Privacy Policy

ExifData.io (“we,” “us,” or “our”) operates the website located at https://exifdata.io. ExifData.io is a free, browser-based tool that removes EXIF, XMP, IPTC, and other metadata from files entirely on your device.

This Privacy Policy explains how we handle information when you use our website. Because all processing occurs client-side, this policy is refreshingly simple.

We collect no information whatsoever.

Specifically, we do not collect:

• Personal information (names, email addresses, phone numbers)
• Account or registration data (we have no accounts or sign-ups)
• Files, images, documents, or any content you process
• Metadata extracted from or removed from your files
• IP addresses, browser fingerprints, or device identifiers
• Usage data, session data, or interaction analytics
• Location data or geolocation information

We have intentionally architected ExifData.io so that no user data ever reaches our servers. There is no backend application server, no database, and no logging infrastructure that could capture your data.

When you select or drop a file into ExifData.io, the following occurs:

1. File is read into browser memory. Your file is loaded via the browser’s FileReader API. It is stored in a JavaScript variable in your browser’s RAM. It is not uploaded to any server.
2. Metadata is parsed locally. JavaScript running on your device reads and displays the metadata fields found in the file.
3. Metadata is stripped locally. When you click “Clean,” the file is re-processed in your browser to remove the selected metadata categories. No network request is made.
4. Cleaned file is offered for download. The cleaned file is generated as an in-memory Blob and provided to you via a local download link. It is never transmitted externally.
5. Automatic cleanup. All file data held in browser memory is automatically released after 5 minutes, or immediately when you click “Delete Now” or close the browser tab.

You can verify this yourself by opening your browser’s Developer Tools (Network tab) while using the tool. You will observe that no file data is ever sent to any server.

We use no cookies. ExifData.io does not set any cookies — not first-party, not third-party, not session cookies, not persistent cookies. None.

We use no analytics. We do not use Google Analytics, Plausible, Fathom, Mixpanel, or any other analytics platform. We do not track page views, sessions, clicks, scroll depth, or any other user behavior.

We use no tracking scripts. There are no pixels, beacons, fingerprinting scripts, or retargeting tags of any kind on this website.

We use no local storage. ExifData.io does not write to localStorage, sessionStorage, or IndexedDB. No data is persisted on your device between visits.

The only external network requests made by ExifData.io are to load the static assets required for the tool to function. These are served via third-party content delivery networks (CDNs):

• Tailwind CSS — loaded from unpkg.com
• Lucide Icons — loaded from unpkg.com
• pdf-lib — loaded from unpkg.com
• JSZip — loaded from cdnjs.cloudflare.com
• ExifReader / EXIF.js — loaded from cdn.jsdelivr.net

These CDN providers may log standard HTTP access data (such as IP addresses) in accordance with their own privacy policies. ExifData.io has no access to, and does not receive, any of that data. No file content, metadata, or user-specific information is included in these CDN requests.

Beyond these library loads, no other network requests are made. Your files, their metadata, and any processed outputs remain entirely within your browser.

We do not share, sell, rent, or disclose any data to third parties.

This is not a qualified statement. Because we collect no data, there is nothing to share. There are no advertising partners, no data brokers, no affiliate tracking networks, and no third-party integrations that receive any information about you or your files.

The most effective way to protect your data is to never collect it in the first place. ExifData.io follows this principle by design.

Since all file processing occurs locally in your browser, the security of your files depends on the security of your own device and browser environment. We recommend:

• Keeping your browser up to date
• Using the tool on a trusted device and network
• Closing the browser tab after you have downloaded your cleaned files

The website itself is served over HTTPS to ensure that the HTML, CSS, and JavaScript code delivered to your browser has not been tampered with in transit.

ExifData.io is designed to be fully compliant with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the UK GDPR.

Under the GDPR, your rights as a data subject include the right to access, rectification, erasure, restriction of processing, data portability, and the right to object. Because ExifData.io does not collect, store, or process any personal data, these rights are satisfied by default:

• Right of access: There is no personal data held about you to access.
• Right to rectification: There is no data to correct.
• Right to erasure: There is no data to erase. File data in browser memory is automatically deleted.
• Right to restrict processing: No processing of personal data occurs on our servers.
• Right to data portability: There is no data to export.
• Right to object: There is no data processing to object to.

Because we do not process personal data, we are not required to designate a Data Protection Officer (DPO) or maintain a Record of Processing Activities (ROPA) for this service. No legal basis for processing (such as consent or legitimate interest) is required, as no processing of personal data takes place.

We do not transfer any data across borders, as no data is collected.

ExifData.io does not knowingly collect personal information from anyone, including children under the age of 16. Since we collect no data from any user, no special provisions for children’s data are necessary. The service may be used by individuals of any age.

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you specific rights regarding your personal information. Because ExifData.io collects no personal information, we do not sell, share, or disclose personal information as defined under the CCPA. There is no data to request access to, delete, or opt out of selling.

We may update this Privacy Policy from time to time. If we make material changes, the updated policy will be posted on this page with a revised “Last updated” date. Because we do not collect contact information, we cannot notify you directly of changes. We encourage you to review this page periodically.

Any changes to this Privacy Policy will be effective immediately upon posting. Your continued use of ExifData.io after changes are posted constitutes your acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy, you may contact us at:

privacy@exifdata.io