Last year a real estate listing went viral on Reddit because someone reverse-image-searched the photos and pulled the GPS coordinates straight out of the EXIF metadata. The agent had taken the pictures with their iPhone, uploaded them directly, and never realized that hidden inside each JPG were the exact latitude and longitude of every room. This is not a rare incident — every photo from a smartphone or DSLR carries the same kind of hidden data, and most people upload it without a second thought.

EXIF (Exchangeable Image File Format) is a small block of structured data tucked inside the JPG, HEIC, or TIFF file alongside the actual pixels. It was designed in the late 1990s by Japanese camera manufacturers so photo software could know what shutter speed, ISO, and lens were used. Over the years phones piled on more fields: GPS coordinates, altitude, compass heading, the iOS or Android version, even the unique device identifier. PNG files do not store EXIF, but anything that came out of a camera or phone almost certainly does.

The exact fields depend on the device, but a typical iPhone photo contains roughly two dozen EXIF tags. The privacy-sensitive ones are: GPS latitude and longitude (accurate to within a few meters), altitude, the date and time the shutter fired, the iPhone model and iOS version, and the original orientation. There are also harmless technical fields like aperture, exposure time, focal length, and white balance. If you have ever wondered how Google Photos can group your pictures by location without you tagging anything, this is the answer — it just reads the GPS coordinates off each file.

Big social platforms have been quietly stripping most EXIF for a decade. Facebook, Instagram, X (Twitter), TikTok, and iMessage all drop GPS and most other metadata when you upload. But that protection ends at the edge of those platforms. Forums, WordPress sites without an EXIF-stripping plugin, Discord file attachments, email attachments, and most file-sharing services pass the metadata through unchanged. So does a direct download from a real estate listing, a Dropbox link, or anywhere else the original file ends up in the recipient's hands.

PCToolsOnline strips all EXIF as a side effect of any conversion. When you convert HEIC to JPG, JPG to PNG, or even JPG to JPG via the compress tool, the encoder builds the output file from the decoded pixel data only — none of the original metadata block survives. Because the whole pipeline runs locally via WebAssembly, your photos never leave the browser tab, which matters in the cases where you wanted EXIF removed for privacy reasons in the first place. After conversion you can verify the EXIF is gone by right-clicking the new file and checking Properties on Windows or Get Info on macOS — the location field should be empty.

There are legitimate reasons to keep EXIF. If you are archiving family photos you will want the timestamps. If you publish a photography portfolio you may want the camera and lens metadata so viewers can see how the shot was made. If you are a journalist or wedding photographer delivering files to a client, they may explicitly want the originals untouched. EXIF is only a privacy problem when (a) the file is going somewhere public and (b) the metadata contains information the original photographer did not intend to share. When in doubt, strip it — converting one extra time costs nothing, and you can always keep the original separately.