TL;DR: RAW files such as Canon CR3, Nikon NEF, and Sony ARW embed far more than pixel data. Each frame can carry GPS coordinates, the camera body's unique serial number, lens serial numbers, shutter actuation counts, and your name in the copyright field. When you deliver unedited RAW files to a client, you hand over all of it. The fix is not to strip everything blindly—clients often need IPTC copyright and caption data—but to remove the identifying and location fields you don't intend to share. Back up originals first, export through Lightroom or Camera Raw with metadata controls enabled (or run files through a dedicated cleaner), preserve the copyright block, and verify the output with a metadata viewer before handoff. Two minutes of work protects your location, your gear, and your client's privacy.
When a client asks for the RAW files, most photographers think about color profiles, file size, and whether their edits will survive the transfer. Almost nobody thinks about the metadata riding along inside every frame. Yet a RAW file is one of the most data-dense objects you will ever email. It knows where you stood when the shutter fired, which camera body took the shot down to the serial number, and how many times that shutter has fired across its life. Deliver a folder of RAWs without a second thought and you are not just sending images—you are sending a detailed log of your equipment and your movements.
This matters more for RAW than for any other format we work with. A JPEG that has passed through an export pipeline has often had some of its metadata trimmed. A RAW file, by design, is the unprocessed sensor readout wrapped in a manufacturer container, and that container is built to retain everything the camera recorded. Below we walk through exactly what hides inside CR3, NEF, and ARW files, why it creates real exposure for both you and your clients, and how to deliver clean files without throwing away the data your business actually depends on.
Editing happens at the desk, but metadata decisions should happen before files ever leave it. Photo by Kawê Rodrigues on Pexels.
What a RAW File Actually Stores
A RAW file is not a single image so much as a package: the sensor data, a small embedded JPEG preview, and a substantial metadata block. That metadata block is where the privacy questions live. Manufacturers use proprietary containers—Canon's CR3, Nikon's NEF, Sony's ARW, Fujifilm's RAF—but they all lean on the same underlying standards, primarily EXIF for technical capture data and IPTC/XMP for descriptive and rights data.
The EXIF block alone typically includes the camera make and model, the body serial number, the lens model and often the lens serial number, the exact date and time down to the second, the shutter speed, aperture, ISO, focal length, and white balance. On many bodies it also records the shutter actuation count, which is effectively the odometer reading for your camera. If location services were enabled—either through a built-in GPS, a paired phone, or a GPS accessory—the file also stores latitude and longitude, sometimes with altitude and compass heading.
The XMP and IPTC layers add another dimension. This is where your copyright notice, your name, your contact details, caption text, keywords, and licensing terms get written. Adobe's documentation on photo metadata describes how these descriptive fields travel with the file across applications. That portability is a feature when you want your copyright to follow your work, and a liability when fields you forgot about follow the file to someone you would rather not have your home address or phone number.
The key insight is that RAW metadata is layered. Some of it protects you (copyright, contact info you chose to publish). Some of it exposes you (GPS, serial numbers). Treating the whole block as one thing—either keeping all of it or deleting all of it—is the mistake. The goal is selective handling.
Why This Is a Problem When You Deliver RAWs
Consider what changes when you hand a RAW file to someone else versus delivering a processed JPEG. With a finished JPEG, you have usually run an export, and your export settings may have already discarded GPS or trimmed metadata. With a RAW file, clients typically want the original so they can re-edit, which means they want it untouched—and "untouched" is exactly the state that preserves every embedded field.
The location data is the sharpest risk. If you shot a portrait session at your home studio, a wedding at a private residence, or a product shoot in your apartment, the GPS coordinates in those frames point straight to an address. Hand the RAWs to a client, the client uploads them to a shared drive, the drive gets shared with a vendor, and your home location is now sitting in a folder you have no control over. We covered the broader version of this exposure in our guide on how to remove metadata before delivering photos, and RAW delivery is the highest-stakes version of that problem because the files are the most complete.
The serial numbers create a quieter but real issue. Your camera body serial number is a persistent identifier that ties every photo you have ever published to a single device. Investigators, stock-photo sleuths, and anyone running a metadata comparison can use it to link images across accounts, clients, and platforms. The photography community has documented cases—discussed at length on forums like DPReview—where serial numbers and shutter counts have been used to detect gray-market bodies, prove camera theft, and connect anonymous online images back to a named owner. For a working photographer who wants a degree of separation between personal life and published work, leaking the body serial in every delivered file undercuts that separation entirely.
