Files never leave your device. Everything runs in your browser; open your network tab and watch.
Scrubbr

Redact a PDF without uploading it anywhere

Most online redaction tools send your document to a server, which is the opposite of private when the whole point is to hide something. Scrubbr redacts in your browser: draw boxes, and the marked pages are flattened so the text underneath is physically gone. A verification step re-extracts text from the output to confirm nothing survived, and you can watch your network tab the whole time.

Drop a PDF or image here
or click to choose a file · stays on your device

Why "upload to redact" is a privacy problem

To redact a document is to hide its most sensitive parts. Uploading that same document to a third-party server to perform the redaction means the unredacted file, with everything still in it, travels across the network and sits on a remote server, however briefly. You are trusting a deletion policy you cannot verify.

Scrubbr removes that step. There is no upload endpoint. The redaction, the flattening, and the verification all run as JavaScript and WebAssembly on your machine.

Real redaction, then proof

  • Draw boxes over names, account numbers, or any sensitive text.
  • Marked pages are rasterized and rebuilt as images, so the underlying text and vectors no longer exist in the file.
  • Scrubbr re-extracts text from the output and confirms none of the redacted content remains.
  • Export a proof-of-redaction certificate (Pro) recording the file hash, timestamp, and verification result.

Frequently asked questions

Is the redacted text really gone?

Yes. Redacted pages are flattened to images and Scrubbr re-extracts text from the output to confirm none of the content under your boxes is recoverable by the parser.

Does my file leave my device?

No. There is no upload endpoint. Open your browser network tab and confirm no request carries your file.

More private, in-browser tools

Remove hidden metadata from a PDFRemove hidden PDF metadata (author, producer software, creation and modification dates, and the XMP packet) entirely in your browser. Scrubbr verifies removal by re-parsing the cleaned file. No upload.True PDF redaction: the text is gone, not hiddenReal PDF redaction in your browser: Scrubbr removes the underlying text and content under your boxes, then proves it by re-extracting text from the output. A black rectangle is not redaction. No upload.Strip EXIF metadata from a photoRemove EXIF, IPTC, XMP and other hidden metadata from JPEG and PNG photos in your browser, losslessly, without recompressing. Scrubbr verifies the data is gone. Files never leave your device.Remove GPS location from an imageRemove GPS coordinates from a photo so it no longer reveals where it was taken. Runs entirely in your browser, losslessly for JPEG/PNG, and verifies the location data is gone. No upload.Redact an image: black out parts of a photo for goodBlack out faces, names, addresses or any sensitive area of a photo in your browser. The pixels under each box are destroyed and all metadata is stripped, not just covered. No upload.PDF redaction for law firms, without the uploadRedact privileged and confidential text from PDFs without uploading them to a third-party server. The underlying text is destroyed and verified, and you can export a proof-of-redaction certificate.Redact PHI without sending it anywhereBlack out patient names and PHI in PDFs and images entirely in your browser. Nothing is uploaded, and the data underneath is destroyed and verified. Built for privacy-conscious healthcare workflows.Offline PDF redaction, air-gapped if you need itRedact PDFs and images with no network connection. Scrubbr runs entirely in the browser, and a self-hosted build runs fully air-gapped on your own infrastructure. Text under your boxes is destroyed and verified.