Published July 16, 2026 · 8 min read

You finished the report, hit Export to PDF, and sent it. What you may not realize is that alongside the visible content, your PDF also sent a hidden dossier — the author's name, the software you used, the creation date, the modification timestamp, and in some cases the GPS coordinates of the images embedded inside. Metadata is invisible on the page but trivially extractable by anyone who receives the file. This guide explains what PDF metadata contains, how it has caused real leaks, and how to inspect and remove it before you share.

What PDF metadata contains

Metadata is structured data embedded in the PDF file that describes the document — not the text on the page, but information about the document. Most PDF creators write metadata automatically. Here is what a typical PDF can reveal:

FieldWhat it revealsRisk level
AuthorYour full name or username from the OS or applicationLow to Medium — reveals identity of creator
Creator / ProducerThe software that generated the PDF (Word, Chrome, Adobe, etc.)Low — but reveals toolchain
CreationDate / ModDateExact timestamps of when the document was created and last savedMedium — can contradict claimed timelines
Title / SubjectDocument title and subject line (may reveal internal codenames)Medium — can leak project names
KeywordsSearch keywords added by the author or auto-generatedLow to Medium
Embedded image EXIFGPS coordinates, camera model, photo timestamps from embedded imagesHigh — precise location data

The most dangerous field is often the one you did not know existed: embedded image EXIF data. If your PDF contains photographs or scanned images, those images may carry their own metadata layer — including precise GPS coordinates of where the photo was taken. Stripping PDF-level metadata does not automatically strip EXIF data from embedded images.

Real-world metadata leaks that caused damage

Metadata leaks are not theoretical. Here are documented cases where hidden PDF data had real consequences:

  • Legal filings.A law firm filed a redacted PDF in court, but the metadata contained the original author name of an opposing party's employee — revealing that the document had been obtained from the other side before disclosure was permitted. The metadata undermined a privilege claim.
  • Whistleblower reports.A journalist received an anonymous tip as a PDF. The metadata showed the document was created on a specific employee's workstation at a specific time — narrowing the pool of possible sources to one person. The whistleblower was identified and fired.
  • Press releases under embargo.A company sent a "for release Monday" PDF to journalists. The CreationDate in metadata showed it was written three weeks earlier, contradicting the company's claim that a decision had just been made. A reporter published the discrepancy.
  • EXIF location exposure.A real-estate PDF brochure included photos of a celebrity's home. The embedded images contained GPS coordinates at full precision. The exact address — intended to be private — was extracted from the PDF and published online within hours.

How to inspect your PDF metadata

Before you strip metadata, you should know what is in your file. Several free methods work without uploading:

  1. PDF reader "Document Properties" — In Adobe Acrobat, press Ctrl+D (Windows) or Cmd+D (Mac) to open the Document Properties dialog. The Description tab shows Title, Author, Subject, and Keywords. The General tab shows the creation and modification dates.
  2. Command line: exiftool — If you have exiftool installed (exiftool document.pdf), it dumps every metadata field in the file, including EXIF data from embedded images. This is the most thorough method and works offline.
  3. Browser PDF viewers — Most browser built-in PDF viewers do not expose metadata through the UI. Do not rely on a browser quick-preview to check metadata — it shows only the page content, not the hidden fields.
  4. pdf-lib inspection (developer method) — JavaScript libraries like pdf-lib can read metadata programmatically in the browser:PDFDocument.load(bytes).then(doc => console.log(doc.getTitle(), doc.getAuthor())). This runs entirely locally — no server needed.

How to remove PDF metadata

Stripping metadata is straightforward, but the method matters — some approaches leave remnants. Here are the options, from most private to most convenient:

Method 1 — Browser-based stripping (private, recommended)

LoveMyFile's Edit PDF tool and Redact PDF tool both let you inspect and remove metadata without uploading. The processing runs entirely in your browser using pdf-lib. Metadata is stripped from the PDF document catalog (author, title, subject, keywords, creator, producer, dates). You can also use Protect PDF to add password protection — which, as a side effect, rewrites the file and strips metadata in the process.

Method 2 — Desktop application

Adobe Acrobat Pro has a Sanitize Document feature (under the Protect or Redact menu) that removes metadata, hidden text, embedded file attachments, and document-level scripts. This is the most thorough commercial option. The free Acrobat Reader cannot sanitize — you need the paid Pro version.

Method 3 — Command line with exiftool

If you have exiftool installed:
exiftool -all:all= document.pdf
This command strips every metadata tag from the file. It creates a backup automatically (document.pdf_original). This is the most aggressive method — it removes everything, including EXIF data from embedded images. However, exiftool must be installed locally and is not available on all systems.

EXIF in embedded images: the hidden metadata layer

This is where most metadata removal efforts fall short. A PDF is a container. If you embed a JPEG photograph from your phone into a PDF page, the original JPEG file — including its EXIF metadata — may be stored intact inside the PDF. Stripping PDF-level metadata (author, title, dates) does not touch the EXIF data inside those embedded images.

Here is what EXIF data inside a PDF image can contain:

  • GPS coordinates — latitude, longitude, and altitude at the moment the photo was taken, often accurate to within a few meters.
  • Camera model and serial number — can uniquely identify the device that took the photo.
  • Timestamps — the exact date and time the photo was captured, which may differ from the PDF CreationDate.
  • Software and edit history — if the photo was edited in Photoshop or Lightroom before being placed in the PDF, the editing software and edit steps may be recorded.

To remove EXIF from images inside a PDF, you generally need to extract the images, strip their EXIF, and re-embed them — or compress the PDF in a way that re-encodes the images without preserving metadata. Not all compression tools do this. LoveMyFile's Compress PDF tool re-encodes images through the Canvas API, which effectively strips EXIF data as a side effect of re-rendering the image.

When metadata matters most

Not every PDF needs a metadata scrub. The decision depends on the document's sensitivity and distribution:

ScenarioMetadata riskRecommendation
Internal team memoLow — known recipients, low sensitivityOptional. Remove author name if preferred.
Job application / CVMedium — reveals edit history and toolchainStrip author and dates. Some employers check.
Anonymous / whistleblower reportCritical — author can deanonymize youStrip everything. Use a sanitized device if possible.
Court filing with redactionsCritical — metadata can defeat redactionsSanitize + re-render. Do not just draw black boxes.
Published report / press releaseMedium — journalists routinely check metadataStrip author and internal codenames.

Redaction vs. metadata removal: they are not the same

A common mistake is assuming that drawing a black box over text in a PDF removes the text. It does not. The text remains in the PDF stream, sitting behind the opaque rectangle. Anyone who opens the PDF in a text editor or uses a tool to extract the text layer can read what is "redacted."

True redaction — which LoveMyFile's Redact PDF tool performs — removes the underlying text content from the PDF data structure. Combined with metadata stripping, this gives you a document that contains only what you intend to share. For more on why online uploads compound the risk, read our guide on Are Online PDF Tools Safe?

A metadata-removal checklist before sharing

  • Open Document Properties and clear the Title, Author, Subject, and Keywords fields.
  • If the PDF contains photos, compress or re-encode them to strip EXIF data from embedded images.
  • Use a true redaction tool — not a drawing tool — to remove sensitive text content from the PDF structure.
  • Re-inspect the sanitized PDF to confirm metadata fields are empty before you send.
  • Do not use upload-based tools for stripping sensitive metadata — the file leaves your device.

Further reading

Inspect and remove PDF metadata — free and private

Use Edit PDF to view and clear metadata, or Redact PDF to remove both visible content and metadata in one step. Everything runs in your browser — no upload.

Edit PDF — free & private