Skip to content Omitly is launching soon — join the waitlist →

Definition · a plain-English guide

What is defensible redaction?

A redaction is defensible when you can stand behind it after the fact: explain what was done, reproduce it, and point to evidence rather than memory. It's a term of art in e-discovery, where a “defensible” process is one that survives challenge. For redaction, it reduces to three questions.

The three-question test

If you can answer yes to all three — with evidence, not assurances — the redaction is defensible. Most tools, including some expensive ones, fail at least one.

1

Is the content removed — not covered?

A black rectangle drawn over text is an annotation; the text is still in the file, and anyone who receives it can often recover it by selecting the area and copying, or by opening the file in a different viewer. Removal means the underlying content — text, image regions, hidden layers, metadata — is gone from the file itself. This distinction, not the visual result, is what redaction failures come down to.

2

Can someone else verify the removal — without taking anyone's word for it?

“We redacted it” is an assertion. A defensible process produces a record a third party — opposing counsel, a court clerk, a client, your future self — can check independently: what was removed, from where, and whether the file has changed since. If the only evidence is the vendor's or the operator's say-so, you're defending a claim, not a fact.

3

Did the document ever leave your machine?

Every place a confidential document travels is a place you may later have to account for. When a tool uploads the file — or quietly sends its extracted text — to a server, the document's handling now depends on someone else's security, retention and legal exposure. A tool that never receives the document removes that entire line of questioning. Where popular tools actually send your file is documented, in the vendors' own words, on our comparison page.

Question 3 in depth: our comparison of where popular redaction tools actually send your document, summarised from each vendor's own documentation.

What defensible redaction is not

A definition is only useful if it's honest about its edges.

It is not a court requirement

No court rule we are aware of requires cryptographic proof of redaction, and this page does not claim otherwise. What court rules do require is effective redaction itself — and some, like New Jersey's in most civil matters, require the filer to certify that confidential personal identifiers have been redacted. Verification is how you stand behind a certification you already give; it is not a new obligation.

It is not a guarantee of outcomes

Defensible describes the process, not the result of a dispute. It means that if your redactions are ever challenged, you can show what was done, reproduce it, and point to evidence rather than memory. Nothing on this page is legal advice.

It is not automation

Deciding what to redact is a judgment call that stays with a person — pattern detection can suggest, but a defensible process has a human review and apply every redaction. The tool's job is to make the removal real and provable, not to make the decision.

How Omitly answers the three questions

We built Omitly around this test — verified removal, on your machine, with evidence anyone can check.

Removed, not covered

Omitly removes content from the file — text, image sub-regions, hidden text layers — and then re-extracts the document's text after redaction to check the removed content is gone. For scanned pages, it re-runs OCR on the redacted output as an additional check.

Verifiable by someone else

Every redaction produces an audit report embedded in the delivered file, sealed with a signature over the file's bytes. Anyone holding the file can verify it offline — no account, no upload — with Omitly's Verify, which works without a licence. The seal is tamper-evidence: it shows the file you hold is byte-for-byte the file that was sealed, and that the audit report inside it is the one sealed with it, unchanged since. It does not, by itself, identify who performed the redaction — and we say so, because a verification artifact is only useful if you know exactly what it proves.

Never leaves your device

Redaction, OCR, detection and verification all run locally on your Mac. Your documents never leave your device: the app's network activity is limited to checking for signed updates, sending a support message if you type one, and — only if you enable a trusted timestamp when applying a digital signature — a timestamp request that carries a cryptographic digest, never the document. You can confirm all of this yourself with an outbound firewall.

Evaluating any redaction tool — ours included

Four checks that take minutes and don't require trusting anyone's marketing.

Test removal, don't trust the rectangle

Redact a test page, then try to select and copy text where the mark is, and open the file in a different viewer. If the text comes back, it was covered, not removed. Our free redaction leak checker automates this check for any PDF, from any tool.

Ask what happens to scans, metadata and hidden layers

Real documents include scanned pages (text lives in an invisible OCR layer), metadata (author, title, tracked history) and content hidden under other content. A tool that only handles the visible text layer leaves the rest.

Ask for the evidence

After the job is done, what can you produce if challenged — a record of what was removed, and a way for someone else to confirm the file hasn't changed since? A process log held by a vendor is weaker than an artifact you hold and anyone can check.

Ask where the document travels

Read the vendor's security page, not the headline — several “browser-based” tools parse the file locally but send its extracted text to a third-party AI service. We've summarised what each major tool's own documentation says on our comparison page, with sources.

Frequently asked questions

Does any court require cryptographic proof of redaction?

No — no court rule we are aware of requires cryptographic verification, and you should be sceptical of any tool that implies otherwise. Courts require effective redaction, and some require the filer to certify it: New Jersey's rules, for example, make the filer responsible for redacting confidential personal identifiers from filed documents. Verification evidence is how you stand behind that responsibility if questioned — it supports the certification you already give; it doesn't replace or add to it.

Is drawing a black box over text ever a real redaction?

Only if the underlying content is then actually removed from the file. In many editors a black rectangle is just an annotation sitting on top of live text — the document prints and displays correctly, and the text underneath can still be extracted. The test is simple: if you can select, copy or search the content after redacting, it isn't redacted. When in doubt, run the file through a leak checker before it leaves your hands.

Doesn't defensible just mean using AI to catch everything?

No — detection and defensibility are different problems. Automated detection helps you find candidates, but a defensible process keeps a human deciding and reviewing every redaction, because what must be redacted is a judgment about context, privilege and obligation that a pattern-matcher doesn't have. The tool's contribution to defensibility is on the other side of the decision: making the removal real and producing evidence of what was done.

What does Omitly's seal actually prove — and what doesn't it prove?

It proves integrity: the sealed file you hold — including the audit report embedded in it — is byte-for-byte unchanged since sealing. Anyone can check this offline with Omitly's Verify, which works without a licence. It does not by itself prove who ran the redaction, and it doesn't certify that the right things were selected for redaction — that judgment, and the certification that goes with a court filing, remain the professional's. We're precise about this because an evidence artifact that overclaims is worse than none.

Sources

Last updated 5 July 2026. Legal references are general information, not legal advice — obligations depend on your jurisdiction and matter. Spotted an error? Tell us and we'll correct it.