Cloud Storage & EXIF Metadata: Which Services Keep Your GPS?

The Assumption That Gets People

There's a common mental model that goes something like this: you upload a photo somewhere online, the platform processes it, and anything sensitive gets scrubbed in the process. It's a reasonable assumption — especially if you've noticed that photos you post on Instagram or Twitter come back stripped of location data. Platforms like those have been stripping EXIF for years.

Cloud storage is different. Fundamentally different. Google Drive, Dropbox, OneDrive, iCloud, MEGA, and Box are file storage services — their entire value proposition is that your files come back exactly as you put them in. That means every GPS coordinate, every camera serial number, every timestamp is preserved with the same fidelity as the image pixels themselves.

So when you upload a vacation photo to Dropbox and share the link with your neighbor so they can download it — they're downloading the original file, GPS and all. Same goes for a Google Drive share. Same goes for a Box link sent to a client.

Most people don't realize this. The confusion is understandable: the word "sharing" feels similar whether it's a tweet or a Drive link. But the underlying mechanics couldn't be more different.

The Full Comparison Table

Here's how each major service handles EXIF metadata in 2026. The columns cover storage behavior (what the service retains in your account), shared-link behavior (what a recipient gets when they click your link and download), and whether the service has any built-in metadata controls.

The pattern is clear. File storage services don't touch EXIF — not in storage, not in sharing. The photo services (Google Photos, iCloud) have some nuance in how they handle sharing, but even those nuances cut both ways: one sharing path might strip location while another preserves it, and keeping track of which path you're on is cognitive overhead most people don't carry.

Google Drive: Your Original File, Delivered

Google Drive is a file synchronization and storage service. When you upload a JPEG to Google Drive, Google stores that JPEG. Not a processed version, not a re-encoded copy — the same bytes you uploaded. When you or anyone else downloads it, they get the same file back.

This means GPS coordinates, camera model, lens data, shooting settings, and all other EXIF fields are preserved exactly. If you upload a photo taken at your home address to Google Drive and share the link with anyone, they receive a file from which they can extract your precise home coordinates using any EXIF viewer.

It's worth noting that Google Drive's API lets developers read file metadata — but this refers to Drive's own system metadata (file name, size, creation date in Drive), not EXIF embedded in the image. There's no API call that strips the photo's embedded location. For a deeper look at how Google handles photo metadata across its entire product suite, our article on Google Photos and EXIF data covers the broader picture.

Dropbox: Full Fidelity, Full Metadata

Dropbox built its reputation on one promise: your files on every device, exactly as they are. That fidelity extends to EXIF data. Every metadata field in a photo you upload to Dropbox — GPS coordinates, timestamps, camera make and model, lens information, even the camera's serial number in some cases — survives storage and sharing completely intact.

Shared Dropbox links work the same way. Whether you create a view-only link or a direct download link, the file the recipient receives is the original. Dropbox does not run images through any processing pipeline that strips or modifies EXIF fields. This applies to both personal and business plans.

The Dropbox community forums confirm this behavior through multiple user reports. Photographers using Dropbox for client delivery should be particularly aware: the high-resolution originals you send via Dropbox links include full camera metadata, which may include home location data if photos were taken at your residence, your precise shooting locations from any location-sensitive session, and camera serial numbers that can be cross-referenced across uploads.

OneDrive: Windows-Native Storage, Metadata Included

Microsoft OneDrive's default behavior preserves EXIF metadata in stored and shared photos. Photos backed up via OneDrive — whether through the mobile app's camera roll backup or manual uploads — retain their original EXIF fields including GPS coordinates.

There's a nuance worth knowing for Windows users: when you view a photo's properties in Windows File Explorer after downloading from OneDrive, the EXIF location data shows up under the Details tab. This is the same behavior you'd see with a locally stored photo — because it's the same file. OneDrive doesn't introduce any scrubbing step.

Microsoft has added AI-powered organization features to OneDrive that use photo content for search — similar to Google Photos' scene recognition. These features analyze your photos, but they don't strip metadata. Your file's EXIF data stays in the file regardless of what Microsoft's AI does with the image content on their end.

iCloud Photos: It Depends on How You Share

Apple's iCloud is the most complex entry in this roundup, because it actually has different behaviors depending on which sharing method you use. This is the one service where the answer to "does it strip EXIF?" genuinely requires a follow-up: "when sharing how?"

Your iCloud library: Full EXIF preserved. Apple uses this data to power the Places album, the searchable map, and Memories. Your original files are intact.

iCloud shareable links (via the share sheet): Recipients receive the full-quality original with EXIF data intact, including GPS coordinates. There is no automatic stripping for iCloud links.

iCloud Shared Albums: Here Apple does strip location metadata. Shared Albums upload a processed copy of photos that does not retain GPS data — this is a deliberate privacy feature. However, Shared Albums also downscale images, so recipients aren't getting originals anyway.

iCloud Shared Photo Library (family sharing): Full metadata is preserved. This feature is designed for families sharing one photo library, not for privacy-protective sharing.

