PhotoPrism® Privacy Policy

This Privacy Policy is designed to help you understand what information we collect, how we use it, and under what circumstances, if any, we share it.

• We may update this Privacy Policy and other service-specific policies (1) to reflect changes to our products, services or business operations, (2) to comply with relevant regulations and reflect new practices, or (3) to improve readability and make clarifications that our users request.
• We may provide a more prominent notice (including email notifications) when we make material changes that all of our users should know about.

This information was last updated on October 23, 2024. A German translation is available at photoprism.app/de/privacy.

General Data Protection Regulation (GDPR)

View our GDPR Compliance Statement to learn more about the rights you have as a resident of the European Economic Area ("EEA") and our ongoing commitment to user privacy and the General Data Protection Regulation ("GDPR").

Learn more ›

Scope and Audience

(a) We at PhotoPrism UG ("PhotoPrism", "we" or "us") want this policy to be easy for everyone to understand. For this reason, the examples we provide are not exhaustive technical specifications, and we use general terms where possible.

(b) Much of our source code is publicly available on GitHub at github.com/photoprism, where it can be viewed at any time by anyone interested in implementation details and recent changes.

(c) Given the complexity of today's Internet infrastructure and the pace of technical innovation, it is impossible to provide a complete list of data types and field names for every conceivable use case. The data we can actually see (and theoretically store) largely depends on what external services and our users make available to us, as well as on the underlying protocols and libraries.

Guidelines for the Processing of Personal Data

(a) Protecting our users' privacy is part of our mission.

(b) We will always process your personal data confidentially, fairly, and in accordance with the law.

(c) We will avoid keeping personal data longer than necessary.

(d) Your personal data may only be used and disclosed when necessary to:

• respond to your requests, validate and verify service requests, and provide the requested services
• let you know about upcoming changes or improvements to our services
• notify you of suspicious activity, quota limits, or other issues related to your account
• protect our rights, property or safety, our users and the public
• comply with applicable laws, regulations, legal process, or governmental requests
• enforce our Privacy Policy and Terms of Service, including investigating potential violations
• detect, prevent, or otherwise address fraud, security, or technical issues, including prevention of spam/malware

(e) When we share your information with external service providers or other business partners, we will ensure that they agree to obligations consistent with these guidelines and other appropriate confidentiality and security measures.

Your Rights and Choices

(a) You understand that by using the software and services we provide, you agree to the collection and use of this information, including the transfer of this information to Germany and/or other countries for storage, processing and use by us.

(b) If you agree not as an individual, but on behalf of your company, government, or other entity for which you are acting (e.g., as an employee or government official), then "you" or "Customer" means your entity and you bind your entity to this Privacy Policy and our Terms of Service. You warrant that you have the legal power and authority to do so.

(c) You can access much of our Website without authentication and also use basic features of our Software offline and/or without signing up, which limits the amount and type of information we collect.

(d) If you have signed up to receive newsletters and/or general product notifications, you can unsubscribe at any time. To do so, click the "unsubscribe" or "opt-out" link in the emails you receive. Even if you opt out, we may continue to contact you if there are problems with your customer account, such as failed transactions, and to provide the services you have requested, help you resolve problems, answer questions, comply with applicable laws and regulations, and for similar purposes.

Third-Party Products

You may choose to use or procure third-party products or services in connection with PhotoPrism's Software. PhotoPrism is not responsible for any acts or omissions of third parties, including third party access to or use of your data.

Information Not Collected

Privately Hosted Data

(a) Self-hosting is the easiest way to stay in control and protect your privacy. Data that never leaves your private network cannot be collected by anyone, including us.

(b) If you install our software on a public server outside your home network or connect your private server to the public Internet, you must always run it behind a secure HTTPS reverse proxy like Traefik or Caddy. Your files and passwords will otherwise be transmitted in clear text and can be intercepted by anyone, including your provider, hackers, and governments.

(c) It is your personal responsibility to make backup copies of your private data and ensure that they are kept secure. Do not upload unencrypted backup copies of your private data to the cloud.

(d) Using certain features requires communication with external services to retrieve the necessary data, such as location information and satellite images, which are not included in the downloadable app due to high maintenance and system requirements as well as licensing restrictions.

Information Collected and Stored

1. Service Accounts

This applies only to user and customer accounts stored on our servers, not to your private servers. It is your decision whether you want to sign up to enjoy additional benefits.

(a) In order to provide the requested products and services, we may collect personal information, potentially personally identifying information, and other confidential information (stored as a hash that cannot be reversed, if possible). This data may be provided by you, our partners or automatically generated by our backend services. It can include your full name, email addresses, phone numbers, home and billing addresses, handles and social media links, usernames, language preferences, registration date, date of last authentication, date of last data change, hashed passwords, unique IDs, IP addresses, and cryptographic tokens.

