PMDT Logo
🔒 Processing is 100% local. Photos never leave your device.

Privacy Policy

This Privacy Policy describes how the Photo Metadata Tool (“Service”) processes information. The Service is built with privacy by design: image processing runs locally in your browser; your images are not uploaded to our servers.

What We Process

  • Images and EXIF/IPTC/XMP: Processed entirely on your device using client‑side code (Web APIs, Web Workers). We do not transmit, store, or retain your images or extracted metadata on our servers.
  • Telemetry (limited): We record goal‑oriented events to improve the Service (e.g., upload started/completed counts, clean/edit completion, ZIP downloads, “Open in Maps” clicks). Events do not include image content or raw metadata values.
  • Analytics and Ads: We use Firebase Analytics and Google AdSense which may set cookies/identifiers and receive device and usage information as independent controllers. See “Third Parties”.

Third Parties and Recipients

  • Firebase Analytics (Google): Used for high‑level usage metrics. Data may include device identifiers, approximate location, and event parameters. Provider: Google LLC/Google Ireland Limited. Learn more and opt‑out: Google’s privacy controls and GA opt‑out.
  • Google AdSense: Serves non‑intrusive ads. Ad networks may use cookies or device identifiers to measure ads and, where permitted, personalize ads. Manage preferences at adssettings.google.com.
  • OpenStreetMap tiles (Leaflet): When you open the optional GPS mini‑map, your browser requests map tiles from tile servers; your IP is visible to that provider.
  • Hosting and Logs: The site is deployed on Vercel. Standard web logs (e.g., IP, user agent) may be processed by the hosting provider for operations and security. Images are not uploaded to our servers.

Legal Bases (GDPR/KVKK)

  • Essential processing: Client‑side processing of your images to provide the Service: performance of contract/your request.
  • Analytics: Consent (EEA/UK/TR) or legitimate interests (improving the Service) where permitted.
  • Advertising: Consent for personalized ads where required by law; otherwise non‑personalized ads.
  • Security/operations: Legitimate interests.

Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing; request portability; and withdraw consent (GDPR/UK GDPR/KVKK). In California, you may have rights to know, delete, and opt‑out of “sale/share” of personal information (CCPA/CPRA). We do not sell personal information. To exercise rights or raise questions, contact us via the project repository issues on GitHub.

International Transfers

Third‑party providers (e.g., Google, Vercel) may process data in the US or other countries. Where required, transfers rely on Standard Contractual Clauses and similar safeguards maintained by those providers.

Retention

  • Images/metadata: never uploaded or stored by us.
  • Telemetry: retained by analytics providers under their standard retention settings.
  • Logs: retained by hosting providers per their policies for operations and security.

Children

The Service is not directed to children under applicable age thresholds (e.g., 13/16). Do not use the Service if you are under the minimum age.

Security

We reduce risk by processing images locally, isolating heavy tasks in Web Workers, and setting a Content Security Policy. However, no system is perfectly secure; please avoid handling sensitive images on shared devices.

Consent and Controls

In regions requiring consent for analytics/ads, a consent banner may be shown. You can also use browser controls and platform opt‑outs (e.g., Google Ad Settings) to manage cookies and personalization.

Contact

For privacy questions or rights requests, please visit www.barbaros.io.

This notice reflects the current implementation of the Service. Substantial changes will be posted here.