Every PDF you send carries a second document inside it: a small record of who made it, with what software, on which dates, and sometimes more. Most people have never looked at their own files’ metadata, while recruiters, lawyers, and journalists look at other people’s as a matter of routine. This guide shows what is in there, what it can give away, and how to check and clean your own files, starting with a look in our free PDF metadata viewer, in your browser, no upload.
In this guide
The fields every PDF carries
PDF metadata lives in a small dictionary at the document level (often duplicated in a newer XML block called XMP). The standard fields:
| Field | What it holds | Typical value |
|---|---|---|
| Title, Subject, Keywords | Whatever the author or template set | often a template’s leftover title |
| Author | A name or system username | the login name of whoever installed the office suite |
| Creator | The application that authored the content | a word processor and version |
| Producer | The software that wrote the PDF bytes | an export library and version |
| CreationDate, ModDate | Timestamps, with timezone offsets | down to the second |
None of it is hidden in any technical sense; it is simply off-screen, which for most senders amounts to the same thing.
What metadata can reveal
- Names you did not mean to send. The Author field inherits from software installation or company templates, so “anonymous” feedback, bids, and reviews routinely ship with a real name or a corporate username attached.
- Timelines. CreationDate and ModDate expose when a document was really written and last touched, including the timezone. A “we prepared this months ago” claim with last week’s ModDate is a story metadata loves to tell, and versions of that embarrassment surface in legal and political documents with some regularity.
- Your toolchain. Creator and Producer reveal software and versions, mildly sensitive for organizations (outdated software invites attention) and occasionally awkward (“crafted by hand” reports produced by an automated generator).
- Leftover titles. The Title field keeps whatever the first save called the file, which is how documents go out titled after the previous client whose contract was reused as a template.
The common thread: nothing in the list is exotic. It is ordinary bookkeeping, attached automatically, sent unexamined.
When metadata is useful, not dangerous
The same fields, pointed inward, are genuinely handy. Proper titles and authors make document libraries searchable; timestamps settle “which version is newer” disputes honestly; the Producer field is the first diagnostic when a PDF misbehaves, since it names the software that wrote it. The goal is not metadata hygiene as paranoia, it is knowing what your files say before someone else reads it. Inside your own organization, say more; leaving the building, say less.
How to check and clean your files
- Look first. Drop the file into the metadata viewer and read what it carries. Thirty seconds, and usually the moment of surprise.
- Strip what should not travel. Our compress tool removes removable metadata as part of its cleanup, and most PDF applications offer a “remove document properties” step on export.
- Fix it at the template. If every outgoing document inherits the same wrong Author, the fix belongs in the office suite’s identity settings and the company template, once, rather than per file forever.
- Re-check after editing tools. Some editors helpfully re-add their own Producer stamp and fresh ModDate, which is honest of them but worth knowing before you promise a file is clean.
The wider context of doing all this without uploading the sensitive file anywhere is the point of our PDF pillar: metadata inspection is precisely the job you do not want to perform by uploading the document to a stranger’s server.
The same story inside images
Photographs carry their own metadata dialect, EXIF, and it is chattier than PDF’s: camera model, lens, exposure settings, timestamps, and, when location services were on, GPS coordinates of where the photo was taken. A photo attached to a listing or sent in a chat can disclose a home address with coordinates accurate to a few meters. The EXIF viewer shows what a photo carries, and the EXIF remover strips it, both client-side. The habit transfers exactly: look before you send, and the photo side has its own full guide.
Frequently asked questions
Is reading someone’s PDF metadata legal or sneaky?
It is part of the file they sent, readable by any viewer’s properties dialog; nothing is being decrypted or hacked. Treat it as the digital equivalent of reading the letterhead, and assume recipients of your files do the same.
Does printing to PDF remove metadata?
It replaces it: the print pipeline writes fresh metadata naming itself, dropping the original author and dates. The output also loses real text quality features, so it is a blunt tool; purpose-built stripping is cleaner.
Can metadata prove who wrote a document?
It is evidence, not proof: fields are plain data that any tool can edit, so they can be wrong in both directions, accidentally misleading or deliberately altered. Courts treat metadata as one signal among many, and so should you.
Do password-protected PDFs hide their metadata?
Usually not: in common encryption setups the metadata stays readable so that file managers can index the document. If the metadata itself is sensitive, that default deserves attention before the file travels.