You spent a weekend polishing your resume. Every bullet point earns its place, the layout is clean, the file is named Jane_Doe_Resume_2026.pdf like the guides tell you. Then a recruiter opens it, glances at the document properties out of habit, and sees: Author: Kevin Zhang. Who's Kevin? Kevin is the friend whose resume template you borrowed two years ago. His name has been riding inside your PDF ever since, invisible to you, one keyboard shortcut away from anyone else.
PDF metadata is the least glamorous privacy topic there is, and that's exactly why it keeps biting people. Photos get all the attention — everyone's heard about GPS coordinates in vacation pics by now — but PDFs quietly record who made them, with what software, and when, and a job application is the one context where a stranger has both the motive and the time to look.
Where a PDF keeps its secrets
Every PDF can carry metadata in two places, and most carry both. The first is the Info dictionary — a small set of key-value pairs dating back to the earliest PDF specs. The usual suspects:
| Field | What it typically contains | How it can embarrass you |
|---|---|---|
/Title | Document title, often auto-filled from the first heading or the original filename | "resume_template_FINAL_v2" or the name of the template product you started from |
/Author | The name or account associated with the software that created the document | Someone else's name entirely — a friend, an ex-colleague, "Registered User" |
/Creator | The application the document was authored in | "Canva" when your resume claims advanced InDesign skills |
/Producer | The software that generated the PDF file itself | A cracked-software string, an online converter's brand stamp, or a version from 2019 |
/CreationDate | When the file was first created | A date three years before the "recently updated" resume you're submitting |
/ModDate | Last modification timestamp | 11:47 p.m. the night before the application deadline — or during your current work hours |
The second location is XMP — an XML packet embedded in the file, introduced by Adobe and standardized since. XMP duplicates most of the Info dictionary (dc:creator, xmp:CreatorTool, xmp:CreateDate) and adds its own: document IDs that persist across edits, revision histories in some workflows, even the toolchain of every conversion step. The practical consequence: cleaning one layer and not the other leaves half the story intact. Plenty of "remove PDF metadata" advice online only touches the Info dictionary, and this is the part most guides get wrong.
Awkward scenarios that actually happen
None of these are exotic. They're the ordinary mechanics of how people actually make resumes, colliding with fields nobody looks at.
The borrowed template
You asked a friend for their resume because the formatting was nice, deleted their content, typed in yours, exported. Word and Google Docs both carry the original author metadata forward in this workflow more often than you'd expect, and Word in particular fills /Author from the account that created the original file. Result: your resume, their name. Recruiters have written about spotting this; at best it reads as sloppy, at worst it invites questions about whose work the document really is. The same applies to templates bought from Etsy shops or downloaded from template sites — the seller's branding sometimes sits in the Title or Author field of every customer's "custom" resume.
The Producer field that tattles on your software
The /Producer string is brutally specific: "Microsoft® Word for Mac 16.94", "iLovePDF", "wkhtmltopdf 0.12.6". Two ways this stings. If you're applying for a design role with "expert in Adobe Creative Suite" on the resume and the file says it was born in Word, that's a small credibility ding a detail-oriented reviewer will notice. And if you exported from a pirated copy of some tools — certain cracked PDF printers and converters stamp their unlicensed status right into the Producer or as a watermark string — you've just disclosed software piracy on a job application. I've seen files in the wild where the Producer field literally included the word "unregistered." Not a great look next to "strong attention to detail."
The timestamp that contradicts you
Cover letter says you "updated my resume to highlight recent work." /CreationDate says March 2023, /ModDate says March 2023. Maybe you genuinely didn't need to change anything — fair enough — but the metadata just told a different story than you did, and you don't get to be in the room when the reader decides which one to believe. Timestamps also leak in the other direction: a modification time of 2:30 p.m. on a Tuesday is a tiny, checkable hint that you were job-hunting on your current employer's clock.
The converter detour
A quieter variant: you wrote the resume in Google Docs, downloaded it as a PDF, then ran it through some free online tool to compress it or merge it with your cover letter. Each hop rewrites the Producer field, and now your resume announces it passed through a random web converter — which also means a copy of your full name, address, phone number and work history sat on that converter's servers for however long their retention policy says, assuming they have one. The metadata is the visible symptom; the upload was the actual wound. This is exactly why cleaning tools that run locally matter for documents like this.
A resume is a document where you control every visible word. The metadata is the one part of the file that speaks without your permission.
Do recruiters really check?
Honestly — most don't, most of the time. Nobody's running forensic analysis on five hundred applicants. But the question is framed wrong. Document properties are one click away in every PDF reader; some ATS platforms display the metadata fields right in the interface, and the Title field in particular shows up in browser tabs when the PDF is opened in Chrome or Safari. It doesn't take a curious recruiter, it just takes a visible one-liner in a tab that says "Kevin_Resume_Template". You're not defending against an investigation. You're defending against a glance.
And for senior or sensitive roles, some reviewers do look deliberately, for the same reason they look at your LinkedIn: every scrap of unguarded information is signal. The cost of cleaning the file is thirty seconds. The asymmetry decides it.
How to check what your resume is saying
Before fixing anything, look at what's there. You've got the tools already installed:
- In Adobe Acrobat or the free Acrobat Reader: File → Properties (Ctrl+D on Windows, Cmd+D on Mac). The Description tab shows Title, Author, Subject, Creator, Producer and both dates.
- On a Mac, open the PDF in Preview and hit Cmd+I for the inspector — same fields, fewer clicks.
- In any browser, drag the PDF into a tab and watch what the tab title says. That's the
/Titlefield greeting everyone who opens your file. - Command-line users can run
exiftool resume.pdf, which dumps both the Info dictionary and the XMP packet — the only view on this list that reliably shows you the second layer.
Check every field against one question: would I be comfortable with this line printed at the top of my resume? Because functionally, it is.
While you're in there, spare a thought for the metadata you can't see in the properties dialog. PDFs support incremental saves, where edits are appended to the end of the file rather than replacing the original — meaning a document edited in certain tools can still contain its earlier versions, recoverable with the right software. Resumes built by "fill in your details" tools are rarely affected, but if you redacted something by drawing a black box over it in a PDF editor, be aware that the text underneath is very possibly still in the file. Redaction and metadata removal are different operations, and confusing them has embarrassed everyone from law firms to government agencies over the years.
How to clean it properly
Editing the fields by hand in Acrobat works but is tedious and easy to get wrong — blanking the Description tab doesn't always touch the XMP packet, and exporting from Word again just writes fresh metadata from the same account. Acrobat's "Remove Hidden Information" sanitizer is thorough but lives behind a paid tier.
The simpler route: run the file through our PDF metadata remover, which strips the Info dictionary and the XMP packet together and hands you back a clean file. It runs entirely in your browser — worth emphasizing for this use case specifically, because uploading your resume, with your full name, address and employment history, to a random "free PDF cleaner" server is trading one privacy problem for a bigger one. Nothing here leaves your machine.
Two habits worth adopting alongside the cleanup. First, clean the final file, not the draft — every re-export from Word or Google Docs re-stamps the metadata, so sanitizing has to be teh last step before sending. Second, check the result: reopen properties and confirm the fields are actually empty. If you're also attaching work samples, remember they carry their own baggage — portfolio images have EXIF and sometimes C2PA credentials worth stripping with a photo metadata remover before they go in the same email.
Your resume gets one first impression. Let the words you chose make it — not the fields you never knew were there.