Privacy Policy

1. Who we are

ExifGhost is a tool for viewing, editing, stripping and creating metadata profiles (EXIF and related data) of digital images, including AI-generated images. It also lets you inspect an image's metadata and mark images as AI-generated. The Service is operated by Samuele Ongaro (the “operator”), based in Italy, who acts as the data controller for the purposes of the EU General Data Protection Regulation (GDPR). You can reach us at privacy@exifghost.com.

2. Information we collect

a) Images and metadata you process

Editing runs locally in your browser. Metadata editing, optional image adjustments, batch processing and ZIP export are all performed on your own device, and those images are not uploaded to, transmitted to or stored on our servers. The single exception is the optional Certified C2PA marking (the Certify feature): to sign an image we receive it over an encrypted connection, process it in memory and return it to you, then delete it immediately — we do not store or retain it. (Our signing certificate is currently issued by ExifGhost; we are actively seeking verification from an official certificate authority.) Apart from that transient signing step, we do not receive, access, review or retain the images you process or their contents. Our free metadata viewer likewise reads everything in your browser; its optional “resolve place name” sends only the GPS coordinates (never the image) to OpenStreetMap to look up a place.

b) Account information

If you create an account, we collect your name and email address and a securely hashed version of your password (we never store passwords in plain text), and we record whether your email address has been verified. If you choose to sign in through a third-party identity provider (currently Google), we receive identifiers from that provider such as your account ID, email address and basic profile information (for example, your name). We also store an approximate country derived from your IP address at sign-up, used only for aggregate, country-level statistics.

c) Payment and billing information

Paid credits (pay-as-you-go) are billed through our third-party payment processor, Stripe. Card details are entered with and handled by Stripe; we do not collect or store your full card number. We may receive and store limited billing information, such as your credit balance, billing country, the brand and last digits of your card, and a customer reference assigned by the processor.

d) Marketing preferences (newsletter)

If you tick the optional “Send me occasional news & offers” box at sign-up, you opt in to receive the upcoming newsletter and promotional offers of samueleongaro.com — a separate website operated by the same owner (Samuele Ongaro). It is entirely optional and not required to use ExifGhost; you can visit samueleongaro.com for more information, and you can unsubscribe or withdraw your consent at any time. If you choose to opt in, we record your email address, name, the consent wording shown to you, and the date and time of your consent, so that we can send you those communications and demonstrate that consent was given. With your consent, we may also use and share these marketing contact details with samueleongaro.com to send you its newsletter and offers. Because your consent is the basis for those messages, this consent record is stored separately and is kept even if you delete your ExifGhost account, until you withdraw consent or unsubscribe. You can withdraw your consent or unsubscribe at any time.

e) Usage and device data

Like most websites, our servers automatically record technical data such as your IP address, browser type, device and operating system, pages visited, referring URLs and timestamps (log data). We also keep privacy-friendly, aggregate analytics: counts of page views, referring sites and product events (such as sign-ups or credit purchases), a daily visitor signal derived from a one-way, irreversible hash that rotates each day — so individual visitors are not identified, and cannot be tracked across days — and an approximate country derived from your IP address (kept only as aggregate per-country counts, never your IP). We use no tracking cookies and no third-party analytics; this processing is based on our legitimate interest in understanding and improving the Service.

f) Cookies and similar technologies

See the Cookies section below.

g) Communications

If you contact us, we keep your messages and contact details to respond and for our records.

3. How we use information

• to provide, operate and maintain the Service;
• to create and authenticate your account and keep you signed in;
• to process payments and manage your credit purchases and balance;
• to send you transactional messages such as email verification, account, security and billing notices;
• to send product updates or other marketing communications only where you have given consent, which you may withdraw at any time;
• to improve, troubleshoot, secure and develop the Service;
• to comply with legal obligations and to enforce our Terms of Service and Acceptable Use Policy;
• to detect, prevent and address fraud, abuse and security incidents.

4. Legal bases (GDPR)

Where the GDPR applies, we process personal data on the following bases: performance of a contract (to deliver the Service you request); consent (e.g., optional analytics or marketing, which you may withdraw at any time); legitimate interests (to secure, improve and operate the Service); and legal obligation (to comply with applicable law).