The practical takeaway: if you're using the standard iCloud share sheet to send a photo to a friend or colleague, they get the original with GPS. Only the Shared Albums path strips location, and those photos are also scaled down significantly. You can't rely on iCloud to protect your location data in normal sharing flows.

For a dedicated deep-dive into iCloud's metadata behavior, the article at /blog/does-icloud-remove-exif-data covers each sharing path in more detail.

Google Photos: The Nuanced One

Google Photos behaves differently from Google Drive, and the distinction matters. Google Photos is a photo service with AI organization features — it reads your EXIF data to build your photo map and Memories. But how it handles sharing is more complex than simple storage.

When you share an individual photo via a Google Photos shareable link, the downloaded file has GPS coordinates stripped. That's a privacy protection Google built in — the most sensitive field is removed from files shared one-on-one.

But Shared Albums work differently. Add photos to a Google Photos Shared Album and invite someone, and they can see the location information — there's even a map view built into Shared Albums. Downloaded files from Shared Albums may retain GPS data.

And Google itself retains all original metadata. Every photo you back up to Google Photos becomes part of your Google account's location history, contributing to your Google Maps Timeline and the broader data profile Google builds about you. Stripping GPS from the file someone else downloads doesn't change what Google collected when you uploaded.

We tested and documented this behavior in detail in our dedicated article on whether Google Photos removes EXIF data — including the "Remove geo location" toggle that affects sharing behavior.

MEGA: Encrypted Storage, Still Full Metadata

MEGA differentiates itself on privacy through end-to-end encryption — files are encrypted client-side before they leave your device, meaning MEGA's servers can't read your data. This is a genuine privacy advantage over Google Drive and Dropbox for content confidentiality.

But encryption and metadata stripping are different things. MEGA encrypts your photos. It doesn't modify them. When someone you share a MEGA link with downloads the file and decrypts it, they receive your original photo — GPS coordinates, camera data, and all EXIF fields intact. The encryption protected the file from MEGA's servers. It doesn't protect the recipient from seeing your embedded location data once they have the file in hand.

MEGA is excellent at preventing your cloud provider from reading your photos. It does nothing to prevent recipients of your shared files from reading your metadata. That's a meaningful distinction.

Box: Enterprise Storage, Same EXIF Behavior

Box is primarily an enterprise cloud content management platform, popular in regulated industries like legal, healthcare, and financial services. Its metadata handling for EXIF is the same as any other cloud storage service: originals preserved, shared files include full EXIF data.

Box has a sophisticated metadata feature set — but this refers to Box's own custom metadata templates used for business workflows (tracking contract status, categorizing content, etc.). These custom metadata fields are separate from EXIF embedded in image files. Box doesn't touch EXIF.

For enterprise users sharing photos via Box — real estate agencies sharing property photos with clients, legal teams sharing evidence photos with counsel, marketing teams distributing product photography — every shared file includes the full EXIF payload. If those photos were taken with GPS enabled, the locations are visible to every recipient. Box provides no built-in way to strip that data before sharing.

The Real Divide: File Storage vs. Photo Service

Understanding EXIF behavior in cloud services comes down to one structural question: is this service storing your file or is it managing your photos?

File storage services (Drive, Dropbox, OneDrive, MEGA, Box) store bytes. Your photo is a sequence of bytes that happens to contain image data. These services don't interpret or modify those bytes — they store them and return them. EXIF is just more bytes. Preserved perfectly.

Photo services (Google Photos, iCloud Photos) actually parse your photos. They read your EXIF data to build location albums, recognize faces, generate Memories, and organize by date and place. Because they understand the structure of your photos, they also have the ability — and occasionally the motivation — to make choices about what metadata accompanies shared copies. But "occasionally" is the key word. The default in most sharing paths for both services is to include significant metadata.

Neither category offers a clean guarantee that metadata won't reach the people you share with. The only reliable answer is pre-upload stripping.

How Your Metadata Reaches Recipients

When you share a file from cloud storage, the typical path looks like this: you click share, the service generates a link, the recipient clicks that link, their browser requests the file from the service's CDN, and the original file lands in the recipient's Downloads folder. At no point in that chain does any service in the five pure storage categories modify the EXIF data.

Here's where it gets practically concerning. Think about common scenarios:

A real estate agent uploads property listing photos taken with a phone to Google Drive and shares the folder with a potential buyer. Those photos were shot at the property, so the GPS coordinates identify the address — which the buyer presumably already knows. But the photos might also contain metadata from other shots stored in the same upload batch if the agent wasn't careful. Camera roll uploads can include GPS from home, from personal locations, from wherever the agent took test shots before the listing session.

