Privacy by architecture

Your trip stays on your Mac.

Local inputs

You select a GPX file and a photo folder. TrackExif reads timestamped track points, observable image metadata, file size and SHA-256 hashes locally. The native MVP does not upload source files, coordinates, hashes or filenames.

No source writes

TrackExif treats selected photos and GPX tracks as read-only evidence. Exports are created in a new destination you choose. Sidecar mode writes new XMP files. Compatible-copy mode writes new JPEG, HEIC or TIFF-family files and verifies their GPS metadata; it does not replace the source.

Exports

An export can contain coordinates, adjusted capture timestamps, source filenames, source SHA-256 hashes, review decisions and failure details. It also contains a JSON manifest, Markdown receipt and artifact hashes. You control where this portable evidence folder is stored and who receives it.

No account or analytics

The app has no login, advertising SDK, analytics SDK, telemetry endpoint or cloud synchronization. Purchases are processed by Polar under its own privacy terms; Shipmac receives the purchase details needed to deliver and support the app.

Fictional marketing fixture

The optional interface fixture activates only when the process environment contains SHIPMAC_MARKETING_DEMO=1. Its GPX and images are fictional, live in a temporary directory and are removed when the app process ends. A normal launch starts empty.

Website

The public product website may produce ordinary server access logs and links to Polar checkout. No product analytics script is installed.

Questions

TrackExif is built by Shipmac. Contact support@shipmac.app for privacy or support questions.