Privacy by architecture
Your trip stays on your Mac.
This policy describes the current TrackExif release. It was last updated July 16, 2026.
Local inputs
You select a GPX file and a photo folder. TrackExif reads timestamped track points, observable image metadata, file size and SHA-256 hashes locally. The native MVP does not upload source files, coordinates, hashes or filenames.
No source writes
TrackExif treats selected photos and GPX tracks as read-only evidence. Exports are created in a new destination you choose. Sidecar mode writes new XMP files. Compatible-copy mode writes new JPEG, HEIC or TIFF-family files and verifies their GPS metadata; it does not replace the source.
Exports
An export can contain coordinates, adjusted capture timestamps, source filenames, source SHA-256 hashes, review decisions and failure details. It also contains a JSON manifest, Markdown receipt and artifact hashes. You control where this portable evidence folder is stored and who receives it.
No account or analytics
The app has no login, advertising SDK, analytics SDK, telemetry endpoint or cloud synchronization. Purchases are processed by Polar under its own privacy terms; Shipmac receives the purchase details needed to deliver and support the app.
Fictional marketing fixture
The optional interface fixture activates only when the process environment contains SHIPMAC_MARKETING_DEMO=1. Its GPX and images are fictional, live in a temporary directory and are removed when the app process ends. A normal launch starts empty.
Website
The public product website may produce ordinary server access logs and links to Polar checkout. No product analytics script is installed.
Questions
TrackExif is built by Shipmac. Contact support@shipmac.app for privacy or support questions.