Image Sanitizer app icon

Image Sanitizer support

Help and frequently asked questions · Last updated 21 May 2026

What is Image Sanitizer?

Image Sanitizer is a local-first macOS app that strips EXIF, GPS coordinates, IPTC, XMP and other hidden metadata from JPEG, PNG, WebP, TIFF and HEIC/HEIF images. Every save is re-opened and verified before the app reports success.

It is a companion to PDF Sanitizer (hidden data in PDFs) and PDF Redaction (visible content in PDFs). Use Image Sanitizer when you need to share a photo without revealing the camera you took it on, where you were when you took it, or any of the other invisible data the photo carries.

Is Image Sanitizer stable? What does the beta status mean?

Image Sanitizer is currently in beta. The core sanitisation engine is feature-complete and every save is verified before completing, but the app has not yet had wide real-world exercise across every kind of image in the wild. Treat beta builds accordingly:

How does sanitisation work?

Image Sanitizer ships a separate writer for each supported format. None of them re-encode the visible pixels — each one walks the file’s container structure and removes the metadata blocks while leaving the image data byte-for-byte unchanged.

After writing, Image Sanitizer re-opens the output and re-runs the inspection. If any metadata block remains, the tainted file is deleted and you see a clear failure — you don’t accidentally ship a file you think is clean.

Why does it show my photo on a world map?

If the image you opened carries GPS coordinates, Image Sanitizer plots the location on a small world map next to the photo preview. The point is to make the size of the leak obvious: a single line that says “GPS: 37.97 N, 23.73 E” doesn’t register; a pin on the Acropolis does.

The map is rendered from a CC0-licensed equirectangular Natural Earth SVG bundled inside the app. There is no tile-server lookup, no reverse-geocoding call, no network traffic of any kind — it would defeat the point of the app to leak the coordinate you are trying to remove. The optional “Open in Apple Maps” button only fires if you click it explicitly.

Can I right-click an image in Finder to sanitise it?

Yes — open Image Sanitizer’s Settings, find Finder integration, and turn on “Show Sanitize with Image Sanitizer in Finder right-click menu”. This installs a small macOS Quick Action workflow into ~/Library/Services/. From then on, right-clicking any image in Finder offers Quick Actions → Sanitize with Image Sanitizer, which launches the app (or hands the file to it if it’s already running) and pre-loads the image.

Nothing is installed without your consent, and turning the toggle off again uninstalls the workflow cleanly.

How is this different from PDF Sanitizer / PDF Redaction?

Image Sanitizer is the image-format counterpart to the PDF tools. The three apps form a workflow for sharing files without leaking hidden data:

All three are local-only, never overwrite the original, and verify the output before reporting success.

Where is my data stored?

The images you open stay where you opened them from — Image Sanitizer does not copy your input files anywhere and never overwrites the original. The detected metadata summary is held in memory while the file is open and discarded when you open a different image or quit the app. Sanitised output is written only where you tell the dialog to put it.

Image Sanitizer makes no network connections by default. An optional auto-update check can be enabled in Settings → Updates; if turned on, it makes one HTTPS request per launch to GitHub to look for a new version, and sends no image content, no telemetry, no user data. See the privacy policy for the full detail.

System requirements

How do I download the beta?

Image Sanitizer is in public beta. Download the disk image matching your Mac’s processor:

Not sure which one? Click the Apple menu → About This Mac. If the “Chip” or “Processor” line starts with “Apple”, choose Apple Silicon. If it mentions Intel, choose Intel.

Both disk images are signed with our Developer ID Application certificate and notarized by Apple.

How do I install it?

  1. Double-click the ImageSanitizer-aarch64.dmg (or ImageSanitizer-x86_64.dmg) file to open it.
  2. Drag the Image Sanitizer app into your Applications folder.
  3. Eject the disk image (drag it to the Trash, or use the eject button in Finder).
  4. Open the app from Applications. On first launch macOS may take a few seconds to verify the notarization; this is normal.

If you launch Image Sanitizer from anywhere other than Applications (for example, by double-clicking the app inside the mounted DMG), the app will show a clear warning on launch and offer to quit so you can install it properly. Auto-updates require the app to live in Applications.

What happens on first launch?

The first time you open Image Sanitizer after downloading it, macOS will show a confirmation dialog that looks like:

“Image Sanitizer” is an app downloaded from the internet. Are you sure you want to open it?

[Your browser] downloaded this file today at [time]. Apple checked it for malicious software and none was detected.

[Cancel] [Open]

This dialog is normal and expected — every app downloaded through a web browser triggers it on first launch, regardless of how cleanly it is signed. The reassuring line is “Apple checked it for malicious software and none was detected”: this is macOS confirming that the app’s notarization and signature both check out. Click Open and Image Sanitizer will launch.

You will then see a one-time first-run modal in Image Sanitizer itself, explaining the local-only promise and asking whether you want to opt in to automatic update checks. The default is “no”, and you can change your mind later in Settings → Updates.

macOS says the app is from an unidentified developer

This is a different and rare warning. The wording you are looking for is one of:

None of these should happen with the disk image you download from our official link — the app and the disk image are both signed with our Developer ID Application certificate and notarized by Apple. If you do see one of them, please stop and email us at support@whiteforgetech.co.uk before bypassing the warning. It probably means you have an unofficial copy of the app, or that something happened to the download in transit.

The friendly “downloaded from the internet, are you sure?” dialog described in the previous section is not one of these warnings.

Which image formats are supported?

Image Sanitizer supports the five formats most photos actually arrive in:

If a format you need isn’t on this list, let us know — the feature request channel is open.

Verification failed when I saved — what does that mean?

Image Sanitizer re-opens every sanitised output and re-runs the format-specific inspection. If any metadata block remains, verification fails: the tainted output is deleted and you see an error with the leak counts.

This is the system working as designed — it means Image Sanitizer caught a case where it could not be sure the file was clean. Email us a description of the image (or, if you can, a small synthetic file with the same structural shape that reproduces the failure) at support@whiteforgetech.co.uk and we will look into it.

How do I report a bug?

Two channels, whichever you prefer:

Either way, please include:

If the bug only reproduces with a specific image, try to construct a small synthetic file with the same structural shape and share that. Send original images only if we ask, and only via email.

How do I request a feature?

Open a Discussion on the downloads repo (Ideas category), or email support@whiteforgetech.co.uk. We read every request.

Contact

Whiteforge Technologies Ltd
support@whiteforgetech.co.uk

Back to Image Sanitizer overview →