Your marketplace users are uploading their home address in every photo. You're storing all of it.

#webdev #api #privacy #opensource

Every photo taken on a smartphone has EXIF metadata baked in. GPS coordinates, device serial number, timestamp — the full telemetry package. Social platforms like Instagram and Twitter strip this automatically on upload. Good for them.

E-commerce marketplaces? Most don't.

That means when someone lists a vintage jacket on your platform and photographs it in their living room, you're now storing their home address to sub-20-meter accuracy. Every buyer — and every scraper — can extract it. Stalking cases have been traced back to exactly this. Under GDPR and CCPA, GPS coordinates in photos count as personal data. You're collecting it, storing it, and serving it — probably without even knowing.

I built Filtrate because this problem should take one API call to fix, not a quarter of engineering time.

What it does
One endpoint. Three operations. Every image.

POST /v1/process
takes an image and returns it:

EXIF stripped
— GPS, device info, timestamps, all gone
Compressed to WebP
— smaller files, same visual quality
AI-moderated
— flagged for explicit content, fraud signals, banned logos

You get back the processed image and a moderation verdict. That's it.

Show me the code
curl:

`curl -X POST https://filtrate.polsia.app/api/v1/process \
  -H "Authorization: Bearer your_api_key" \
  -F "image=@product-photo.jpg"`

JavaScript:

`const form = new FormData();
form.append('image', fileInput.files[0]);

const res = await fetch('https://filtrate.polsia.app/api/v1/process', {
  method: 'POST',
  headers: { 'Authorization': 'Bearer your_api_key' },
  body: form
});

const { processedImageUrl, moderation } = await res.json();
// moderation.verdict: "safe" | "flagged"
// moderation.categories: ["explicit", "fraud", "banned_logo"]
Response:

{
  "processedImageUrl": "https://...",
  "moderation": {
    "verdict": "safe",
    "categories": [],
    "confidence": 0.97
  },
  "metadata": {
    "originalFormat": "jpeg",
    "outputFormat": "webp",
    "originalSize": 2841000,
    "processedSize": 487000,
    "exifStripped": true
  }
}`

Drop it into your upload pipeline. One call replaces three vendors.

Honest numbers
I'm not going to claim sub-200ms latency. That would be a lie.

Average processing time: 3.3 seconds.
That includes EXIF stripping, WebP compression, and running the image through GPT-4o-mini for moderation. For a background upload pipeline, that's fine. For real-time preview? You'd want to show the original and swap in the processed version.

Cache hits are different. Filtrate uses MD5-based verdict caching — if you've already processed an identical image, subsequent calls return in ~5ms. Duplicate uploads are instant.

Pricing: $0.002 per image.
Two-tenths of a cent. No credit bundles, no opaque tiers, no enterprise-sales-required pricing. A free tier to get started, no credit card required.

What this replaces
If you're stitching together image compliance today, your stack probably looks something like:

What you need | Current solution | What you're paying
Metadata stripping | Custom code/ExifToolwrapper | Engineering time

Image optimization | Cloudinary/imgix | $89+/mo or credit bundles

Content moderation | Sightengine or Amazon Rekognition | $29+/mo or AWS pay-as-you-go complexity

That's three vendors, three integrations, three billing dashboards, and a homegrown orchestration layer to sequence them. Filtrate is one endpoint, one bill, one response object.

Who this is for
Engineering teams at marketplaces processing user-generated images. If your users upload product photos — Poshmark, Depop, Vinted, Grailed, ThredUp, Wallapop, or anything like them — and you're not stripping EXIF metadata on ingest, you have a compliance gap and a privacy liability right now.

Also useful for:

Indie hackers building marketplace MVPs who don't want to deal with three separate image services
Any platform accepting user uploads where you need moderation but don't want to build a review pipeline
Teams migrating off Cloudinary who don't need the full DAM and just want processing + compliance

Under the hood

EXIF stripping: Full removal — GPS, device info, timestamps, serial numbers, software tags. The processed image has zero metadata leakage.
Compression: WebP output. Typical reduction is 70-85% file size with no visible quality loss.
Moderation: GPT-4o-mini vision model. Checks for explicit content, fraud indicators, and banned logos. Returns a confidence score with every verdict.
Caching: MD5 hash of the input image. Identical uploads skip the full pipeline and return cached results in milliseconds.

Try it

The playground is live: filtrate.polsia.app

Upload an image, see what comes back. No account needed to try the playground. API keys are free — sign up, get a key, start processing.

No credit card. No sales call. No 14-day trial that auto-charges.

If your marketplace is storing GPS coordinates in user photos today, that's a liability you can fix in one afternoon.

Links: