You can encrypt a message so no one reads it - and still give away who you contacted, when, and from where. That hidden layer is metadata: data about your data. This guide explains what metadata is, the everyday examples, why it is a real privacy risk even with encryption, and how to limit what you leak.
The short definition
Metadata is data that describes other data. It is not the content of a file or message - it is the context around it: the who, when, where and how. A letter's content is the words inside; its metadata is the postmark, the address and the date. The same split applies to everything digital. The photo is the content; the time, place and camera are the metadata.
Everyday examples
Metadata is attached to almost everything you create:
- Photos carry EXIF data: the date, the camera or phone model, settings, and often the exact GPS coordinates where the shot was taken.
- Emails have headers: who sent it, who received it, the timestamp, and the servers it passed through.
- Documents store properties: the author's name, when it was created and edited, and the software used.
- Calls and messages generate records: the numbers involved, the time, and how long they lasted.

Why metadata matters for privacy
Here is the part most people miss. End-to-end encryption can hide the content of your messages, but it usually does not hide the metadata. The service still needs to know where to route a message, so it sees who you talked to and when. Collected over time, that pattern is revealing. It can map your daily routine, your location, your social circle and your habits - without anyone ever reading a word you wrote.
That is why metadata is so valuable to advertisers, data brokers and surveillance. It is structured, easy to analyse at scale, and often less protected than content. As the saying in intelligence circles goes, content tells you what someone said, but metadata tells you who they are.
Related guides
To dig deeper, see how zero-knowledge handles cloud metadata, what a data breach is and what a digital footprint is.
Zero-knowledge storage → pCloud + Crypto
Swiss jurisdiction · Client-side (zero-knowledge) encryption with the Crypto add-on · Keeps your file contents private from the provider
How to limit the metadata you share
You cannot erase all metadata - routing and storage genuinely need some of it - but you can cut the most revealing parts. Strip location and EXIF data from photos before you post them, and turn off location tagging in your camera. Remove document properties before sharing files. Prefer services that minimise the metadata they keep, and lean on encryption for content while staying aware of its limit. The single biggest win for most people is simple: stop leaking your location.
A worked example: what one photo can reveal
It helps to see how much sits inside a single ordinary file. A photo taken on a modern phone routinely embeds EXIF metadata - and that block can include far more than the image. Typical fields are:
| EXIF field | What it can reveal |
|---|---|
| GPS coordinates | The exact spot the photo was taken - often accurate to a few metres. |
| Date and time | When you were there, down to the second, sometimes with time zone. |
| Camera / phone model | The device, which helps link many photos to the same owner. |
| Software / edit history | The app used, and sometimes that the image was edited. |
Post one holiday photo and you may share where you were. Post a photo from home and the GPS field can quietly publish your address. Because the same model of phone tags every shot the same way, a set of images from one person becomes easy to cluster and map - a timeline of where someone has been, assembled without ever reading a caption. This is why "just a photo" is rarely just a photo.
How to strip metadata, by file type
Stripping metadata is straightforward once you know where it lives. The steps differ a little by file type:
- Photos (EXIF/GPS). The biggest single fix: turn off location tagging in your camera app so new photos carry no GPS. For existing photos, most phones and operating systems can remove location when you share ("Options → Remove Location" on iOS share sheets; on Windows, file Properties → Details → Remove Properties and Personal Information).
- Documents (author, edit history). In word processors, use the built-in inspector - for example File → Info → Check for Issues → Inspect Document in Microsoft Office, which can remove author names, comments and revision history before you share.
- PDFs. Exported PDFs often carry the author and source-software fields. Many PDF tools have a "sanitise" or "remove hidden information" option that clears them.
- Before sending anywhere public. When in doubt, take a screenshot of an image instead of sending the original file - a screenshot does not carry the source photo's EXIF block.
You will not get every trace (a messaging service still records that a message was sent, and when), but removing EXIF/GPS and document properties cuts the most identifying parts before they ever leave your device.
Frequently asked questions
Does end-to-end encryption hide metadata?
Usually not. End-to-end encryption protects the content - what you said - but the service still needs routing information to deliver a message, so it can see who you contacted and when. That envelope of metadata typically stays visible to the provider even when the message body is encrypted. Reducing metadata is a separate task from encrypting content.
What is EXIF data?
EXIF (Exchangeable Image File Format) is the block of technical metadata embedded in a photo by the camera or phone. It can include the date and time, the device model, the camera settings and - the most sensitive field - the GPS coordinates of where the photo was taken. Stripping EXIF, especially the location, is the single most useful metadata step for most people.
How do I remove location data from a photo before posting it?
The cleanest approach is to stop it being recorded in the first place: turn off location/GPS tagging in your camera app's settings. For photos that already have it, both iOS and Android offer a "remove location" option when sharing, and on a computer you can clear it through the file's properties (Windows) or with a metadata-removal tool. A screenshot of the photo also drops the original EXIF.
Can I remove all metadata?
No - some metadata is functionally necessary. A message has to carry routing information to be delivered, and a stored file needs basic attributes like its name and size. The realistic goal is to strip the revealing metadata you do not need to share, especially location and authorship, rather than to eliminate metadata entirely.
The bottom line
Metadata is the quiet half of your digital footprint. It is data about your data - the when, where and who that wraps around everything you send and store. Encryption protects the content; metadata often slips through anyway. Knowing it exists is the first step. Trimming the worst of it, especially location, is the practical second.
Frequently asked questions
- What is metadata in simple terms?
- Metadata is data about data - the descriptive details attached to a file, message or photo rather than its actual content. For a photo, the content is the image; the metadata is the date it was taken, the camera model, and often the GPS location. For an email, the content is the message; the metadata is who sent it, to whom, and when. It is the label and context around the thing, not the thing itself.
- Why is metadata a privacy risk?
- Because it reveals a lot even when the content is hidden. End-to-end encryption can protect what you say, but metadata - who you talked to, when, how often, and from where - is usually still visible to the service and anyone who can compel it. Patterns in metadata can expose your routine, your location, your contacts and your habits without anyone ever reading a single message. It is often easier to collect and analyse at scale than content.
- What is an example of metadata?
- Common examples include the EXIF data in a photo (date, camera, GPS coordinates), the headers of an email (sender, recipient, timestamp, route), the properties of a document (author name, edit history, software used), and call records (numbers, times, durations). None of these contain the message itself, but together they build a detailed picture of who did what, when and where.
- How can I reduce the metadata I share?
- Strip location and EXIF data from photos before posting them. Turn off location tagging in your camera app. Use tools that remove document properties before sharing files. Prefer services that minimise metadata, and remember that even encrypted apps may keep some. You cannot remove all metadata - routing and storage need some - but you can cut the most revealing parts, especially location.
Get encrypted cloud storage → pCloud
Swiss-based · client-side Crypto add-on · lifetime plans



