How to burn an employee signature out of hr onboarding scans
- Step 1Export the signed page to an image — If the onboarding doc is a PDF, export the signature page to PNG or JPG from your PDF viewer first — the Signature Burner uses the browser's
<img>decoder and will not render a.pdf. If you already have a scan saved as an image, skip straight to dropping it in. - Step 2Drop one image into the tool — The burner is single-file (acceptsMultiple is false), so drop one scan at a time: the signed offer letter, the I-9, or the acknowledgement page. The picker draws it into a preview canvas capped at 640px wide; the caption shows the true source size, e.g.
source 2480×3508. - Step 3Drag a rectangle over the signature line — Press and drag across the signature. A translucent red box tracks the drag and the readout reports the region in source pixels:
Region: 720×150 @ (300, 2900). The box is captured asx,y(top-left) andw,h(width, height). - Step 4Nudge the box with the numeric fields (optional) — Four number inputs — X, Y, Width, Height — are pre-filled from your drag. Type exact values to extend coverage, e.g. raise
hto catch a date initialed just under the line. Editing a field repaints the red overlay so you can confirm the whole signature is inside the box. - Step 5Burn the region — Run the tool. The processor fills your rectangle with solid
#000and re-encodes the image as PNG. The burn only applies when bothwandhare greater than zero — a click with no drag leaves a zero-area box and redacts nothing (the image is just re-encoded). - Step 6Download and verify before forwarding — The output downloads as
<original>-burned.<ext>, keeping your input's extension even though the bytes are now PNG. Open it cold, zoom into the black box, and try to select over it — there is nothing to select because it is pixels. Now it is safe to attach to the email or drop in the shared folder.
The only four controls — burn-region geometry
The Signature Burner exposes exactly four numeric options, all in source-image pixels. There is no color, blur, pixelate, multi-region, or auto-detect control — drawing on the preview just sets these four numbers, which you can also type by hand.
| Option | Meaning | Default | Set by |
|---|---|---|---|
x | Left edge of the burn rectangle, in source-image pixels | 0 | Drag start, or the X field |
y | Top edge of the burn rectangle, in source-image pixels | 0 | Drag start, or the Y field |
w | Rectangle width in px. Burn applies only when w > 0 | 0 | Drag distance, or the Width field |
h | Rectangle height in px. Burn applies only when h > 0 | 0 | Drag distance, or the Height field |
Common onboarding documents and what to burn
Illustrative regions for typical 300dpi letter-size scans (2480×3508). Your exact coordinates come from the live readout when you drag — these show the model, not fixed presets.
| Document | What to redact | Typical region (illustrative) | Run again for… |
|---|---|---|---|
| Signed offer letter | Candidate's wet-ink signature | w=760 h=150 @ (300, 2980) | A second signer (counter-signature) |
| Form I-9 page 1 | Employee signature block | w=820 h=140 @ (260, 2640) | Preparer / translator signature |
| NDA / policy ack | Signature + initials in margin | w=700 h=160 @ (320, 3050) | Margin initials on prior pages |
Where it runs and the file caps
Signature Burner is browser-only (Canvas) and gated at the Pro tier. File-size caps are the per-tier security-family limits; the tool processes one file per run.
| Tier | Can run? | Max file size | Files per run |
|---|---|---|---|
| Free | No — requires Pro | — | — |
| Pro | Yes | 100 MB | 1 |
| Pro-media | Yes | 500 MB | 1 (single-file) |
| Developer | Yes | 2 GB | 1 (single-file) |
Cookbook
Practical HR redaction passes. Coordinates are illustrative but use the tool's real x/y/w/h model and its actual image-in / PNG-out behaviour.
Burn the signature off a signed offer letter
An HR coordinator needs to send a hiring manager proof the offer was signed, without forwarding the candidate's actual signature. Export the signature page to PNG, drag over the line, burn.
Input: offer-letter-signed.png (2480×3508, 300dpi) Drag over the signature → Region readout: 760×150 @ (300, 2980) Options captured: x=300 y=2980 w=760 h=150 Burn → solid #000 fills that rectangle; whole image re-encoded as PNG. Output: offer-letter-signed-burned.png • signature pixels overwritten — nothing under the box • name, title, date left intact
Redact employee + preparer signatures on an I-9 (two passes)
Form I-9 has an employee signature and a preparer/translator signature. The burner takes one rectangle per run, so burn the first, download, drop the result back in, and burn the second.