There is also a client-side argument. If your client is a brand, an agency, or a private individual with their own privacy concerns, the metadata in the RAWs you deliver becomes their exposure too. A real-estate brokerage that distributes RAW property photos with embedded GPS is publishing the precise coordinates of homes. A corporate client receiving event RAWs may not want camera serials and timestamps circulating. Delivering clean files is part of delivering a professional product, a point that publications like Fstoppers have raised repeatedly in discussions of client deliverables and photographer liability.
What to Keep and What to Strip
The right approach is surgical. Before you scrub anything, separate the metadata into three buckets.
Keep the rights and identification data the client legitimately needs. This is your IPTC copyright notice, your creator credit, and any caption or licensing terms your contract requires. If you strip your copyright block to protect privacy, you also remove the embedded proof of authorship that protects your work—a trade-off that rarely makes sense. Preserving copyright while removing location is entirely possible because they live in different fields.
Strip the location and device-identifying data the client does not need. GPS coordinates, altitude, and heading should almost always come out unless the project specifically requires geotags. Camera and lens serial numbers should come out in most client deliveries because they identify your gear, not your work. Shutter count is rarely meaningful to a client and worth removing.
Decide case by case on the technical capture data. EXIF fields like aperture, shutter speed, ISO, and focal length are generally harmless and sometimes useful to a client who wants to understand or replicate a look. Timestamps are usually fine but occasionally sensitive if the shoot date is confidential. There is no universal rule here—judge it against the project.
How to Remove Metadata from RAW Files Before Delivery
Here is the workflow we recommend, ordered so you never lose your originals.
First, back up your untouched RAW files. Copy the originals, with full metadata intact, to your archive before you change anything. You may need the GPS or serial data later for your own records, insurance, or a theft claim, so the safe move is to preserve a master set and only ever scrub copies.
Second, decide your keep-and-strip policy using the three buckets above. Make the decision once per project rather than fumbling field by field at export time.
Third, do the actual removal. In Adobe Lightroom Classic, the Export dialog has a Metadata panel where you can choose to include only copyright, copyright and contact, or all metadata, and a dedicated checkbox to "Remove Location Info." That single export covers most photographers' needs—but note that Lightroom's RAW export typically produces a DNG or a derivative, not your original proprietary CR3 or ARW, so if the client specifically needs the native format you will need another route. Adobe Camera Raw and Bridge expose similar metadata controls. When you need to clean the original RAW container itself, or you are working outside the Adobe ecosystem, a dedicated metadata cleaner that handles RAW formats is the more reliable tool—it operates on the file's metadata block directly without forcing a format conversion. That is exactly the job MetaData Cleaner is built for: strip GPS and identifying fields while leaving your image data and chosen copyright intact.
Fourth, preserve your copyright. Whichever tool you use, confirm that your IPTC copyright and creator fields survive the process. If your cleaner removes everything by default, re-embed the copyright block afterward.
Fifth and most important, verify before you send. Open a delivered file in a metadata viewer and confirm that GPS is gone, serial numbers are gone, and copyright is present. Never assume the export did what you expected—RAW metadata handling varies by manufacturer and software version, and the only way to know your files are clean is to look. We treat this verification step as non-negotiable.
Every RAW file carries its full metadata from the card to the client unless you intervene. Photo by Lisa from Pexels on Pexels.
Format-Specific Notes
Canon CR3 files store metadata in a modern container that some older tools cannot fully parse, so verify that whatever cleaner you use actually understands CR3 rather than silently skipping it. Nikon NEF files are widely supported and behave predictably with most metadata tools. Sony ARW files, like Canon's, benefit from a check that your tool reads and writes the format correctly rather than passing it through untouched.
Across all of them, watch the embedded JPEG preview. A RAW file contains a small baked-in preview image, and on some bodies that preview carries its own EXIF block. A tool that scrubs the main metadata but ignores the preview's metadata can leave GPS data hiding in the thumbnail. This is one more reason the verify step matters—open the file, check it, and trust what you see rather than what the export dialog promised.
Building It Into Your Workflow
The photographers who handle this well do not think about metadata at delivery time. They build it into their pipeline so it happens automatically. That might mean a Lightroom export preset with location removal switched on, a watched folder that runs files through a cleaner before they reach the client folder, or a final checklist item that says "verify metadata" right next to "check focus" and "confirm file count." The mechanism matters less than the habit. RAW delivery is the moment your most complete files leave your control, and a two-minute scrub stands between a professional handoff and an accidental disclosure of your location and your gear.
Deliver the image, the edit, and the copyright. Keep the GPS coordinates, the serial numbers, and the shutter count to yourself. Your clients get exactly what they paid for, and you keep exactly what they never needed.