Redact documents for publication — so the text is gone, not just hidden.
A black rectangle drawn over a name still has the name underneath it — anyone can copy-paste it out or run pdftotext and read what you hid. Lacuna removes the sensitive text from the PDF's text layer itself, auto-detects it across an entire leak or document dump, and records every decision in a hash-chained tamper-evident audit log.
A black box is a picture, not a deletion.
Most “redacted” PDFs are made by drawing a filled rectangle over the text in a PDF editor. That rectangle is just another object painted on top — the original characters are still sitting in the page's content stream underneath it. Select the area and copy, open the file in a different viewer, or run it through pdftotext, and the words you meant to hide come right back out.
It's how supposedly-redacted court filings and investigations have been un-redacted after they were published — the text was never removed, only covered. And the visible page is only half of it: a PDF also carries metadata, embedded files, and prior revisions that can leak the same names long after the black boxes look convincing.
Redact the dump, not one box at a time.
A 900-page leak is the same three steps as a single memo.
Upload one document or a whole batch. Lacuna finds names, addresses, phone numbers, emails, SSNs, and account numbers across every page automatically — no hunting for them rectangle by rectangle.
You see every detected span in context and decide what goes and what stays — redact a source's name, keep a public official's. Nothing is touched until you commit, and you can flag a span for a second read before you do.
Lacuna removes the approved text from the PDF's text layer and runs a sanitization pass that strips embedded files, scripts, attachments, and document metadata. What you download is a clean PDF, ready to publish.
The output is the same bytes you can re-verify yourself with pdftotext — not a “trust us” black box.
Every redaction leaves a record — the receipt, not the text.
Every job is written to a hash-chained tamper-evident audit log: which spans were detected, what you kept, what you removed, and when you committed it. Each entry is linked to the one before it by a SHA-256 hash, so if a single record is altered or dropped, the chain stops verifying — the tampering shows.
Crucially, the log records that a redaction happened, never what was underneath it. So it's safe to hand to an editor, a fact-checker, or a lawyer when a published redaction gets questioned — you can show your work without re-exposing the very names you removed.
Verify the chain at any time and quote the chain-head hash to support. The integrity record travels with the document, not the secret.
Your documents don't get shipped to someone else's AI.
Detection runs on Lacuna's own infrastructure — a deterministic pattern engine plus a compact AI model that labels sensitive spans on our workers. Neither pass transmits your page text to any third-party AI service. There's no “we'll just run it through a chatbot” step happening out of sight.
For a reporter protecting a source, that's the difference that matters: the names you're trying to redact aren't copied into an outside vendor's logs in order to find them. Source files are deleted from primary storage when the job completes; encrypted backups are purged on a fixed schedule. The full retention and deletion model is spelled out here.
Publish the document. Not the names.
Byte-level PDF redaction with a tamper-evident audit log — free to start, no card required.