REAL EXIF REMOVER is built from the ground up as a zero-knowledge, privacy-first utility. We believe you shouldn't have to trust our promises—so we designed our technology so that we are physically incapable of collecting your files.
1. Zero-Collection Posture
We do not collect, store, process, or transmit any images, document uploads, or metadata. All file parsing, EXIF stripping, and ZIP generation occur entirely inside your browser's local sandbox memory.
This website enforces an aggressive Content-Security-Policy (CSP) header. The browser is strictly forbidden from initiating network connections (connect-src 'none') or submitting form payloads. Your images never touch a server.
2. 100% Client-Side Architecture
When you drag and drop files onto the dashboard:
- Files are read into local memory as an
ArrayBuffer. - Web Workers parse the binary segments off the main thread.
- No visual resizing or redrawing is performed (ensuring zero quality degradation).
- Clean files are generated using in-memory Blobs and exported as standard downloads or in-memory ZIPs.
3. Cookies and Analytics
We use Google Analytics to measure aggregate website traffic and help us improve user experience. Google Analytics may set cookies and retrieve basic usage telemetry. However, please note that your uploaded images and parsed metadata are processed entirely client-side inside your browser sandbox and are never sent to Google Analytics or any other external server.
4. Map Tiles and Third-Party API Connections
The only external connection permitted by our security policy is the retrieval of geographic map tiles from OpenStreetMap (https://tile.openstreetmap.org). This connection is used solely to display a localized preview of the extracted GPS coordinates in the "Before/After" dashboard.
Only coordinates are resolved by your browser fetching tiles; your image files and metadata values are never sent to OpenStreetMap or any other external API.
5. Open Source Audits
To verify our zero-knowledge infrastructure, we encourage developers, journalists, and security practitioners to inspect the codebase. You can clone the project, compile the Web Workers, and run the server locally or offline on your own device.