There is something deeply ironic about using a cloud-based tool to redact sensitive information.
You have a document containing personal data - passport numbers, bank details, medical records. You want to remove that data before sharing. So you upload it to a website.
You have just sent your most sensitive document to a server you know nothing about, operated by a company you have never heard of, with a privacy policy you did not read.
Consider this:
You upload a PDF containing client financial details to an online redaction tool.
The file is processed and downloaded. Everything looks fine.
But behind the scenes, that original document may be temporarily stored, logged, or backed up on a server you have no visibility into.
You will never know.
What Cloud Redaction Tools Actually Do
Most online PDF redaction tools work like this:
- You upload your document to their server
- Their server processes the redaction
- You download the redacted file
- Your original document sits on their server
That last point is the problem. Even if the company has good intentions, your document is now:
- Stored on a server you do not control
- Potentially logged for analytics or debugging
- Subject to data breaches if their security fails
- Accessible to their employees
- Subject to legal requests from governments
Some cloud tools do implement strong security practices like encryption and automatic deletion policies.
But even then, your data still leaves your device - and that introduces a level of risk you cannot fully control.
For a document containing PII - names, ID numbers, bank details, medical information - this is not a theoretical risk. It defeats the entire purpose of redaction.
The Privacy Policy Nobody Reads
Most cloud redaction services have a privacy policy. Buried somewhere in that policy you will typically find language like:
- "We may retain uploaded files for up to 30 days"
- "Files may be reviewed for quality assurance purposes"
- "We may share data with third-party service providers"
Most users treat the upload button as a feature.
In reality, it is a transfer of control.
You uploaded a document containing someone's personal information. Their personal information is now in a third party's hands.
What Offline Redaction Actually Means
True offline redaction means the document never leaves your device. Processing happens entirely on your computer or phone using local software and local computing power.
There is no upload step. There is no server. There is no company receiving your document.
The only way to guarantee your sensitive documents stay private is to process them on a device you control, with software that does not require an internet connection.
How to Redact Documents Without Uploading Them
On Mac and iPad, StripPii handles PII redaction entirely on-device using Apple's native frameworks - Vision for OCR, Natural Language for entity detection, and PDFKit for PDF processing.
There is no internet connection required. No account to create. No files uploaded anywhere. What you redact stays on your device.
For organisations handling sensitive documents - legal teams, HR departments, healthcare providers - this is not just a preference. In many jurisdictions it is a compliance requirement.
The Bottom Line
Redaction is meant to remove sensitive data - not expose it in the process.
If your workflow requires uploading documents, you are not eliminating risk. You are shifting it.
The safest approach is simple:
- Keep sensitive data on your device
- Process it locally
- Share only what is necessary
Because once a document leaves your device, you no longer control where it goes - or who can access it.
StripPii redacts PII from PDFs, images, and documents entirely on your Mac or iPad. No uploads. No servers. No internet required. Download free from the Mac App Store.
