Privacy-first PDF tool for legal, HR & government teams

Your PDF never leaves
your browser. Ever.

Strip hidden metadata that could expose your organisation before it does.

No server upload Batch processing Audit certificate DUAA workflow support · June 2026 GDPR · HIPAA · CCPA aware FOIA disclosure ready SRA workflow aware
See pricing → Try the tool free ↓ Whitepaper (PDF, 12pp) ↓ Defensibility brief

See what your PDF is hiding right now

Drop a file below. We scan it in your browser — nothing is uploaded anywhere.

AuthorDrop a PDF to scan
Creator software
Creation date
Document ID
XMP packet
PieceInfo streams

The hidden risk

Every PDF you share contains data you can't see

When you send a contract, a FOIA response, or an HR document, hidden layers travel with it — readable by any software that opens the file. Most organisations don't know until it's too late.

Stage 1
Info dictionary
Author name, job title, creation date, software version, revision count. Written automatically by Word, Acrobat and Google Docs.
✗ Reveals author identity and internal tools
Stage 2
XMP packets
Adobe's extended metadata format embedded as XML inside the file body. Invisible in viewers. Fully readable by forensic software.
✗ Survives most standard cleaning tools
Stage 3
Document IDs
Two unique hexadecimal fingerprints in the PDF trailer. Link document versions. Can identify a file even after metadata removal.
✗ Missed by Smallpdf and most online tools
Stage 4
PieceInfo streams
Application workflow data written by InDesign, Illustrator and Acrobat. Contains internal project names, operator IDs and stage information.
✗ Rarely stripped by any competing tool
How it works

Three steps. Under thirty seconds.

No account. No installation. No network traffic during processing.

01
Drop your PDFs
Single file or batch. Read entirely in your browser via the FileReader API. Nothing leaves your device.
02
See what's exposed
Every metadata field is surfaced before you clean. Author names, dates, software fingerprints — all visible.
03
Clean & certify
Four-stage deep clean. Clean files download instantly. A dated audit certificate documents every removal.
Compliance coverage

Built for the frameworks that matter

PDF Cleanse supports — but does not replace — your compliance obligations. Consult your DPO or legal counsel for specific requirements.

Relevant to
GDPR — Articles 5 & 17
Removes metadata layers relevant to data minimisation and erasure workflows. All processing is client-side: no document data is transmitted to the vendor.
Relevant to
UK GDPR / ICO 2025
Removes the metadata layers identified in ICO's 2025 anonymisation guidance as relevant to re-identification risk.
Relevant to
HIPAA workflows
Removes author and document metadata that may carry identifiers. All processing is client-side: no document data is transmitted to the vendor.
Relevant to
CCPA
Removes personal identifiers embedded in documents before disclosure.
Workflow
SRA / Law Society
Fits document-checking workflows before disclosure. The audit certificate provides a process record for file notes.
Workflow
FOIA — UK & Scottish
Fits document-preparation workflows before release. The audit certificate integrates with disclosure logs.
June 2026 update

Built for the 19 June 2026 update

The Data (Use and Access) Act 2025 takes full effect on 19 June 2026, with updated ICO guidance on DSAR handling, recipient disclosure, and the new statutory complaints duty. PDF Cleanse provides a documented, repeatable step in document-preparation workflows — metadata removal with a per-file audit record before a document leaves your organisation.

Every licence includes
  • Two-page Document Disclosure Workflow Guide — mapping the tool to ICO requirements for DSARs, FOIA responses, and complaint handling under DUAA.
  • Technical whitepaper — twelve pages of architecture, framework reference, and deployment guidance for your IT team.
  • 6 months of update cover (12 months for Firm/Enterprise) — when ICO guidance changes or new metadata standards emerge, we email you the updated tool and guide. No phone-home, no server check — just a human email when something material changes. After that, optional £47/year keeps your cover current. Your tool keeps working forever; cover is only for new guidance.
Pricing

One price. No subscription. No surprises.

One-time purchase. No subscription. 12 months of update cover included.

Solo
£97
One-time · lifetime licence
For 1 user, on any device they use. FOI officers, paralegals, sole practitioners, HR leads who need a reliable private tool.
  • 1 named user
  • Four-stage deep clean
  • Batch processing
  • Audit certificate per session
  • DUAA workflow guide included
  • Technical whitepaper included
  • 6 months of update cover
Buy Solo — £97
Best for small practices
Practice
£227
One-time · up to 5 users
For micro firms and small practices. Covers up to 5 users in one organisation, on any device they use.
  • Up to 5 named users
  • Four-stage deep clean
  • Batch processing
  • Audit certificate per session
  • Shared drive / intranet deployment
  • DUAA workflow guide included
  • Technical whitepaper included
  • 6 months of update cover
Buy Practice — £227
Office
£457
One-time · up to 10 users
For small legal, HR or FOI teams. Up to 10 users in one organisation, on any device they use.
  • Up to 10 named users
  • Four-stage deep clean
  • Batch processing
  • Audit certificate per session
  • Shared drive / intranet deployment
  • DUAA workflow guide included
  • Technical whitepaper included
  • 6 months of update cover
Buy Office — £457
Firm
£1,127
One-time · up to 25 users
For SME law firms, regional practices, and HR or compliance teams. Up to 25 users in one organisation, on any device they use.
  • Up to 25 named users
  • Four-stage deep clean
  • Batch processing
  • Audit certificate per session
  • Shared drive / intranet deployment
  • DUAA workflow guide included
  • Technical whitepaper included
  • Receipt · PO accepted on request
  • 12 months of update cover
Buy Firm — £1,127
Enterprise
POA
Site licence · 25+ users
For larger offices, departments, councils and firms needing a documented workflow at scale.
  • Site licence — unlimited devices in one organisation
  • Four-stage deep clean
  • Batch processing
  • Audit certificate per session
  • Extended technical brief — forensic architecture & DUAA workflow pack
  • Priority email support — typically 4hr, office hours
  • Receipt · PO accepted · DPA on request
  • 12 months of update cover
Request a quote →

