Answer a subject access request without uploading it anywhere.
The Subject access profile keeps the requester's own details and flags everyone else's (names, contact details, identifiers) for redaction, entirely in your browser. The file is never uploaded. Not to us, not to anyone.
No upload · No account required · Works in Chrome, Edge, Firefox & Safari
The slowest, riskiest redaction job there is.
A subject access response is redaction inside-out: instead of removing one person's data, you have to keep theirs and remove everyone else's. Doing that by hand is where the time, and the breaches, come from.
It eats your calendar
Practitioners commonly report 30–60 minutes per file going line-by-line deciding whose data each name, email and phone number is. A bundle of twenty documents is a lost day.
Other people's data is your problem
Data protection law generally requires you to protect third parties' personal data when you disclose. Miss one colleague's name in a thread and the response itself becomes a breach.
The clock is statutory
Under the GDPR and UK GDPR you normally have one calendar month to respond. The redaction work is usually what makes that deadline tight.
Keep theirs. Flag everyone else's. In three steps.
The same on-device engine that powers KeptPDF's legal and healthcare redaction, inverted for subject access.
-
Drop the file in
It opens in the redaction editor instantly with the Subject access (DSAR) profile selected. Nothing is uploaded. The file is read straight into memory in this tab.
-
Enter the requester
Type their name, optionally their email, phone and your request reference. Findings that match are marked kept for subject and left readable. Every other person's details stay flagged for redaction. The matching runs on your device, and the requester's identity is never transmitted.
-
Review, apply, download
Walk the findings, then apply. The text under each box is permanently destroyed, and the audit certificate records the request reference and how many findings were preserved for the requester.
When KeptPDF isn't certain a finding belongs to the requester (a shared surname, a bare first name), it stays flagged for redaction.
The failure mode of a DSAR response is disclosing someone else's data. So the matcher only preserves a finding when the requester's name or identifiers match in full. Everything ambiguous is left for your review.
A whole bundle at once.
DSAR responses are rarely one file. Bulk Redact takes a folder or a pile of PDFs, applies the same requester to every file, and gives you one review screen across the whole batch, with a combined batch certificate at the end.
The most sensitive job, on the least exposed tool.
A DSAR bundle is by definition full of personal data, exactly the thing you shouldn't push through a cloud redaction service. KeptPDF does the detection and the redaction in your browser, so the documents (and the requester's identity you type in) are never sent to KeptPDF or anyone else. The only network traffic is a few bytes of anonymous usage counts (which tool was opened, never any content), and you can watch the whole exchange in your browser's Network tab.
Walk away with a record, not just a response.
Every redaction is independently re-read and verified: KeptPDF re-opens the finished PDF and confirms zero extractable characters remain under the boxes. The audit certificate records SHA-256 hashes of input and output, and in Subject access mode, your request reference and the count of findings preserved for the requester. It never contains the requester's name, email or phone. Pro turns it into a branded PDF you can file with the response.