What Is EXIF Data? A Complete Guide to Photo Metadata

Every photo you take with a smartphone or digital camera has more than pixels inside it. Embedded in the file is a block of technical data called EXIF, short for Exchangeable Image File Format. It can include the camera model, GPS coordinates, the exact date and time, and dozens of other fields that most people never see.

Some of that data is useful. Some of it is a privacy risk. Here's what you need to know.

What does EXIF data contain?

EXIF metadata breaks down into several categories:

• Camera settings like shutter speed, aperture, ISO, focal length, metering mode, and flash status
• Device information including camera make and model, lens type, and firmware version
• Date and time of when the photo was taken, and sometimes when it was last edited
• GPS coordinates with latitude, longitude, and altitude (if location services were enabled)
• Thumbnail, a small embedded preview of the image
• Software that was used to edit or process the image
• Color profile including color space (sRGB, Adobe RGB) and white balance

Not every image contains all of these fields. The exact set depends on the device and its settings.

Common EXIF tags and their IDs

The EXIF spec defines hundreds of tags, each with a hexadecimal ID. These are some of the ones you'll run into most often:

These tag IDs are standardized across devices, which is what allows tools like our View JPG Metadata to read and display them consistently regardless of which camera created the file.

Where does EXIF data come from?

Your device writes EXIF data at the moment of capture. When you press the shutter button on a DSLR, a smartphone, or a compact camera, the firmware records camera settings, sensor information, and (if enabled) GPS coordinates directly into the image file alongside the pixel data.

What gets recorded depends on the device. A professional Nikon DSLR will write lens serial numbers, flash compensation values, and detailed metering data. An iPhone records the device model, a front/back camera indicator, and Apple-specific fields like the Live Photo identifier. A flatbed scanner might only record the software name, resolution, and scan date.

Screenshot tools and screen recording software embed metadata too, though usually just the basics: software name, creation date, and image dimensions.

Editing software adds its own layer. Open a photo in Photoshop, Lightroom, or GIMP and save it, and the application will typically update or add EXIF fields. Photoshop writes an XMP block with its edit history. Lightroom records develop settings and keywords. Some applications modify the DateTime field while preserving DateTimeOriginal, which makes it possible to tell when a photo was taken versus when it was last edited.

Why does EXIF data exist?

EXIF was designed to help photographers and software understand how a photo was taken. It's useful for:

• Organizing photos by date, location, or camera
• Reproducing results by reviewing exact camera settings
• Automated workflows in editing tools that read orientation, color profile, or resolution

For professional photographers, this data is essential. For everyone else sharing photos online, it's invisible. And that's where problems start.

The privacy risk

When you share a photo with EXIF intact, you might be giving away:

1. Your exact location, because GPS coordinates can pinpoint where the photo was taken to within a few meters
2. When you were there, since date and time stamps reveal your schedule and habits
3. What device you use, because camera model and serial numbers can link photos back to a specific device

Here's what that looks like in practice: you take a photo at home and upload it to a forum or online marketplace with EXIF intact. Anyone who downloads that image can extract your home's GPS coordinates, accurate to within a few meters. The same goes for photos taken at your workplace, your child's school, or any location you'd rather keep private. All it takes is downloading the image and running it through an EXIF viewer.

Social media platforms like Instagram and Facebook typically strip EXIF on upload. But sharing photos via email, messaging apps, or your own website often preserves everything.

If you're sharing photos on your own website or sending files directly, check what's inside them before you hit upload.

EXIF data and the law

EXIF data isn't just a privacy concern. It has real legal weight.

Under the GDPR (General Data Protection Regulation), GPS coordinates embedded in photos are classified as personal data. They can be used to identify or locate an individual, which means organizations operating in the EU that collect, store, or process images with location metadata must handle it with the same care as names or email addresses, including obtaining consent and providing the right to erasure.

Metadata has also shown up as evidence in court cases. EXIF timestamps have helped establish timelines in criminal investigations, and GPS coordinates from photos have placed individuals at specific locations. In some cases, metadata analysis revealed that images presented as evidence were edited or taken at different times than claimed. The DateTimeOriginal and DateTime fields can tell very different stories when a file has been modified.

Some government agencies are required to strip metadata before public release. In the United States, several federal agencies mandate metadata removal from files released under FOIA (Freedom of Information Act) requests to prevent inadvertent disclosure of sensitive information like internal file paths, author names, or revision histories.

How to view EXIF data

You can inspect any photo's EXIF data right in your browser with our View JPG Metadata. Upload a JPEG, PNG, HEIC, or TIFF file and you'll see every metadata field organized by category: camera info, GPS data, timestamps, and more.

Once inside the viewer, the fields worth checking first are GPS coordinates (latitude, longitude, altitude), DateTimeOriginal (when the photo was taken), Make and Model (which device captured it), and the Software tag (which can reveal editing history). GPS is the most sensitive by far, but even a timestamp combined with a device model can narrow down who took a photo and when.

How to remove EXIF data

If you want to strip metadata from a photo before sharing it, use our Remove JPG Metadata. It removes EXIF, IPTC, XMP, and GPS data while preserving the image quality.

This is especially useful when:

• Posting photos on a personal blog or portfolio
• Sending images to someone you don't know
• Uploading product photos to an e-commerce site

Keep in mind that removing metadata doesn't make a photo anonymous on its own. The image content itself, a recognizable building, a street sign, a face, can still reveal where and when a photo was taken. And some platforms re-embed their own metadata on upload, so what you stripped locally may not stay stripped after sharing. Metadata removal is one layer of privacy, not the whole solution.

EXIF across different file formats

EXIF is most closely associated with JPEG, but other formats carry metadata too:

You can inspect any of these with our metadata viewer. Try uploading a PNG file or HEIC photo to see the differences for yourself.

Key takeaways

EXIF data is automatic, invisible, and often more revealing than people realize. Every photo carries a fingerprint of the device that took it, the settings used, and frequently the exact location. Those fields persist through email, direct file transfers, and anywhere platforms don't actively strip them. GPS is classified as personal data under GDPR. Timestamps can show up as legal evidence. The Software tag can expose your editing history. None of this requires special access. Just a metadata viewer and the file itself.

Most people have no idea what's riding along inside their photos. That gap between assumption and reality is where privacy risks live, and closing it starts with looking.