Privacy-first PDF tool for legal, HR & government teams

Your PDF never leaves
your browser. Ever.

Strip hidden metadata that could expose your organisation before it does.

No server upload Batch processing Audit certificate GDPR · HIPAA · CCPA aware FOIA disclosure ready SRA guidance compliant
Open the tool — free to try View pricing

See what your PDF is hiding right now

Drop a file below. We scan it in your browser — nothing is uploaded anywhere.

AuthorDrop a PDF to scan
Creator software
Creation date
Document ID
XMP packet

The hidden risk

Every PDF you share contains data you can't see

When you send a contract, a FOIA response, or an HR document, hidden layers travel with it — readable by any software that opens the file. Most organisations don't know until it's too late.

Stage 1
Info dictionary
Author name, job title, creation date, software version, revision count. Written automatically by Word, Acrobat and Google Docs.
✗ Reveals author identity and internal tools
Stage 2
XMP packets
Adobe's extended metadata format embedded as XML inside the file body. Invisible in viewers. Fully readable by forensic software.
✗ Survives most standard cleaning tools
Stage 3
Document IDs
Two unique hexadecimal fingerprints in the PDF trailer. Link document versions. Can identify a file even after metadata removal.
✗ Missed by Smallpdf and most online tools
Stage 4
PieceInfo streams
Application workflow data written by InDesign, Illustrator and Acrobat. Contains internal project names, operator IDs and stage information.
✗ Rarely stripped by any competing tool
How it works

Three steps. Under thirty seconds.

No account. No installation. No network traffic during processing.

01
Drop your PDFs
Single file or batch. Read entirely in your browser via the FileReader API. Nothing leaves your device.
02
See what's exposed
Every metadata field is surfaced before you clean. Author names, dates, software fingerprints — all visible.
03
Clean & certify
Four-stage deep clean. Clean files download instantly. A dated audit certificate documents every removal.
Compliance coverage

Built for the frameworks that matter

PDF Cleanse supports — but does not replace — your compliance obligations. Consult your DPO or legal counsel for specific requirements.

Full support
GDPR — Articles 5 & 17
Supports data minimisation and right to erasure. Client-side processing means no new data controller relationship. No BAA or DPA required with PDF Cleanse.
Full support
UK GDPR / ICO 2025
Directly addresses ICO's 2025 anonymisation guidance: hidden metadata can make re-identification "reasonably likely," triggering full compliance obligations.
Full support
HIPAA safe harbour
Removes author metadata that may constitute PHI linkage data. Client-side processing means no Business Associate Agreement is required.
Full support
CCPA
Supports removal of personal identifiers embedded in documents before disclosure to California consumers or regulators.
Supports workflow
SRA / Law Society
Supports solicitors' duty to check documents for privileged metadata before disclosure. Audit certificate provides a process record for file notes.
Supports workflow
FOIA — UK & Scottish
Supports public authorities in removing personal data from documents before release. Audit certificate integrates with disclosure logs.
Pricing

Simple for individuals. Serious for organisations.

One-time purchase for individuals and teams. Annual subscription for departments and organisations that need intranet deployment, named support, and documented governance. Enterprise licensing available for police forces, NHS trusts, and law firms.

Individual
£50
One-time · lifetime licence
For FOI officers, paralegals, HR professionals and data protection leads who need a reliable, private tool for their own use.
  • Single user, any personal device
  • Four-stage deep clean
  • Batch processing
  • Audit certificate per session
  • Compliance pack (whitepaper + README)
  • Intranet deployment
  • Named support
Buy individual licence
Team
£397
One-time · up to 10 users
For small legal, HR or FOI teams. Copy to a shared drive. All team members covered under one licence.
  • Up to 10 named users
  • Four-stage deep clean
  • Batch processing
  • Audit certificate per session
  • Compliance pack (whitepaper + README)
  • Shared drive / intranet deployment
  • Named support contact
Buy team licence
Most popular
Departmental
£2,400
Per year · one department
For a single department deploying across an intranet. Legal, FOI, HR or data protection teams at councils, NHS bodies and regulated firms.
  • Unlimited users, one department
  • Four-stage deep clean
  • Batch processing
  • Audit certificate per session
  • Compliance pack (whitepaper + README)
  • Intranet / air-gapped deployment
  • Named email support contact
Enquire
Organisation
£8,500
Per year · whole organisation
For a full organisation — law firm, NHS trust, local authority or public body — deploying across all departments. G-Cloud compatible.
  • Unlimited users, one organisation
  • Four-stage deep clean
  • Batch processing
  • Audit certificate per session
  • Compliance pack (whitepaper + README)
  • Intranet / air-gapped deployment
  • Named support · SLA · G-Cloud compatible
Enquire
Enterprise Licence
£50,000
Per year · police, NHS, law firm
For police forces, large NHS trusts, and Magic Circle or top-50 law firms requiring a contractual no-server guarantee, dedicated account management, and annual compliance briefing.
  • Unlimited users, one organisation
  • Contractual no-server guarantee (signed)
  • Dedicated account manager
  • Annual compliance briefing
  • Priority support · 4-hour SLA
  • Air-gapped & classified-ready deployment
  • G-Cloud · Crown Commercial Service compatible
Contact us
Force / Multi-site
POA
Negotiated · multi-entity
For multi-force deployments, NHS regions, central government departments and MOD. Bespoke contractual structure, deployment model and support.
  • Multiple forces, trusts or departments
  • Bespoke deployment & contractual terms
  • Classified-ready where required
  • Framework agreement compatible
  • Dedicated implementation support
  • Board-level compliance documentation
  • Crown Commercial Service negotiated
Get in touch

