diff --git a/Gemfile b/Gemfile
index b2a962331..02fc71637 100644
--- a/Gemfile
+++ b/Gemfile
@@ -20,6 +20,7 @@ gem "dalli", "~> 3.2.6"
 gem "delayed_job_active_record", "~> 4.1.7"
 gem "devise", "~> 4.9.2"
 gem "devise-security", "~> 0.18.0"
+gem "exiftool_vendored", "~> 12.60.0"
 gem "file_validators", "~> 3.0.0"
 gem "font-awesome-sass", "~> 5.15.1" # Remember to update vendor/assets/images/fontawesome when updating this gem
 gem "foundation-rails", "~> 6.6.2.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index efdc73f7b..f8d8a642e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -209,6 +209,10 @@ GEM
       multi_json (>= 1.3)
       rake
     execjs (2.8.1)
+    exiftool (1.2.4)
+      json
+    exiftool_vendored (12.60.0)
+      exiftool (>= 0.7.0)
     factory_bot (6.2.0)
       activesupport (>= 5.0.0)
     factory_bot_rails (6.2.0)
@@ -705,6 +709,7 @@ DEPENDENCIES
   devise-security (~> 0.18.0)
   email_spec (~> 2.2.2)
   erb_lint (~> 0.5.0)
+  exiftool_vendored (~> 12.60.0)
   factory_bot_rails (~> 6.2.0)
   faker (~> 3.2.1)
   file_validators (~> 3.0.0)
diff --git a/app/models/document.rb b/app/models/document.rb
index 9a48ed615..869f57e10 100644
--- a/app/models/document.rb
+++ b/app/models/document.rb
@@ -9,6 +9,8 @@ class Document < ApplicationRecord
   validates :documentable_id, presence: true,         if: -> { persisted? }
   validates :documentable_type, presence: true,       if: -> { persisted? }
 
+  before_save :remove_metadata
+
   scope :admin, -> { where(admin: true) }
 
   def self.humanized_accepted_content_types
@@ -36,4 +38,13 @@ class Document < ApplicationRecord
     def documentable_class
       association_class
     end
+
+    def remove_metadata
+      return unless attachment.attached?
+
+      attachment_path = ActiveStorage::Blob.service.path_for(attachment.key)
+      Exiftool.new(attachment_path, "-all:all=")
+    rescue Exiftool::ExiftoolNotInstalled, Exiftool::NoSuchFile
+      nil
+    end
 end