(b) For paid products and services, we may ask you for a voucher code and/or billing information, which can additionally include your company name, contact details as well as your VAT ID or tax number.

Use case example:

(1) Personal, request, and authentication data, including browser type, language preference, IP address, time, country, email, username, the URL of your GitHub profile, and cryptographic tokens may be collected when you authenticate with your GitHub account to prove that you are an existing sponsor.

(2) If such authentication attempt with GitHub is successful, our servers will store some of the data provided, depending on what is needed to implement the fundamental business transactions, a user-friendly interface for you and us as well as what is required to comply with laws and regulations. For example, we will always need to know your country of residence to be able to pay the correct amount of taxes.

(3) When a new service account is created in our backend database, it will generate one or more unique IDs that can be used to identify such account and related data in the future.

(4) You may then obtain a valid API key for your private PhotoPrism instance in our Customer Center (when available) so that you can enjoy high-resolution world maps and enrich your photo metadata with location details retrieved from the backend services we maintain for you.

(5) After you assign such valid API key to your private PhotoPrism instance, it can start retrieving missing location details from our backend services. Such backend requests consist of a body part (the location for which you want the details) and a header part containing the public IP address of your private server instance (can be the same as your public home IP address if you host it at home). HTTP request header data is usually stored for at least a short period of time, unless the request fails and your server cannot reach our backend. This is common to protect our infrastructure from denial of service attacks, to implement load balancing, or to limit the request rate.

See the following sections to learn more about related use cases involving the same, similar, and other data.

2. Third-Party Subprocessors

2.1 Payment Processors

We have or have had business relationships with the following companies and service providers to process payments for memberships, donations, products and services and/or to manage our funds:

• Stripe
• GitHub Sponsors
• Payoneer
• Patreon
• PayPal
• OLINDA Zweigniederlassung Deutschland

If you would like to learn more about the data they collect and how it is processed, you can click on the corresponding link to view their privacy policy.

In general, the following applies:

(a) When you visit their website, the same basic information as described in Section 9 may be collected, including your IP address for at least a limited time in order to (i) provide the requested services, (ii) perform load balancing or enforce rate limits, (iii) comply with applicable laws, and (iv) detect, prevent, or respond to fraud, security, or technical issues, including the prevention of spam/malware.

(b) When you sign up, you will be asked for your credit card and billing information, which may include your business name and contact information in addition to your personal name, address, birthday, email address, and phone number. Some of this information may be shared with us, specifically to set up your account, verify payment, and generate tax reports.

2.2 Email Processors

The following providers may process emails that we send and/or receive:

• Google
• Postmark
• Mailgun Technologies (Mailjet)

If you would like to learn more about the data they collect and how it is processed, you can click on the corresponding link to view their privacy policy.

In general, email messages are not end-to-end encrypted and the following applies:

(a) Your provider, our providers, and any provider in between, in the case of forwarding, logs transactions for at least a short period of time.

(b) This data, which includes your email address and potentially personally identifiable information such as Internet Protocol (IP) addresses, is used to provide the service and may also be used to comply with applicable laws and to detect, prevent or address fraud, security or technical issues, including the prevention of spam/malware.

2.3 Hosting, Community Chat and Forums

We use the following providers to host our documentation, chats, demo instances, source code, installation packages, and Docker images:

• Hetzner Online GmbH
• DigitalOcean
• New Vector Ltd / Gitter
• sipgate GmbH
• GitHub
• Docker Hub
• Oracle Cloud

If you would like to learn more about the data they collect and how it is processed, you can click on the corresponding link to view their privacy policy.

2.4 Content Delivery Networks (CDN)

(1) Our primary CDN provider is bunny.net, which is based in the EU and fully complies with the GDPR. Visit bunny.net/privacy to learn more about their privacy policy.

(2) In addition, our website may include content from external content delivery networks or content providers such as YouTube and Google, see policies.google.com/privacy.

3. Communications and Feedback

When you contact us, we store your request to help you resolve issues, answer questions, or notify you when you request it:

(a) The information we collect includes personal information such as name, company name, country, language, telephone numbers and email addresses so that we can communicate directly with you even if you are not a customer.

(b) Depending on how you contact us, the data may include additional personal or potentially personally identifying information as described in Sections 2 and 9.

4. Newsletters and Product Notifications

(a) The registration for newsletters and product notifications takes place in a so-called double opt-in process. This means that after registration you will receive an email asking you to confirm your registration.

(b) This confirmation is necessary so that no one can register with foreign email addresses. The registration for the newsletter is logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address.

(c) You should expect all requests to our email server as well as those of our service partners to be logged for security reasons and to prevent abuse.

5. Uploads, Public Forums, Referrals and Testimonials

This section ONLY APPLIES TO DATA THAT YOU INTENTIONALLY DISCLOSE in order to provide it to others, communicate with them, or make it available with your consent, for example to test our PUBLIC DEMO. To avoid misunderstandings, please read these terms carefully.