Crown Commercial Service compatible · G-Cloud listed (pending) · Purchase order accepted · VAT invoice provided

For law firms, police forces & government agencies
The PDF Cleanse
Compliance Pack

A tangible product your IT security, DPO, and legal teams can evaluate, approve and deploy. Everything needed to put PDF Cleanse on your intranet with fully documented governance — suitable for ICO audit, SRA inspection, and FOIA disclosure logs.

pdf-cleanse.html (the tool) Technical whitepaper (10 sections) Deployment README Licence agreement

Included with all Departmental, Organisation and Enterprise licences.

Included
from
£2,400/yr
Departmental licence and above
Enquire about deployment
Why professionals choose PDF Cleanse
"The only tool I've found that strips document IDs as well as the standard metadata. That matters when you're preparing FOIA disclosure."
FOI Officer · UK Local Authority
"Our IT policy prohibits uploading client documents to cloud services. PDF Cleanse is the only browser-based option that never touches a server."
Paralegal · Regional Law Firm
"The audit certificate goes straight into our DSAR response log. It took about thirty seconds to clean a batch of twelve documents."
Data Protection Lead · NHS Trust
Questions

Frequently asked

How do I know my file genuinely isn't uploaded?+
Open your browser's developer tools (F12) → Network tab, then drop a file. You will see zero network requests made during processing. The file is read via the FileReader API and processed entirely in browser memory. This is verifiable by anyone with basic developer tools.
How many computers can I install it on?+
There is nothing to install — it is a single HTML file that opens in any browser. The licence is contractual, not technical. Individual licence covers one person on any device they personally use. Team licence covers up to 10 users. Departmental and above cover unlimited users within the licensed entity. You can copy the file to a shared drive, a USB, or your intranet — the whitepaper explains all deployment options.
Does it work in an air-gapped environment?+
Yes. Once the page has loaded, it functions entirely offline. For fully air-gapped networks, self-host the pdf-lib CDN script alongside the HTML file — instructions are in the whitepaper and README included with the Compliance Pack.
Can we purchase by purchase order?+
Yes. Email info@pdfcleanse.com with your organisation name and required licence tier. We will issue a proforma invoice. A VAT invoice is provided on payment. This avoids the need for a credit card and fits standard government and legal procurement workflows.
Does this guarantee GDPR compliance?+
No. PDF Cleanse is a technical utility that supports compliance workflows. It removes the metadata layers described in the whitepaper but cannot guarantee that every form of embedded data is removed from every PDF. It does not constitute legal advice. Your DPO remains responsible for your organisation's compliance obligations. Always verify cleaned files in Adobe Acrobat → File → Properties before sharing sensitive documents.
What happens to my files after I clean them?+
Nothing. The cleaned file is downloaded to your device. The original and cleaned versions exist only in browser memory during processing and are discarded when you close the tab. PDF Cleanse has no server, no database, and no storage. It is physically impossible for us to retain your files.
Will cleaning a PDF invalidate its digital signature?+
Yes, in most cases. Digital signatures in PDFs cryptographically cover the file's byte content — including metadata. Stripping metadata alters that content, which will invalidate any existing signature. If your document carries a digital signature that must remain verifiable, do not clean it with PDF Cleanse. Clean first, then re-sign the output if a signature is required.
Does PDF Cleanse remove GPS or location data?+
Not from embedded images. PDF Cleanse removes PDF-level structural metadata — Info dictionary, XMP packets, document IDs, and PieceInfo streams. If your PDF contains embedded images (photos, scans), those images may carry their own EXIF metadata including GPS coordinates. That data lives inside the image itself and is not removed by PDF Cleanse. If location data in embedded images is a concern, strip EXIF data from the images before embedding them in the PDF.