5. Sharing & disclosure

We do not sell your personal data and we do not share it for third-party advertising. We share limited personal data only with:

• Service providers (processors) who help us run the Service, acting on our instructions and bound to protect your data — currently our hosting and infrastructure provider, our payment processor (Stripe), our email-delivery provider, and, where you choose to use it, your sign-in identity provider (Google);
• samueleongaro.com, a separate website operated by the same owner — but only your marketing contact details (email and name) and only where you have given consent, for its newsletter and offers;
• Legal and safety recipients, where we believe in good faith that disclosure is required to comply with the law, respond to lawful requests, or protect the rights, property or safety of ExifGhost, our users or the public;
• a successor entity in connection with a merger, acquisition or sale of assets, subject to this Policy.

6. Cookies

We use only a strictly necessary cookie to operate the Service: a session cookie that keeps you signed in after you log in. We do not use advertising or third-party tracking cookies. We may also use your browser’s local storage to remember your session and basic preferences. All fonts are served from our own server (self-hosted), so loading the Site sends no font request to third-party content-delivery networks. You can control or clear cookies and local storage through your browser settings; disabling the session cookie will prevent you from staying signed in.

7. Data retention

We keep personal data only for as long as necessary for the purposes described here, to comply with legal obligations, resolve disputes and enforce our agreements. Account data is retained until you delete your account or ask us to delete it. When you delete your account, its sessions and tokens are removed. If the account holds purchased credits it is deactivated and enters a 30-day recovery window (logging back in restores it and its credits); an account with no credits is deleted immediately. After the recovery window the account and its associated data are permanently deleted, along with any associated payment-provider customer record, and any remaining purchased credits are forfeited and not refunded. Marketing data is kept until you withdraw consent or unsubscribe. Billing and transaction records may be retained by our payment provider for the period required by applicable accounting and tax law. Server log data is retained for a limited period. To enforce free-tier usage limits and prevent abuse, we keep a minimal usage record derived from a one-way hash of your email address together with a counter; it contains no readable email and is automatically deleted within about 24 hours.

8. Security

We use reasonable technical and organisational measures to protect your information, including encryption in transit (HTTPS), hashed storage of passwords (we never store them in plain text) and access controls. Because your images are processed locally and (apart from the transient Certified C2PA signing step described above, after which the image is deleted) do not reach our servers, they are not exposed to ongoing server-side storage risk. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. International transfers

Some of our service providers may process data outside the European Economic Area. Where this happens, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or an adequacy decision.

10. Your rights

If you are in the EEA or UK, you have the right to access, rectify, erase, restrict or object to the processing of your personal data, to data portability, and to withdraw consent at any time. To exercise these rights, contact privacy@exifghost.com. You also have the right to lodge a complaint with a supervisory authority — in Italy, the Garante per la protezione dei dati personali. We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you. We aim to respond to requests without undue delay and within the timeframes required by law.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Third-party services

The Service integrates or links to third parties, including Google (sign-in), Stripe (payment processing), our email-delivery provider, OpenStreetMap (only when you tap “resolve place name” in the metadata viewer, to turn GPS coordinates into a place name), and external websites we may link to. Their handling of your data is governed by their own privacy policies, which we encourage you to review.

13. Your content & responsibility

ExifGhost is a neutral, automated tool. Because image processing happens locally in your browser — other than the transient Certified C2PA signing step, where the image is processed in memory and deleted immediately — we do not review, moderate, endorse or control the images or metadata you process, nor do we retain them. You are solely and fully responsible for the images and metadata you use and for ensuring you hold all rights and consents required by law, including in respect of any identifiable people who appear in your images. You must use the Service only for lawful purposes and in compliance with all applicable laws and the rights of others. ExifGhost does not verify whether metadata values are accurate, truthful or authentic. Metadata is editable information and should not be used as proof of authenticity, origin, ownership, location or time of capture. Please see our Terms of Service and Acceptable Use Policy for important responsibilities and restrictions.

14. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will revise the “last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

15. Contact

For any question about this Policy or your personal data, contact us at privacy@exifghost.com.