-256 before they are ever uploaded. They remain encrypted at rest on our servers.
This layered approach means your data is protected at every stage. If someone were to breach the storage layer and access the raw files, the contents would be unreadable. And even in the highly unlikely event that TLS encryption were compromised, your documents would still be protected by strong client-side AES-256 encryption.
Encryption keys are stored separately and derived securely, so compromising a single component, whether network traffic or storage, would not provide access to your PDF.
Model Training and Document Use
Your documents are never used to train our models or for any purpose beyond the redaction you requested. We retain no copies after download.
AI Processing
We do not use external LLM providers to identify personal information. All our AI models are proprietary and run on the same secure infrastructure as the rest of the redaction process. Your document content is never transmitted to a third-party API.
No Human Access
Our PDF redaction system is fully automated. No human ever reviews your files. The pipeline is entirely machine-driven: upload, redact, download, delete.
Summary
| Question | RedactPDF.io |
|---|---|
| Is the company identifiable? | Ante ApS, CVR 38703722, Denmark |
| Where is data processed? | Scaleway Paris data centre |
| (EU only) Who owns the hosting infrastructure? | Scaleway, EU-headquartered cloud provider |
| What do the terms say? | No model training on user data; files deleted after download; no human access |
| How is data encrypted? | AES-256 client-side before upload; TLS in transit; encrypted at rest; keys stored separately |
| Are external AI providers used? | No, all AI models are proprietary and run in-house |