Home Blog PDF Metadata in HR & Employment Documents

PDF Metadata in HR & Employment Documents:
What Both Sides Need to Know

The offer letter you sent. The resume they submitted. The performance review sitting in your outbox. Every one of these PDFs contains hidden data that neither party intended to share — and that both parties can read in under sixty seconds.

⚖️ For HR professionals 🎯 For job seekers

A recruiter at a mid-sized tech company sent an offer letter last year. The candidate accepted, started, and six months later was having lunch with a colleague who had received an offer for the same role. They compared notes. Same title. Twelve thousand dollars apart in base salary. Neither knew the other's number — but both had inspected their offer letters in Adobe Reader. The document title field on one of them read "Offer — Senior Engineer — Band 4 — $142k ceiling." The HR team had forgotten to clear the document title before exporting.

This is not a hypothetical. It is the kind of thing that happens regularly because PDF metadata is invisible when you open a document, but completely readable by anyone who knows where to look — and increasingly, people know where to look.

This problem cuts both ways

Most metadata guides address one audience. This one addresses two — because in employment documents, both the sender and the recipient are simultaneously at risk.

⚖️ HR professionals

You send offer letters, rejection notices, performance reviews, compensation adjustment letters, and job descriptions — all as PDFs. Each one can contain the drafter's name, internal salary band references, payroll system metadata, and modification timestamps that reveal your negotiation timeline.

A candidate who inspects an offer letter before signing may see things you never intended to disclose. Under GDPR and US state privacy laws, some of that metadata may also constitute a compliance violation.

🎯 Job seekers

You send resumes, cover letters, portfolios, and work samples — all as PDFs. Your resume contains your name from your OS account, the company name from your current employer's software license, and timestamps revealing exactly when you edited it.

If you created your resume on a work computer, the metadata may reveal your current employer before you're ready to disclose you're job hunting. If you created it at home, it may contain your home address or GPS coordinates.

What HR documents expose

The following table covers the most commonly shared HR documents and what metadata each typically contains when created in standard office software.

Document type Common metadata found Risk level
Offer letter HR drafter's name, internal document title (may include band/salary ceiling), modification timestamp showing negotiation timeline, company software license name High
Performance review Reviewer's full name, rating keywords (if used in document title/subject), modification dates revealing how long review was in draft High
Termination letter HR drafter's name, legal team reviewer's name (if passed between people), modification count revealing how many versions existed High
Compensation adjustment Author name, internal title field, payroll system producer tag, timestamp High
Job description Author, internal keywords (headcount codes, budget references), creation date Medium
Rejection letter Author name, template source (reveals whether it's a form letter), modification date Medium
Employee handbook Author, company, version history in revision count, creation date Low
The offer letter problem in detail

Word and Google Docs populate the document Title field from whatever you typed in the document's title bar or properties. Many HR teams use internal naming conventions — "OL-SenEng-B4-142" — that mean nothing to other internal teams but immediately reveal salary band and ceiling to a candidate who opens File → Properties in Adobe Reader.

The fix is two seconds: clear the Title, Author, Subject, and Keywords fields before exporting. Or strip them entirely with a metadata remover after export.

What your resume reveals

Job seekers routinely underestimate how much their resume PDF exposes. Here is what a recruiter or hiring manager would see if they inspected a typical resume created in Microsoft Word on a corporate laptop:

# ExifTool output — typical job seeker resume PDF

Author : Alexandra Chen # full name from OS account
Creator : Meridian Capital Group # CURRENT EMPLOYER revealed
Producer : Microsoft Word 16.80
Create Date : 2026:01:14 19:32:11 # started resume in Jan
Modify Date : 2026:04:28 23:14:52 # submitted Apr 28
Revision Number : 23 # 23 saves — heavily edited
GPS Latitude : 37 deg 47' N # home location
GPS Longitude : 122 deg 25' W # San Francisco area

That output reveals Alexandra's current employer — Meridian Capital Group — before she was ready to disclose she's interviewing. A recruiter at a competing firm who sees this might pass the information to contacts in her current organization. Her home location is also exposed. And the revision count of 23 suggests significant editing, which some interviewers interpret (fairly or not) as evidence of uncertainty or inconsistency in her story.

The current employer trap

This is the metadata risk that job seekers consistently underestimate. The Creator/Company field in a PDF is populated by the software license of the computer that created it — not the person's choice. If you create your resume on your work laptop, your current employer's name is embedded in every copy you send. Always create and export job search documents from a personal device.

Beyond the operational embarrassment of accidentally disclosing salary bands, there are regulatory considerations that compliance-conscious HR teams need to account for.

GDPR — EU and UK

Under GDPR Article 4(1), personal data includes any information relating to an identifiable natural person. The name of the HR professional who drafted a document, embedded in the Author field of a PDF sent to a candidate, is personal data. Sharing it without necessity may violate the data minimisation principle in Article 5(1)(c).

This applies to candidates who are EU or UK residents, even when the employer is based outside Europe — GDPR's territorial scope under Article 3(2) applies when processing relates to offering employment to people in the EU.

