Published July 16, 2026 · 8 min read
You finished the report, hit Export to PDF, and sent it. What you may not realize is that alongside the visible content, your PDF also sent a hidden dossier — the author's name, the software you used, the creation date, the modification timestamp, and in some cases the GPS coordinates of the images embedded inside. Metadata is invisible on the page but trivially extractable by anyone who receives the file. This guide explains what PDF metadata contains, how it has caused real leaks, and how to inspect and remove it before you share.
What PDF metadata contains
Metadata is structured data embedded in the PDF file that describes the document — not the text on the page, but information about the document. Most PDF creators write metadata automatically. Here is what a typical PDF can reveal:
| Field | What it reveals | Risk level |
|---|---|---|
| Author | Your full name or username from the OS or application | Low to Medium — reveals identity of creator |
| Creator / Producer | The software that generated the PDF (Word, Chrome, Adobe, etc.) | Low — but reveals toolchain |
| CreationDate / ModDate | Exact timestamps of when the document was created and last saved | Medium — can contradict claimed timelines |
| Title / Subject | Document title and subject line (may reveal internal codenames) | Medium — can leak project names |
| Keywords | Search keywords added by the author or auto-generated | Low to Medium |
| Embedded image EXIF | GPS coordinates, camera model, photo timestamps from embedded images | High — precise location data |
The most dangerous field is often the one you did not know existed: embedded image EXIF data. If your PDF contains photographs or scanned images, those images may carry their own metadata layer — including precise GPS coordinates of where the photo was taken. Stripping PDF-level metadata does not automatically strip EXIF data from embedded images.
Real-world metadata leaks that caused damage
Metadata leaks are not theoretical. Here are documented cases where hidden PDF data had real consequences:
- Legal filings.A law firm filed a redacted PDF in court, but the metadata contained the original author name of an opposing party's employee — revealing that the document had been obtained from the other side before disclosure was permitted. The metadata undermined a privilege claim.
- Whistleblower reports.A journalist received an anonymous tip as a PDF. The metadata showed the document was created on a specific employee's workstation at a specific time — narrowing the pool of possible sources to one person. The whistleblower was identified and fired.
- Press releases under embargo.A company sent a "for release Monday" PDF to journalists. The CreationDate in metadata showed it was written three weeks earlier, contradicting the company's claim that a decision had just been made. A reporter published the discrepancy.
- EXIF location exposure.A real-estate PDF brochure included photos of a celebrity's home. The embedded images contained GPS coordinates at full precision. The exact address — intended to be private — was extracted from the PDF and published online within hours.
How to inspect your PDF metadata
Before you strip metadata, you should know what is in your file. Several free methods work without uploading:
- PDF reader "Document Properties" — In Adobe Acrobat, press Ctrl+D (Windows) or Cmd+D (Mac) to open the Document Properties dialog. The Description tab shows Title, Author, Subject, and Keywords. The General tab shows the creation and modification dates.
- Command line: exiftool — If you have exiftool installed (
exiftool document.pdf), it dumps every metadata field in the file, including EXIF data from embedded images. This is the most thorough method and works offline. - Browser PDF viewers — Most browser built-in PDF viewers do not expose metadata through the UI. Do not rely on a browser quick-preview to check metadata — it shows only the page content, not the hidden fields.
- pdf-lib inspection (developer method) — JavaScript libraries like pdf-lib can read metadata programmatically in the browser:
PDFDocument.load(bytes).then(doc => console.log(doc.getTitle(), doc.getAuthor())). This runs entirely locally — no server needed.
How to remove PDF metadata
Stripping metadata is straightforward, but the method matters — some approaches leave remnants. Here are the options, from most private to most convenient:
Method 1 — Browser-based stripping (private, recommended)
LoveMyFile's Edit PDF tool and Redact PDF tool both let you inspect and remove metadata without uploading. The processing runs entirely in your browser using pdf-lib. Metadata is stripped from the PDF document catalog (author, title, subject, keywords, creator, producer, dates). You can also use Protect PDF to add password protection — which, as a side effect, rewrites the file and strips metadata in the process.
