Trust & Security

How we protect your documents and data

At RedactMyPDF.com, we know we handle sensitive documents. That is why we built our platform with security as a fundamental principle, not an afterthought. Here's how we protect your data:

Strong Encryption

Your files are encrypted both in transit and at rest using secure, industry-standard methods. We use Fernet symmetric encryption with keys derived using PBKDF2 (100,000 iterations). Files are only decrypted briefly during redaction and stay protected the rest of the time.

True Redaction

Unlike simple highlighting or overlays, our redactions are permanent and irreversible. We completely remove sensitive information from the document, not just visually hide it. Before finalizing, we also:

Strip all document metadata
Remove embedded files and JavaScript
Sanitize XML metadata and document properties

GDPR Compliant & EU Data Storage

We host all your data exclusively in Google Cloud's EU data centers, ensuring compliance with GDPR requirements. You maintain full control over your data with the right to access, modify, or delete it at any time. Our data processing agreements and privacy policies are designed for complete GDPR compliance.

Data Privacy

Document Storage

We store your documents in Google Cloud infrastructure located in the European Union, fully compliant with GDPR requirements. Free (anonymous) projects are automatically deleted after 24 hours, while paid projects are retained until you delete them.

Anonymous Usage

You can use our service without creating an account. In this case, your documents are only accessible from your current browser session.

Limited Data Collection

We only collect the minimum information necessary to provide our service. For anonymous users, we don't collect any personal information. For registered users, we only store your email address for authentication purposes.

Zero Knowledge Processing

Our system is designed so that no human ever reviews your document content. All redaction identification is performed by secure AI models, and you maintain complete control over what information gets redacted.

Technical Security Measures

Secure Infrastructure

Our application implements multiple security best practices:

CSRF protection
Content Security Policy to prevent XSS attacks
Rate limiting to prevent abuse
HTTPS enforcement with TLS

Authentication

User authentication is handled securely through Google Firebase Authentication, eliminating the need to store passwords ourselves. All authentication tokens are handled securely with appropriate expiration times.

Third-Party Security

We carefully select third-party providers that maintain the highest security standards:

Google Cloud & Firebase for secure document storage and authentication
Google Gemini for AI-assisted document analysis
Stripe for secure payment processing

Contact Us

If you have any questions or concerns about our security practices, or if you've identified a potential security issue, please contact us immediately at [email protected].