Make a PDF safe to share
The document looks fine. The file knows more: who wrote it and when, the comment thread where someone said what they really think, a spreadsheet somebody attached in March, and, in many files, every earlier revision. sanitize strips all of it in one pass and shows you the list.
First, see what it's carrying
pip install pdfblah
pdfblah sanitize contract.pdf --dry-run
this file is carrying:
metadata fields: 5 (/Author, /Company, /CreationDate, /ModDate, /Producer)
annotations: 12 (Highlight x7, Text x5)
javascript: 1 | embedded files: 1 | earlier revisions: 3 | layers: 0 | private app data: 2
That report is the whole argument. Most people have never seen what their files admit to.
Then strip it
pdfblah sanitize contract.pdf -o contract-safe.pdf
- Removed in one pass: document metadata (DocInfo and XMP), comments and highlights, JavaScript, embedded files, private application data, and earlier revisions (the output is a clean full rewrite, so the history physically isn't there).
- Untouched: the visible page content, and form fields keep working; their widgets are not comments.
- Reported, not ripped out: optional content layers, because removing layers can change what a page shows. Honesty over aggression.
--keep-annotationspreserves the comments when they are the point of the exchange.
One thing sanitize will not do: remove words you can see. A name on page 4 is redaction's job, and personal data at scale is Scrub PII. Run sanitize after redacting and the file is clean inside and out.
Make it a right-click on your Mac
curl -fsSL https://pdfblah.com/sanitize-mac.sh | sh
Select PDFs, right-click, Quick Actions → Make Safe Copy. Clean
copies land in ~/Downloads/safe as name-safe.pdf. The habit worth
building: never attach the original, always attach the safe copy.
Tips
- Batch a whole outbox: sanitize is a valid recipe step, so one line cleans a folder.
- Word-exported and Acrobat-edited files are the usual revision carriers; scans are usually clean but their metadata still names your scanner and times.
- Check your own files once with
--dry-run. It is educational.