By PDFKits Team — Published February 19, 2026
TL;DR. Lawyers handle confidential PDFs daily — depositions, client communications, redacted exhibits — and uploading them to cloud-based PDF services creates an ABA Model Rule 1.6 confidentiality problem. Browser-only tools like PDFKits run redaction, e-signature, OCR, and merging entirely client-side, so privileged content never leaves the device. This guide covers seven concrete legal workflows, the legal-tech alternatives (Adobe Acrobat Pro at $29.99/month, Foxit at $109/year, PDFelement at $139/year), and how to verify a redaction is permanent rather than cosmetic.
The volume of PDFs handled by legal practitioners is high — a single mid-sized civil case can generate 5,000–50,000 pages of discovery, and a transactional matter routinely produces hundreds of executed signature pages. The format itself is well-suited to the work: PDF/A is the long-term archive standard accepted by virtually every court electronic filing system (CM/ECF in U.S. federal courts, NextGen CM/ECF for newer districts, e-Lodgment in England and Wales, RPVA in France), digital signatures are recognized under ESIGN, UETA, eIDAS, and most state-level UETA equivalents, and the format preserves layout across operating systems.
The problem starts when a PDF needs to be modified — redacted, signed, merged, split, OCR'd. Most popular online tools (Smallpdf, iLovePDF, the cloud version of Adobe Acrobat) upload the file to their servers. For a privileged or work-product document, that upload itself raises a question under ABA Model Rule 1.6(c): "A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client." State bar opinions in California (Formal Opinion 2010-179), New York, and Florida have addressed cloud-based tools specifically — the consensus is that some level of due diligence on the vendor is required, and that client consent may be needed for particularly sensitive data. Browser-only processing sidesteps the question entirely because no transmission occurs.
Anika is a paralegal at a 40-lawyer plaintiff firm in Chicago, preparing exhibits for a Daubert hearing. The 1,200-page deposition transcript contains the deponent's Social Security number, a home address, and a non-party witness's medical history that must be redacted before filing. Drawing a black rectangle over the text in Acrobat is not redaction — the underlying characters remain selectable and recoverable. PDFKits Redact PDF removes the underlying text from the content stream, so a downstream user copying from the document gets the redacted output, not the original text. The redaction is verified by Anika opening the output, selecting the redacted area, and confirming nothing is on the clipboard.
Daniel handles 30–40 active asylum cases. Each client packet — I-589, biographical information, supporting affidavits — needs his electronic signature before filing with USCIS via the EOIR portal. Browser-based signing means he can sign a packet from a hotel room without installing software, without a Foxit license, and without sending the unsigned packet to a SaaS provider that would receive the client's A-number and biographical details.
Priya negotiates SaaS contracts for a 200-person fintech. The redline cycle produces seven versions of a master services agreement. She uses Compare PDF to spot whether the counter-party slipped a term into Section 8.4 between v5 and v6 — a class of change that is easy to miss in a long document. The comparison runs locally because the contract is marked draft-privileged and the counter-party would not consent to cloud processing.
Marcus handles indigent defense in federal district court. CM/ECF requires PDF/A-2u for filings — a flavor of PDF that embeds all fonts, declares Unicode mapping for every glyph, and removes JavaScript and external dependencies. A scanned and lazily-converted PDF rejects at upload. Running OCR PDF first adds the text layer (PDF/A-2u demands extractable text), then verifying the document passes a PDF/A validator catches issues before the filing deadline rather than after.
Carmen administers estates for a regional firm. Every closing produces a binder of 25–60 individual PDFs — the will, codicils, probate orders, asset valuations, tax filings, distribution receipts. She uses Merge PDF and Rearrange Pages to assemble the binder in the exact sequence required by the local probate court. The binder routinely runs 800 pages and contains beneficiary Social Security numbers, account numbers, and asset valuations — material that cannot be uploaded to a third-party processor without breaching the firm's data processing addendum with its trust insurance carrier.
The discovery vendor in a complex commercial dispute produces a Bates-stamped set of 80,000 pages as image-only PDFs. The receiving lawyer cannot run keyword searches across an image-only set. OCR PDF adds a text layer, after which review platforms (Relativity, Logikcull, Everlaw) can ingest and index the production. Running OCR locally also avoids exposing the production set to an additional vendor's terms of service.
James files trademark applications and oppositions. The TTAB requires exhibits in PDF format, with strict size limits (10 MB per attachment for ESTTA filings). Compress PDF brings exhibit files under the cap without rasterizing the text. Crop PDF removes margin whitespace from screenshots before they are filed as evidence of trademark use.
The most common mistake in legal redaction is using a markup tool (a black highlight, a filled rectangle annotation, or a "draw" overlay) to cover sensitive text rather than removing the text from the file. The text is still in the PDF — it is just hidden behind a graphic layer. Any user can select-copy-paste it, OCR a screenshot of the document, or open the file in a tool that ignores annotations. Several high-profile redaction failures in U.S. federal litigation (Manafort 2019, Stone 2019, the unsealed FBI affidavits in the Mar-a-Lago search) involved exactly this mistake.
Three checks confirm a redaction is permanent. First, open the output PDF, click into the redacted region, drag a selection across it, and press Ctrl+C — if any text lands on the clipboard, the redaction failed. Second, search the document for a string you redacted (a name, an SSN fragment); the search should return zero results. Third, open the file in a different reader (a PDF viewer that does not honor annotations) — the redacted region should still appear black, with no underlying text visible.
PDFKits Redact PDF removes content from the page content stream rather than overlaying graphics. The verification checks above all return clean results because there is no underlying text left to recover.
