Files never leave your device. Everything runs in your browser; open your network tab and watch.
Scrubbr

Redact PHI without sending it anywhere

When a document contains protected health information, uploading it to an online tool to redact it sends the PHI to a third party. Scrubbr keeps the file on the device: redaction, flattening, and verification all run locally, and you can confirm in the network tab that no request carries the file. The content under each box is destroyed, not merely covered.

Drop a PDF or image here
or click to choose a file · stays on your device

PHI never leaves the device

Because Scrubbr has no upload endpoint, protected health information is not transmitted to a server during redaction. That keeps the redaction step from becoming a disclosure. You remain the responsible party for your own compliance program; Scrubbr helps by never moving the data off the machine.

Destroy, then verify

  • Marked pages are flattened to images, so names, dates, and identifiers under your boxes are physically removed.
  • Scrubbr re-extracts text from the output and confirms none of the redacted content remains.
  • Export a proof-of-redaction certificate with the file hash and timestamp for your records.

Frequently asked questions

Is Scrubbr HIPAA-compliant?

Compliance is a property of your organization and processes, not of a single tool. What Scrubbr provides is that PHI is never uploaded: redaction happens in your browser, so the data does not leave your control during the operation. You remain responsible for your overall compliance.

Can we run it with no internet at all?

Yes. The self-hosted option runs Scrubbr entirely offline on your own infrastructure.

More private, in-browser tools

Remove hidden metadata from a PDFRemove hidden PDF metadata (author, producer software, creation and modification dates, and the XMP packet) entirely in your browser. Scrubbr verifies removal by re-parsing the cleaned file. No upload.True PDF redaction: the text is gone, not hiddenReal PDF redaction in your browser: Scrubbr removes the underlying text and content under your boxes, then proves it by re-extracting text from the output. A black rectangle is not redaction. No upload.Strip EXIF metadata from a photoRemove EXIF, IPTC, XMP and other hidden metadata from JPEG and PNG photos in your browser, losslessly, without recompressing. Scrubbr verifies the data is gone. Files never leave your device.Remove GPS location from an imageRemove GPS coordinates from a photo so it no longer reveals where it was taken. Runs entirely in your browser, losslessly for JPEG/PNG, and verifies the location data is gone. No upload.Redact an image: black out parts of a photo for goodBlack out faces, names, addresses or any sensitive area of a photo in your browser. The pixels under each box are destroyed and all metadata is stripped, not just covered. No upload.Redact a PDF without uploading it anywhereRedact sensitive text in a PDF entirely in your browser. Nothing is uploaded, the underlying text is destroyed (not just covered), and Scrubbr re-extracts text to prove it. No account.PDF redaction for law firms, without the uploadRedact privileged and confidential text from PDFs without uploading them to a third-party server. The underlying text is destroyed and verified, and you can export a proof-of-redaction certificate.Offline PDF redaction, air-gapped if you need itRedact PDFs and images with no network connection. Scrubbr runs entirely in the browser, and a self-hosted build runs fully air-gapped on your own infrastructure. Text under your boxes is destroyed and verified.