GDPR · Article 4 · Personal Data

GDPR-compliant image processing for EU marketplaces

Every image your sellers upload contains GPS coordinates, camera fingerprints, and timestamps that qualify as personal data under GDPR. One POST /v1/process call strips all of it — before your CDN ever touches the original.

EXIF stripped
GPS removed
WebP compressed
AI moderation

UGC marketplaces and GDPR liability

User-generated content platforms face unique GDPR obligations. EXIF metadata in seller-uploaded images is personal data — and marketplaces are the data controllers.

4%
Maximum fine as % of global annual turnover under GDPR Article 83
€20M
Absolute ceiling for serious infringements (Article 83(5))
6
Major European resale marketplaces currently serving images with intact EXIF data
1–5s
Filtrate response time — metadata stripped before CDN caches the image

Build in-house vs. Filtrate

Here's what it takes to automate GDPR image compliance yourself — versus one API call.

Capability Build in-house Filtrate
EXIF stripping (GPS, camera, timestamps) ⚠ Custom pipeline ✓ Included
WebP compression at quality 85 ⚠ Image processing library ✓ Included
AI content moderation (GPT-4o-mini vision) ✕ Requires additional vendor ✓ Included
Batch processing (up to 50 images) ⚠ Custom async job ✓ Via POST /v1/batch
GDPR legal basis consultation ✕ Required ✓ Handled by Filtrate
Infrastructure to maintain ✕ Ongoing ops cost ✓ Zero
Latency Varies 1–5 seconds
Cost per image $0.008–0.05+ $0.002

Marketplaces by country

European resale and classifieds platforms — each serving millions of sellers whose personal image data is currently exposed.

Vestiaire Collective
🇫🇷 France
View audit →
Vinted
🇱🇹 Lithuania
View audit →
Catawiki
🇳🇱 Netherlands
View audit →
eBay Kleinanzeigen
🇩🇪 Germany
View audit →
Subito
🇮🇹 Italy
View audit →
Leboncoin
🇫🇷 France
View audit →

How it works

Three steps to GDPR-compliant image processing — no infrastructure, no legal overhead.

01

Send your image URL

POST /v1/process with any image URL — public URL, signed CDN link, or authenticated storage path. Filtrate fetches it server-side.

02

Filtrate processes it

EXIF stripped. GPS coordinates removed. Camera fingerprints erased. Compressed to WebP at quality 85. AI moderation verdict returned alongside the cleaned image URL.

03

Store and serve

The processed WebP is stored on Polsia R2 CDN. Your app serves the compliance-cleaned image. No original EXIF ever reaches your servers.

POST /v1/process — curl example
curl -X POST https://filtrate.polsia.app/v1/process \\
  -H "Authorization: Bearer fk_live_..." \\
  -H "Content-Type: application/json" \\
  -d '{"image_url": "https://your-cdn.com/seller-photo.jpg"}'

# Response — 1–5s
{
  "verdict": "safe",
  "exif_stripped": true,
  "gps_found": true,
  "gps_removed": true,
  "output_url": "https://r2.cdn/cleaned-webp-abc123.webp",
  "processing_time_ms": 1840
}

Frequently asked questions

GDPR and EXIF metadata questions we hear from European marketplace teams.

Yes. GDPR applies whenever personal data is processed — and GPS coordinates, camera serial numbers, and timestamps embedded in image EXIF metadata count as personal data under GDPR Article 4. Marketplaces that accept and serve user-uploaded images without stripping this metadata may be processing personal data without a valid legal basis, exposing the company to fines up to €20M or 4% of global annual turnover.

Filtrate removes all EXIF and IPTC metadata including GPS coordinates (latitude, longitude, altitude), camera make and model, serial numbers, software version, shooting date and time, lens information, thumbnail images, and any other personally identifiable metadata. The output is a clean WebP image with zero EXIF retained.

Since Filtrate strips all EXIF metadata server-side before storing or serving the image, the metadata that would need to be erased is never persisted to your infrastructure. The image served to end users contains no GPS coordinates, camera fingerprints, or other personal data — eliminating the practical erasure burden for image metadata.

Filtrate responds in 1–5 seconds per image with $0.002 per processed image. There's no infrastructure to manage, no ML models to train, and no GDPR legal consultation needed — just a POST request with your image URL. Batch processing supports up to 50 images in parallel.

Yes. Filtrate accepts any public or authenticated image URL — you point it at your existing upload flow, CDN, or storage bucket. The cleaned WebP is returned via callback or polling. For marketplace integrations, add a Filtrate call as a middleware step before images reach your CDN.

Get started

API key in minutes. No contracts. No minimums. Scale from 1 to 100M images.

Research · June 2026
State of Marketplace Image Privacy 2026
2,800 images · 14 platforms · 1 in 3 expose seller GPS
View full report →