Most law firms use one of three desktop products plus an ad-hoc browser tool for quick edits. Here is how the relevant features stack up for legal work.
| Feature | PDFKits | Adobe Acrobat Pro | Foxit PDF Editor | Smallpdf Pro |
|---|---|---|---|---|
| Cost | Free | $29.99/month | $109/year | $108/year |
| Files stay on your device | Yes | Yes (desktop) | Yes (desktop) | No — cloud |
| True content-stream redaction | Yes | Yes | Yes | Limited (annotation-only on some plans) |
| PDF/A-2u export for ECF | Yes | Yes | Yes | No |
| OCR for image-only PDFs | Yes | Yes | Yes (add-on) | Yes |
| No installation | Yes | No | No | Yes |
| No login required | Yes | No (Adobe ID) | No | No (account-gated) |
| Bar-rule due diligence required | No (no vendor) | Yes (for cloud features) | Yes (for cloud features) | Yes (cloud vendor) |
For ad-hoc edits — a single redaction before a filing deadline, a signature on a client engagement letter, a merge of two exhibits — a browser-only tool eliminates the procurement step (no purchase order, no vendor security review) and avoids the bar-rule analysis on a SaaS upload.
Filing a "redacted" PDF that is still searchable. Always run the three verification checks before filing. Federal courts have sanctioned attorneys for unsealing inadvertently-recoverable redactions (In re Apple iPhone Antitrust Litigation, 2019).
Filing image-only PDFs to a court that requires PDF/A. CM/ECF will accept the file but flag it as non-compliant; some clerk offices reject outright. Always OCR scanned filings, then verify with a PDF/A validator.
Using a free e-signature service that retains the signed document. Some "free" services keep a copy of executed documents for compliance audit logs. For a signed client engagement letter, this means the engagement is now in a third party's database. Browser-only signing leaves no copy with anyone.
Compressing a PDF below legibility for ECF size caps. If a 50 MB limit forces you to compress aggressively, split the filing instead. Most courts allow exhibits to be filed as separate attachments rather than one bloated PDF.
The ABA Standing Committee on Ethics has stated that lawyers who use cloud-based services must "undertake reasonable efforts" to ensure the service preserves confidentiality (Formal Opinion 477R, 2017). For low-sensitivity material — a public court filing being formatted for ECF — a cloud service is probably fine. For attorney-client communications, work product, settlement negotiations, or material under a protective order, the analysis is harder: the lawyer becomes responsible for the vendor's data handling, encryption, breach history, and data retention. With browser-only processing, there is no vendor — the file is never transmitted, so there is no party to do due diligence on. The processing is functionally equivalent to opening the PDF in your local PDF reader.
Yes, under the federal ESIGN Act (15 U.S.C. §§ 7001–7031) and state-level UETA enactments in 49 states (New York has its own ESRA statute). Some specific instrument types are excluded — wills, codicils, certain real-property conveyances depending on state — so check the underlying transaction type. For court-filed documents, the relevant rule is local: most U.S. federal courts accept /s/Name signatures or graphic signature images.
Annotation-based redaction overlays a graphic on top of the text — the text remains in the file and is recoverable by copy-paste, by tools that strip annotations, or by reprocessing the PDF. Content-stream redaction removes the underlying text characters from the page's content stream. Only the second is forensically defensible. PDFKits Redact PDF uses content-stream redaction.
It varies. NextGen CM/ECF prefers PDF/A but accepts standard PDF with extractable text. Some district courts (D. Mass., S.D.N.Y.) require PDF/A for sealed filings. Most courts reject image-only PDFs because they break the text-search functionality the public docket relies on. When in doubt, file as PDF/A-2u with embedded fonts.
It depends on the tool. PDFKits processes entirely client-side: the file is loaded into your browser's memory and modified there. No network request carries the file content. You can verify this by opening DevTools → Network tab, running the operation, and confirming no upload request occurs.
The current tool processes one file at a time but does not throttle — open the tool in multiple browser tabs and run redaction on each in parallel. For a true batch (200+ files), a desktop tool like Adobe Acrobat Pro's Action Wizard is more efficient.
Run OCR PDF first to add a text layer, then run Redact PDF. The redaction will remove both the text layer and a masked region of the underlying image — verify by opening the result and confirming both the search and the visual region show no leaked content.
The current Sign PDF tool supports drawn, typed, and uploaded-image signatures. PKI-backed cryptographic signatures (certificate-based, with revocation checking) require a desktop tool — Acrobat Pro or Foxit — because the private key must be accessible to the signing tool. For court filings that require only the /s/Name attestation, the image-based signature is sufficient.
Use Split PDF with a page-range mode. Most federal district courts cap individual attachments at 50 MB but allow multiple attachments per filing. Split the production into roughly equal page ranges (e.g., pp. 1–250, 251–500), name them with sequential Bates ranges, and file as separate attachments under the same docket entry.
Yes — that is one of the explicit advantages. PDFKits runs in any modern browser without installation. IT-managed devices that lock down installable software still allow web access in nearly all configurations.
It is discarded. The file existed only in the tab's memory; closing the tab releases that memory. There is no server-side log, no temporary file on disk, no recovery — close the tab and the in-flight document is gone.
Redact PDF — Content-stream redaction for depositions and exhibits. Sign PDF — Browser-only e-signatures (ESIGN/UETA-compliant for image signatures). Merge PDF — Assemble closing binders and filing packets. OCR PDF — Add searchable text to scanned discovery. Compare PDF — Spot redline changes between contract versions. Split PDF — Break a large production into ECF-compliant filings. Protect PDF — Password-protect documents before sharing with co-counsel.