A journalist sources photos from a contact who emails a Dropbox link. The journalist downloads the photos to investigate. The EXIF metadata in those photos could reveal the contact's location — or their source's location — with precision GPS accuracy. This is a real operational security concern in investigative journalism. Our article on whether Gmail strips EXIF from attachments covers the email side of this same problem.

Someone sells an item on a marketplace and, instead of uploading photos directly to the platform, sends the buyer a Google Drive link to more photos. The buyer extracts GPS from those Drive-linked photos and has the seller's home address.

None of these require technical sophistication. Any EXIF viewer — there are dozens of free ones — reads this data in seconds.

Build the Pre-Upload Habit

There are two philosophically different approaches to this problem.

The reactive approach: strip metadata from files before you share specific links. This works but requires you to remember every time, to know which sharing paths are safe, and to track which files you've cleaned and which you haven't. It's manageable for occasional sharing but breaks down under real-world usage patterns.

The proactive approach: strip metadata from any photo before it enters cloud storage at all. This means the files in your Drive, Dropbox, or OneDrive already have EXIF cleaned, so every share link you ever generate is automatically safe. No per-share decisions. No edge cases to remember.

For photos you've already uploaded, you can use MetaClean's free browser-based tool to strip EXIF from images without uploading them anywhere — the processing happens entirely in your browser, so the files never leave your device. You then upload the cleaned versions to replace the originals in your cloud storage.

For building an ongoing habit, the workflow that tends to stick for most people is stripping before uploading to any cloud service, treating it as the same automatic step as connecting to Wi-Fi before a large upload. Tools that process files locally (without server uploads) fit this workflow better than cloud-based stripping services, which just move the privacy question to a different server.

Cloud Storage vs. Social Media: Why the Gap Exists

If you've tested uploading photos to Instagram, Facebook, or Twitter/X, you've noticed those platforms strip EXIF aggressively. Post a geotagged photo to Instagram and download it — the GPS is gone. Why do social media platforms strip metadata when cloud storage doesn't?

The answer is structural. Social media platforms host publicly accessible content. If Instagram didn't strip GPS, anyone could extract the home address of anyone who posted a photo taken at home. The reputational and liability implications of that made stripping an obvious product decision — and regulators in various jurisdictions have reinforced the expectation.

Cloud storage is private by default. You're sharing with specific people via specific links, and the assumption is that you know who you're sharing with. From the platform's perspective, stripping your metadata would be interfering with your file. You put it there; it's yours. If you wanted it removed, you'd remove it.

That reasoning makes sense from the service's perspective. But it places the burden entirely on the user to understand the privacy implications. Most users never read the terms of service, let alone think through what their EXIF data contains. For a comprehensive look at how social platforms compare on this exact question, our social media metadata comparison for 2026 covers each platform's behavior in detail.

Frequently Asked Questions

Does Google Drive remove EXIF data from photos?

No. Google Drive stores your original files exactly as uploaded, including all EXIF metadata. When you or anyone else downloads a photo from Google Drive — whether directly or via a shared link — they receive the original file with GPS coordinates, camera information, and all other metadata fields intact. Google Drive does not offer any built-in way to strip EXIF before sharing.

Does Dropbox strip metadata from shared links?

No. Dropbox shared links deliver the original file including all EXIF data. Dropbox treats photos as generic files — it doesn't process or modify image content. Anyone who downloads a file via a Dropbox link receives your original photo with all embedded metadata, including GPS coordinates if location services were enabled when the photo was taken.

Does iCloud remove EXIF data from photos?

It depends on how you share. iCloud Photos preserves full EXIF data in your library and in files shared via the standard iCloud share link — GPS included. iCloud Shared Albums are the exception: those upload a processed copy that strips location data and reduces image quality. For regular sharing via links, assume GPS is preserved and strip before sharing if that matters to you.

What's the difference between Google Drive and Google Photos for metadata?

Google Drive stores your original file unchanged — shared links deliver the full EXIF including GPS. Google Photos also keeps your original backed up, but individual shared links strip GPS from the download (though Shared Albums don't). Google Photos also uses your EXIF location data internally for organization features, meaning Google has your location data regardless of what it shares with others.

Does MEGA's end-to-end encryption protect my photo metadata?

MEGA's encryption protects the file from being read by MEGA's servers and any third parties intercepting the transfer. Once a recipient decrypts and downloads the file, they receive the original photo including all EXIF data. End-to-end encryption and metadata removal are separate protections — MEGA provides the first but not the second.

How do I remove EXIF data from photos before uploading to cloud storage?

The simplest method is a browser-based tool like MetaClean, which processes files entirely in your browser without uploading them to any server. Drop in your photos, download the cleaned versions, and upload those cleaned copies to your cloud service. iOS also has a built-in option to strip location when using the share sheet — enable "Location" removal before sending. For bulk processing before upload, a desktop EXIF tool or MetaClean's batch mode is faster than handling files one at a time.