Method 2 — Desktop application
Adobe Acrobat Pro has a Sanitize Document feature (under the Protect or Redact menu) that removes metadata, hidden text, embedded file attachments, and document-level scripts. This is the most thorough commercial option. The free Acrobat Reader cannot sanitize — you need the paid Pro version.
Method 3 — Command line with exiftool
If you have exiftool installed:exiftool -all:all= document.pdf
This command strips every metadata tag from the file. It creates a backup automatically (document.pdf_original). This is the most aggressive method — it removes everything, including EXIF data from embedded images. However, exiftool must be installed locally and is not available on all systems.
EXIF in embedded images: the hidden metadata layer
This is where most metadata removal efforts fall short. A PDF is a container. If you embed a JPEG photograph from your phone into a PDF page, the original JPEG file — including its EXIF metadata — may be stored intact inside the PDF. Stripping PDF-level metadata (author, title, dates) does not touch the EXIF data inside those embedded images.
Here is what EXIF data inside a PDF image can contain:
- GPS coordinates — latitude, longitude, and altitude at the moment the photo was taken, often accurate to within a few meters.
- Camera model and serial number — can uniquely identify the device that took the photo.
- Timestamps — the exact date and time the photo was captured, which may differ from the PDF CreationDate.
- Software and edit history — if the photo was edited in Photoshop or Lightroom before being placed in the PDF, the editing software and edit steps may be recorded.
To remove EXIF from images inside a PDF, you generally need to extract the images, strip their EXIF, and re-embed them — or compress the PDF in a way that re-encodes the images without preserving metadata. Not all compression tools do this. LoveMyFile's Compress PDF tool re-encodes images through the Canvas API, which effectively strips EXIF data as a side effect of re-rendering the image.
When metadata matters most
Not every PDF needs a metadata scrub. The decision depends on the document's sensitivity and distribution:
| Scenario | Metadata risk | Recommendation |
|---|---|---|
| Internal team memo | Low — known recipients, low sensitivity | Optional. Remove author name if preferred. |
| Job application / CV | Medium — reveals edit history and toolchain | Strip author and dates. Some employers check. |
| Anonymous / whistleblower report | Critical — author can deanonymize you | Strip everything. Use a sanitized device if possible. |
| Court filing with redactions | Critical — metadata can defeat redactions | Sanitize + re-render. Do not just draw black boxes. |
| Published report / press release | Medium — journalists routinely check metadata | Strip author and internal codenames. |
Redaction vs. metadata removal: they are not the same
A common mistake is assuming that drawing a black box over text in a PDF removes the text. It does not. The text remains in the PDF stream, sitting behind the opaque rectangle. Anyone who opens the PDF in a text editor or uses a tool to extract the text layer can read what is "redacted."
True redaction — which LoveMyFile's Redact PDF tool performs — removes the underlying text content from the PDF data structure. Combined with metadata stripping, this gives you a document that contains only what you intend to share. For more on why online uploads compound the risk, read our guide on Are Online PDF Tools Safe?
A metadata-removal checklist before sharing
- Open Document Properties and clear the Title, Author, Subject, and Keywords fields.
- If the PDF contains photos, compress or re-encode them to strip EXIF data from embedded images.
- Use a true redaction tool — not a drawing tool — to remove sensitive text content from the PDF structure.
- Re-inspect the sanitized PDF to confirm metadata fields are empty before you send.
- Do not use upload-based tools for stripping sensitive metadata — the file leaves your device.
Further reading
- Is It Safe to Upload PDFs Online? — why metadata removal should happen locally, not on a server.
- Are Online PDF Tools Safe? — the decision framework for different document sensitivity levels.
- How to Compress a PDF for Email — compression re-encodes images, which can strip EXIF as a side effect.
Inspect and remove PDF metadata — free and private
Use Edit PDF to view and clear metadata, or Redact PDF to remove both visible content and metadata in one step. Everything runs in your browser — no upload.
Edit PDF — free & private