US state privacy laws

California's CPRA, Virginia's CDPA, and Colorado's CPA all extend privacy rights to employees and job applicants. While none explicitly address PDF metadata, their requirements around data minimisation and purpose limitation create the same practical obligation: don't share personal data that isn't necessary for the purpose.

Pay transparency laws

Colorado, California, New York, and Washington now require salary range disclosure in job postings. But that disclosure is supposed to be controlled and standardized — not inadvertently leaked through document metadata. An offer letter metadata field that reveals an internal salary ceiling higher than the disclosed range could create legal exposure.

Not legal advice

This article explains the practical implications of PDF metadata in employment contexts based on publicly available law and regulatory guidance. It is not legal advice. HR and legal teams with specific compliance questions should consult qualified employment law counsel.

How HR teams should fix this

The goal is to make metadata stripping a standard part of your document workflow — not an afterthought. It takes under thirty seconds per document.

1

Clean before export, not after

In Microsoft Word: File → Info → Check for Issues → Inspect Document → remove personal information before saving as PDF. This is the cleanest approach because it prevents metadata from entering the PDF at all.

2

Strip after export using FileIntel

Go to fileintel.me/pdf-metadata-remover, drop the exported PDF, review the Privacy Risk Score, strip all fields, and download the clean copy. Takes 30 seconds. The file never reaches a server — important when handling candidate documents.

3

Verify before sending

Re-inspect the stripped PDF before sending. A Privacy Risk Score near zero confirms the clean was complete. High-risk fields still showing means the strip missed something.

4

Add it to your document workflow policy

Update your HR document handling procedure to include a mandatory metadata strip step for all externally shared documents. Train the team once — it takes five minutes to explain and saves significant potential embarrassment or liability.

Strip metadata from HR documents now

Free. Browser-only. Your documents never reach our servers — or anyone else's.

Open PDF inspector →

How job seekers should fix this

Three things to do before sending any application document as a PDF:

1

Always create job search documents on a personal device

This is the single most important step. A resume created on a personal laptop will have your name in the Author field — not your employer's name in the Company/Creator field. Never create or edit job search documents on a work computer.

2

Strip metadata before every application

Use FileIntel's PDF Metadata Remover on your final resume before each application. Takes 30 seconds. Removes author name, GPS coordinates, modification timestamps, and any employer-identifying fields.

3

Check your own documents before they go out

Use the same inspector to verify what you're about to send. Seeing your current employer's name in the Creator field before the recruiter does is significantly better than the alternative.

How to inspect documents you receive

If you are a candidate who has received an offer letter and wants to inspect its metadata — that is entirely legal. You received the document. You can inspect it however you like.

Use FileIntel's PDF Metadata Inspector, Adobe Reader's File → Properties, or ExifTool. You may find nothing interesting. You may find that the document title contains internal salary references, or that the modification timestamp reveals the offer was revised three times in the week before it was sent. That information is legitimately yours to see and factor into your decision.

What you find in document metadata can inform your negotiation. A modification timestamp showing the offer was revised repeatedly suggests active decision-making at the hiring organization — potentially indicating flexibility. An internal document title containing a budget ceiling gives you a genuine upper bound for your counteroffer.

The bottom line

PDF metadata in employment documents is a two-sided information asymmetry problem. HR teams who strip their documents remove accidental disclosures and reduce compliance risk. Job seekers who strip their documents protect their current employer identity and personal location data. Both sides who inspect received documents gain information they are legally entitled to.

The tool is the same for all three use cases. The thirty seconds it takes is the same. The only variable is whether you know to do it.

Frequently asked

Yes. Offer letters created in Word or Google Docs can contain the document Title (which HR teams sometimes populate with internal salary grade references like 'Band 4 — $142k ceiling'), Author (the HR drafter's name), Company, Keywords, and modification timestamps. Job seekers can read all of these by opening File → Properties in Adobe Reader or using a free metadata inspector like FileIntel.
Yes. A PDF resume typically contains your author name from your OS account, the software version used to create it, creation and modification timestamps, and potentially GPS coordinates. If created on a work computer, it may also contain your current employer's name in the Creator/Company field — potentially revealing your job search before you're ready to disclose it.
The highest-risk HR documents are offer letters (internal salary band references in document title), performance reviews (reviewer identity and internal rating codes), termination letters (author and modification timeline), and compensation adjustment letters (payroll system metadata). Job descriptions can also reveal internal headcount planning details in keywords or title fields.
Yes. Under GDPR Article 4(1), personal data includes any information relating to an identifiable person. An HR professional's name in the Author field of a PDF sent to a candidate is personal data shared without explicit consent or necessity. GDPR's data minimisation principle (Article 5(1)(c)) requires that personal data be limited to what is necessary for the purpose — which an embedded author name is not.
The easiest method is FileIntel's free PDF Metadata Remover — it runs in your browser, processes the file locally (never uploads it), and strips all metadata fields in under 30 seconds. For Word documents, use File → Info → Check for Issues → Inspect Document before exporting to PDF. For Mac users, ExifTool via Terminal provides the most complete strip: exiftool -all= resume.pdf