Skip to content Omitly is launching soon — join the waitlist →

Proof of redaction · signed audit report + Verify

Prove the redaction is real — not just promised.

Every Omitly redaction writes a signed, tamper-evident audit report and embeds it in the PDF. Anyone can verify it — and confirm the redacted content is absent — on their own machine.

Removing the data isn't enough — you have to be able to prove it

In legal, compliance and healthcare work, the question comes later: how do you know it was redacted correctly? A finished PDF can't answer that on its own.

Omitly attaches the answer to the document — a signed record of what was removed, that it verifiably didn't survive, and which file it came from.

// after redacting

redacted.pdf + embedded audit ✓

audit.json · audit.html

// anyone, later

verify(redacted.pdf) // seal ✓ verdict ✓

check(source.pdf) // input hash matches ✓

Three artifacts, one source of truth

audit.json

Machine-readable: verdict, per-region results, document hashes, tool versions, timestamp and the signature. A signed copy is embedded inside the PDF too.

audit.html

The same facts as a clean, printable page — open it, read it, or save it to PDF to file with the matter. No tools required to read it.

Certificate

A one-page PDF summary — verdict, hashes, counts and signing key — to hand to a client, regulator or court. Export it anytime from Verify.

Redact, then verify — step by step

  1. 01

    Redact the document

    Open the PDF in Omitly (locally — no upload) and remove the sensitive content. Omitly deletes the underlying text and image data, scrubs related metadata, then runs an independent pass that confirms nothing survives inside any redacted region.

  2. 02

    Omitly writes the audit report

    On save you get the redacted PDF plus a machine-readable audit.json and a printable audit.html. Each records the verdict, the per-region results, the document's SHA-256 hashes, the tool versions, and a timestamp.

  3. 03

    A tamper-evident seal is embedded

    Omitly signs the report with this install's Ed25519 key and embeds the signed copy inside the redacted PDF itself — so the proof travels with the document and can't be quietly separated from it.

  4. 04

    Click Verify on any redacted PDF

    Press Verify in the toolbar and choose a redacted PDF. Omitly reads the embedded report, re-checks the seal, and shows the verdict: seal intact and every region verified; intact but not fully passed; seal broken (the file was altered); or no report found.

  5. 05

    Check it against the original

    In the result, choose 'check against source' and pick the original document. Omitly confirms its hash matches the input recorded in the report — proof the redaction was made from that exact file.

  6. 06

    Export a certificate

    Save a one-page PDF certificate — verdict, hashes, redaction counts and signing key on a single sheet — to file with the matter or hand to a client, regulator or court.

What Verify tells you

Seal intact & verified

The seal checks out — the file is byte-for-byte unchanged since sealing — and the report attests that every region passed and metadata was scrubbed. This is integrity, not proof of origin; compare the key fingerprint out of band if origin matters.

Seal intact, not fully passed

The seal checks out, but the report records that the redaction didn't fully pass — review the warnings before sharing. Integrity and outcome are kept separate, honestly.

Seal invalid

The document or its report was altered after sealing. Don't rely on it.

No report found

The PDF carries no Omitly audit report — it wasn't redacted by Omitly, or the report was stripped. Treated as unverified, never as a silent pass.

Frequently asked questions

What is a redaction audit report?

It's a record, written automatically with every Omitly redaction, of exactly what was removed and proof that it's gone: each redacted region with its page, coordinates, reason and a pass/fail verification verdict, plus SHA-256 hashes of the input and output documents, the tool versions and a timestamp. You get it as machine-readable JSON and a printable HTML report, and a signed copy is embedded inside the redacted PDF.

Why does verifiable redaction matter?

A black box over text isn't redaction — the data is still in the file. Even when the data is truly removed, you often need to prove it later: to a court, a regulator, a client or opposing counsel. The audit report and Verify feature turn 'trust us, it's redacted' into evidence anyone can check on their own machine.

How do I verify a redacted PDF?

Open Omitly, click Verify in the toolbar, and choose the redacted PDF. Omitly extracts the embedded audit report, re-checks its tamper-evident signature, and displays the verdict and document hashes. Optionally point it at the original source file to confirm the recorded input hash matches.

What does the seal actually prove?

That the report — and the document it's attached to — has not been altered since Omitly sealed it. A single changed byte makes the seal fail. Because the signing key is created per install and never leaves your machine, a valid seal proves integrity (nothing was tampered with), not third-party identity; Omitly shows the key's fingerprint so you can compare it out of band if you need to.

Can the recipient verify it without trusting me?

Yes. The signed report travels inside the PDF, so anyone with Omitly can run Verify and see the seal check for themselves. To tie it to the exact original, they supply the source document and Omitly confirms the input hash — no need to take your word for it.

Is anything uploaded when I verify a document?

No. Verification runs entirely on your machine, like everything in Omitly. The document never leaves your computer — there's no upload and no content telemetry — so you can verify confidential files safely, even offline.

Redact it. Prove it. Hand it over.

Try Omitly free for 14 days. Remove the data, prove it's removed, and verify it later — all on your machine.

Join the waitlist