Guide
What File Metadata Reveals About You
Documents, spreadsheets, and images carry hidden information: names, locations, edit histories, and device details. Here is what travels with your files.
Every file you create carries a second, invisible payload: metadata, the structured information that software records about the file itself. Who made it, when, with what device or program, where, and sometimes how it evolved along the way. You share this payload every time you share an original file, whether or not you meant to.
Metadata is not a bug. Cameras record settings so photos can be organized; word processors record authors so collaboration works. The privacy problem arises when a file leaves its original context, and details that were helpful internally become disclosures externally.
What photos carry
Image files store EXIF, XMP, and IPTC metadata. A typical smartphone photo includes the exact capture time, the device make and model, camera settings, software version, and, if location tagging is on, GPS coordinates precise enough to identify a building. Edited images may retain the metadata of the original plus a record of the editing software.
What office documents carry
Word, Excel, and PowerPoint files record author and last-modified-by names, often taken from the account or license name on the machine. They can include total editing time, revision counts, the template used, company fields, and printer or path details in older formats. Comments and tracked changes, if not removed, preserve entire discussions that were never meant for the recipient.
PDFs have their own metadata dictionary: title, author, subject, keywords, and the creating application. A PDF exported from a word processor frequently inherits the source document's author field, which is how an 'anonymous' letter can end up carrying its writer's name.
Small details, real consequences
Individually, metadata fields look harmless. In combination, they can undermine anonymity, reveal a home address, expose internal file paths and usernames, or contradict a document's stated timeline. Journalists' sources, sellers on marketplaces, job applicants submitting edited templates, and businesses sending proposals have all been identified or embarrassed by metadata they did not know they were sending.
The pattern to remember: metadata problems occur at sharing time. Files on your own device can keep their metadata; files leaving your control should be checked.
How to see and remove it
SecretPNG's metadata tools parse and remove EXIF, XMP, and IPTC data from JPEG, PNG, and WebP images, and metadata from PDF, DOCX, XLSX, and PPTX documents, entirely in your browser. Each run produces a report of what was found before it was removed, so you can see exactly what the file would have disclosed. The original file never leaves your device.
For a broader check before sharing a batch of files, the sensitive file scanner can flag documents that appear to contain personal data patterns, though as a heuristic tool it should guide your review rather than replace it.
A pre-sharing routine
Make metadata checking a habit for files that leave your control.
- Strip metadata from images before sending originals to strangers or posting them outside major platforms.
- Run documents through metadata removal before sending externally, especially anything built from an internal template.
- Remove comments and tracked changes explicitly; metadata cleaning and revision cleaning are separate steps.
- When anonymity matters, verify with a second tool that the cleaned file is actually clean.
Limitations to keep in mind
- Removal covers standard metadata blocks; proprietary or vendor-specific hidden artifacts cannot be guaranteed gone in every file.
- Metadata removal does not affect the visible content of a document, which may itself identify you.
- Files shared before cleaning retain their original metadata in every existing copy.