All tiers: receipt provided · Purchase orders accepted on Enterprise · 14-day refund if it doesn't fit your workflow.

Questions

Frequently asked

Why not just use Adobe Acrobat?+
Acrobat's Sanitize tool removes the metadata Acrobat can see — author, title, comments, basic XMP. It does not strip embedded hexadecimal residue, orphaned object streams, font-cache fingerprints, or producer-chain traces left by the originating application, and it produces no audit certificate, no SHA-256 hash, and no per-file record that sanitisation ran. PDF Cleanse performs a four-stage clean down to the byte level and issues a per-file audit certificate (PDF + JSON, SHA-256 hashed) — a documented, repeatable record of what was removed, when, and from which file. The forensic defensibility brief sets out the architecture and certificate format in detail. Plus: no Adobe licence required (£2,400/year for 10 seats), no install, no procurement cycle, no per-user subscription. £97 one-time for one user, £227 for 5, £457 for 10, £1,127 for 25.
How do I know my file genuinely isn't uploaded?+
Open your browser's developer tools (F12) → Network tab, then drop a file. You will see zero network requests made during processing. The file is read via the FileReader API and processed entirely in browser memory. This is verifiable by anyone with basic developer tools.
How many computers can I install it on?+
There is nothing to install — it is a single HTML file that opens in any browser. The licence is contractual, not technical. Solo covers 1 user on any device they use. Practice covers up to 5 users. Office covers up to 10. Firm covers up to 25. You can copy the file to a shared drive, a USB, or your intranet.
How long will my licence last?+
Your licence is permanent — the tool itself keeps working for as long as your browser opens HTML files, which is likely well beyond 5 years. We support each product version for 5 years from release with optional update cover. After 5 years we recommend moving to the current version to stay aligned with the latest ICO guidance, metadata standards, and browser security updates. Update cover (£47/year, first 6 months included) keeps you on the current version in the meantime. Like any professional software, the product works forever; staying current is optional but recommended.
Does it work in an air-gapped environment?+
Yes. Once the page has loaded, it functions entirely offline. For fully air-gapped networks, self-host the pdf-lib script alongside the HTML file — instructions are in the technical whitepaper.
Can we purchase by purchase order?+
Yes. Email info@pdfcleanse.com with your organisation name and required licence tier. We will issue a proforma invoice. A receipt is provided on payment. This avoids the need for a credit card and fits standard government and legal procurement workflows.
Can I read the technical detail before buying?+
Yes. The technical whitepaper (12 pages, PDF) sets out the four-stage architecture, the audit certificate format, the security posture, deployment options, known limitations, and a competitor comparison. It is written for IT administrators, data protection officers, and procurement teams evaluating the tool for internal use. No email required to download.
Does this guarantee GDPR compliance?+
No. PDF Cleanse is a technical utility that supports compliance workflows. It removes the metadata layers described in the whitepaper but cannot guarantee that every form of embedded data is removed from every PDF. It does not constitute legal advice. Your DPO remains responsible for your organisation's compliance obligations.
What happens to my files after I clean them?+
Nothing. The cleaned file is downloaded to your device. The original and cleaned versions exist only in browser memory during processing and are discarded when you close the tab. PDF Cleanse has no server, no database, and no storage. It is physically impossible for us to retain your files.
Will cleaning a PDF invalidate its digital signature?+
Yes, in most cases. Digital signatures in PDFs cryptographically cover the file's byte content — including metadata. Stripping metadata alters that content, which will invalidate any existing signature. If your document carries a digital signature that must remain verifiable, clean first, then re-sign the output.
Does PDF Cleanse remove GPS or location data?+
Not from embedded images. PDF Cleanse removes PDF-level structural metadata — Info dictionary, XMP packets, document IDs, and PieceInfo streams. If your PDF contains embedded images, those images may carry their own EXIF metadata including GPS coordinates. That data lives inside the image itself. If location data in embedded images is a concern, strip EXIF data from the images before embedding them.
Not ready yet?

We'll remind you in one week

Drop your email. We'll send you a reminder with the whitepaper, pricing, and a direct line to ask questions. No spam, no daily emails — just one follow-up in 7 days.