Pass 1: input: i9-page1.jpg region: w=820 h=140 @ (260, 2640) # employee sig output: i9-page1-burned.jpg (PNG bytes inside .jpg) Pass 2: input: i9-page1-burned.jpg (pass-1 output) region: w=780 h=140 @ (260, 3050) # preparer sig output: i9-page1-burned-burned.jpg Rename final → i9-page1-redacted.png
Extend the box to catch initials under the line
A fast drag often misses a date or initials a signer dropped just below the signature line. Type into the Height field instead of redrawing.
After drag: x=300 y=2980 w=760 h=150 Observed: hand-written date sits 20px below the box Edit field: h=150 → h=200 (extend down 50px) Red overlay repaints → date now covered → burn.
Forwarding a benefits enrollment scan to a broker
Benefits brokers need the form data, not the employee's signature. Burn it before the file leaves your machine so the broker never receives the biometric.
1. Scan/export enrollment form → enrollment.png 2. Drop into Signature Burner 3. Drag over signature: w=700 h=150 @ (340, 3010) 4. Burn → enrollment-burned.png Note: also strip hidden EXIF before sending — a phone scan may carry GPS. See /image-tools/exif-scrubber.
Confirm the personnel record is clean
Before the redacted scan goes in a shared folder, prove there is nothing under the box. Open it cold and probe.
Verification on <file>-burned.png:
• Zoom 800% into the black box → uniform #000, no ghost ink
• Select/copy over the box → nothing selectable (pixels)
• File is one flat PNG raster — no layers, no annotation
objects, no /XObject form to delete
• Byte size differs from input — re-encoded, not appendedEdge cases and what actually happens
You drop the onboarding PDF straight in
Fails to loadBoth the picker and the burn step decode with the browser's <img> element, which cannot render a PDF, so a .pdf throws 'Failed to load image' with no preview. Export the page to PNG/JPG first, or for redacting text in a born-digital PDF use /pdf-tools/pdf-pii-redactor.
Output is PNG even though you dropped a JPG
By designThe canvas is always re-encoded with toBlob(..., 'image/png'), so every output is PNG bytes regardless of input. The re-encode is what bakes the black box in permanently. The file keeps its original extension in the name (<name>-burned.jpg), so it is PNG bytes inside a .jpg name — rename to .png if a strict HR system insists.
You clicked without dragging
No-opThe burn fills only when both w > 0 and h > 0. A click with no drag leaves w/h at 0, so nothing is redacted — the scan is just re-encoded to PNG and downloaded. If the output looks unchanged, confirm the region readout shows a non-zero w×h before burning.
Manager asks you to redact a whole batch of scans
One at a timeThe tool is single-file (acceptsMultiple is false): one image and one rectangle per run. For a stack of onboarding scans, process them one by one. There is no batch or multi-region mode in this tool.
Free-tier HR account tries to run it
Tier requiredSignature Burner is gated at the Pro tier (minTier pro); Free accounts cannot run it. Pro allows up to 100 MB per file, Pro-media 500 MB, Developer 2 GB. A typical 300dpi letter scan is well under any of these caps.
Preview looks tiny next to your big scan
ExpectedThe preview is capped at 640px wide and only scaled down. The burn does not use preview coordinates — every drag is converted to source-image pixels (the caption shows the true source W×H), so a box drawn on the small preview lands exactly on the signature line of the full scan.
Signature loop pokes out after burning
Re-runBurn covers only the rectangle you set, so a flourish or descender outside the box stays visible in the output. Drop the burned file back in and burn a second box over the remainder, or widen w/h before the first burn. There is no eraser or undo within a single run.
Black box drawn in a PDF viewer instead of here
Reversible — avoidA rectangle added as an annotation in a PDF viewer is a separate layer; deleting it or running pdftotext exposes the signature. That reversible 'redaction' is exactly the failure this tool prevents — burning re-encodes a flat raster with no separable layer to remove.
Phone-camera scan with an unusual color profile
Depends on browserThe tool uses the browser's native decoder. Standard sRGB PNG/JPG always work; a CMYK JPEG or a file with an exotic ICC profile may fail to decode in some browsers, surfacing as 'Failed to load image'. Re-save it as a standard sRGB PNG/JPG and retry.
