// INTEGRITETSSCANNER
Ladda upp ett foto och vi analyserar den dolda metadatan — GPS-koordinater, enhetsinformation, tidsstämplar. 100% i webbläsaren. Ingenting lämnar din enhet.
Every photo your phone or camera saves is more than pixels. Right next to the image data, your device writes a block of structured information called EXIF metadata — when the photo was taken, the make and model of the camera, exposure settings, software versions, sometimes serial numbers, and on most phones, the GPS coordinates of the spot where you pressed the shutter.
That block travels with the file. If you email the photo, post it to a forum, upload it to a private chat, or share it through almost any service that doesn't aggressively re-encode images, the metadata goes along for the ride. Some platforms strip it automatically, but plenty don't. Some social networks, image hosting services, direct shares over messaging apps, and especially email attachments often keep the metadata.
Most of the time, the metadata is harmless. But there's a long list of situations where it isn't:
In each case, the visual content of the photo is the part you meant to share. The metadata is incidental — but it can reveal at least as much as the picture itself, and often more, because the picture was framed and you knew what was in it. The metadata wasn't.
MySafePic reads the EXIF block in your browser and shows you exactly what's there. You drag a photo onto the page, the scanner extracts the metadata, and you see a structured breakdown: location, device, timestamps, software trail, color profile, anything else the file carries.
You then decide. Each finding gets a quick risk classification — high, medium, or low — based on whether it could realistically identify a person, place, or device. You can clear individual fields, clear everything, or save the photo as-is once you've reviewed it.
When you click "erase", the metadata block is rewritten and a clean copy of the photo is downloaded to your device. Your original is never modified. If you don't like the result, you still have the original.
Everything happens locally, in JavaScript, on your machine. The photo never reaches our server because there is no server-side processing — there's a static file host that delivers the page, and that's it. No upload step, no "we'll get back to you in a few seconds while we scan it on our end". The scanner code runs on your CPU, looks at your file, and writes the cleaned copy straight back to your downloads folder.
You can verify this yourself: open the network tab in your browser's dev tools before dropping a photo. You'll see the page load, you'll see the scripts download, and after that — when you drag the photo in and the scanner does its work — there are zero outgoing connections carrying image data. The scanner doesn't have a way to send your file anywhere, because we didn't write one.
The scanner reads EXIF, IPTC, and XMP — the three common metadata standards embedded in JPEG, PNG, HEIC, WebP, and TIFF files. It can decode GPS coordinates (latitude, longitude, sometimes altitude), camera make/model/serial, lens specs, exposure parameters, capture and modification timestamps, software signatures (which app or operating system wrote the file), color profiles, and copyright fields.
The scanner does not analyze the image *content* (and cannot do so). It doesn't run facial recognition or scene detection on the home page. (We have a separate tool, the Face Obfuscator, for blurring faces before sharing.) It also doesn't catch metadata that's encoded outside the standard blocks — for example, a watermark visually overlaid on the image, or a steganographic signature hidden in the pixel data. Those are different problems with different tools.
The home page handles photos. The Privacy Tools index has the rest of the suite: a PDF metadata cleaner (PDFs carry their own metadata, often including the author's full name and the editing software's session history), a link tracker detector that strips UTM and other tracking parameters from URLs before you share them, and the Face Obfuscator mentioned above.
All four tools follow the same rule: client-side only, your files don't leave your browser, your originals are never modified.