Redacted PNG is bigger than the original JPG
ExpectedOutput is always a lossless PNG, so a small lossy JPG often grows on re-encode. The untouched pixels are visually identical; the size change is just PNG vs JPG encoding, not data loss or hidden data.
Frequently asked questions
Is the employee's signature actually gone, or just hidden?
Gone. The tool fills your rectangle with solid #000 on a canvas and re-encodes the whole image as a new PNG. The output contains only the pixels the canvas painted — the ink under the box was never written into the result. There is no annotation, layer, or form object to delete, so it cannot be peeled back the way a PDF viewer's black box can.
Can I redact the signature directly in the PDF I scanned?
Not in this tool — it decodes input with the browser's <img> element, which cannot render a PDF, so a .pdf throws 'Failed to load image'. Export the page to PNG/JPG and burn that, or to redact text in a born-digital PDF while keeping the rest searchable use /pdf-tools/pdf-pii-redactor. To strip hidden PDF metadata, see /pdf-tools/pdf-metadata-scrubber.
Does burning the signature damage the rest of the document?
No. Only the rectangle you set is filled with black; every pixel outside the box is redrawn unchanged in the re-encode. The name, title, date, and form fields stay legible — only the signature line is overwritten.
Can I redact a whole folder of onboarding scans at once?
No — the tool is single-file (acceptsMultiple is false) and takes one rectangle per run. Process scans one at a time. For multiple signatures on a single page, burn one, download, drop it back in, and burn the next.
Does the personnel file get uploaded anywhere?
No. The burner runs entirely on the HTML Canvas in your browser tab; the scan never reaches a server. That is what makes it appropriate for sensitive HR records. An audit-log entry is emitted locally so you have a record the redaction step ran before the file was forwarded.
Why is my output a PNG when I dropped a JPG?
The canvas is always re-encoded with toBlob(..., 'image/png') — that re-encode is what bakes the black box permanently into the pixels. So a JPG in becomes PNG out. The file keeps its original extension in the name (<name>-burned.jpg), so it is PNG bytes inside a .jpg name; rename to .png if an HR system is strict about extensions.
Can I pixelate the signature instead of blacking it out?
No. The fill is solid opaque black (#000) and is not configurable — there is no color, blur, or pixelate control here. For pixelating faces in onboarding photos, see /video-tools/face-pixelate. For a signature, solid black is the standard and is what this tool produces.
I drew on the small preview — will the box land on the right spot at full resolution?
Yes. The preview is capped at 640px wide for convenience, but every coordinate is converted to source-image pixels before the burn. The readout shows your region (720×150 @ (300, 2900)) and the true source size (source 2480×3508), so the box lands exactly on the signature line of the full scan.
What image formats can I drop in?
Anything the browser's image decoder reads: PNG, JPG, GIF, WebP, and BMP. Animated GIFs burn the first frame only. PDFs are not supported — convert the page to an image first. CMYK JPEGs or files with unusual color profiles may fail to decode; re-save as standard sRGB PNG/JPG if you hit 'Failed to load image'.
Why did nothing get redacted when I ran it?
The burn applies only when both width and height are greater than zero. A click with no drag leaves w and h at 0, so the rectangle is a no-op — the image is just re-encoded to PNG. Check the region readout shows a non-zero w×h, or type values into the Width/Height fields, then run again.
What tier do I need and how large can a scan be?
The tool requires the Pro tier (Free cannot run it). File-size caps follow the security family: Pro 100 MB, Pro-media 500 MB, Developer 2 GB per file. It is single-file regardless of tier — one scan per run, no batch mode.
How do I prove the redaction is clean before forwarding?
Open the -burned.png output cold, zoom to 800% into the box — it should be uniform #000 with no ghost ink — and try to select/copy over it, which returns nothing because it is pixels. The file is one flat PNG with no layers or annotations to delete. To verify integrity across copies of the record, see /security-tools/multi-hash-fingerprinter, and check images for hidden EXIF with /image-tools/exif-scrubber.
Privacy first
Every JAD Security operation runs entirely in your browser. Files, passwords, and PGP private keys never leave your device — verified by zero outbound network requests during processing.