(a) Content Uploads. You are responsible for your use of our Services and for all content you provide, share, sync or upload, including compliance with applicable laws, rules and regulations. Please respect the rights and privacy of others as we respect them. By uploading your content to any of our Services, including our PUBLIC DEMO, which can be accessed by anyone without a password, you grant us permission to use (e.g. host, display, or convert) that content in accordance with our Terms of Service.

(b) Content Removal. If you remove your content from our Services, our systems will no longer make that content publicly available within a reasonable period of time, unless you have already shared copies of your content with others before you removed it. If your content was publicly available, it is possible that search engines such as Google will continue to find your content and display it as part of their search results.

(c) Public Forums. We may link to discussion forums, blogs, social media sites, or chat rooms (collectively, "Forums") on our website, app and/or docs. Any personal information you provide in such Forums may be read, collected or used by other visitors to those forums and may be used to send you unsolicited messages. We are not responsible for the personal information you provide in these Forums.

(d) Referral Program. Users, including one-time visitors and customers, can choose to use our referral program to tell friends about our products and services. When you use the referral program, we ask for your friend's name and email address and automatically send them a one-time email inviting them to visit our site. We do not store this information permanently.

(e) Testimonials. We may publish a list of users and testimonials on our website, app and/or docs that include personal information such as names and titles. We will obtain each user's consent before publishing any information in such list or testimonials.

6. Developer Tools

PhotoPrism operates a number of web services that help us develop and maintain our software in collaboration with the open source community, such as translate.photoprism.app to keep translations up to date.

(a) Because many of these apps and tools were originally developed for internal use without a high level of privacy in mind, we ask that you do not enter personal information such as your real name or personal email address if you want it to remain private.

(b) Be aware that such information may unexpectedly show up in logs, source code, translation files, commit messages, and pull request comments.

7. Reverse Geocoding API

If enabled, our privacy-preserving reverse geocoding service provides global location information to add details such as country, state, city, location type, and keywords to your photo and video metadata based on the GPS coordinates:

(a) Our services are designed not to compromise your privacy. For example, API requests are not logged other than as described in this Privacy Policy. All we could do is analyze the cache, which does not contain any personally identifiable information, to learn what countries or regions are popular among our users.

(b) The API approximates the coordinates and encodes them with a fuzzy S2 cell ID that does not include the house number or any other data identifying a specific residential address, except possibly in very sparsely populated areas of the world. Even then, we cannot trace the location back to a user, person, picture, or point in time.

(c) We may store your server's IP address and other HTTP request headers for a limited time, typically less than 20 minutes, to prevent abuse, implement rate limiting, and perform load balancing.

(d) Since traffic to our API is encrypted over HTTPS, no one intercepting the server-to-server communication can see the exact request and response; only the fact that you exchanged data with our backend.

8. Interactive World Maps

(a) When you use the interactive world maps integrated in our apps and services (with the exception of the low-detail offline map), MapTiler AG, based in Zug, Switzerland, stores your IP address for a limited period of time as required to perform security checks; the documented maximum is 20 minutes. After that, it is automatically discarded.

(b) This is necessary to detect and block malicious activity on their infrastructure, as well as for accounting purposes. Visit maptiler.com/privacy-policy to learn more.

9. Web Analytics, Request Logs and Statistics

This section covers data that is submitted to us in the standardized HTTP request headers that Browsers and other HTTP clients automatically send as part of the protocol. You can use a VPN provider and host apps like ours outside your home network to avoid the request IP being personally identifiable.

Plausible Analytics

When you browse any of our sites or use an app that communicates with any of our backend services, we may track your request on our self-hosted analytics service:

(a) Plausible Analytics collects the basic information listed below, however (i) in a more privacy-friendly way, without using cookies, and (ii) never stores IP addresses in its database or logs. The source code is open and available under the AGPL-3.0 License.

(b) Plausible Analytics provides simple, anonymized statistics based on (i) when and how often a URL was visited, (ii) which country the requesting IP address likely belongs to, and (iii) which browser and operating system vendor was detected.

(c) These statistics are used internally by our team to identify which features, pages, or other resources are most valuable to visitors. We do not share any of this information with third parties and do not store it longer than necessary.

Basic Information

This is the basic information that may be collected from anyone, regardless of whether they have an account with us:

• the service requested
• the date and time of the request
• browser and operating system vendor
• language preferences as configured in your Browser
• referring website, if any

Internet Protocol (IP) Addresses

Information collected may also contain potentially personally identifying information such as Internet Protocol (IP) addresses:

(a) Your IP address may be stored, at least for a limited time, in memory and logs automatically created by Docker, Traefik or other applications and services that are part of our infrastructure. Unless otherwise stated, we do not routinely analyze it and use it only to (i) provide the requested services, (ii) perform load balancing or enforce rate limits, (iii) comply with applicable laws, and (iv) detect, prevent, or address fraud, security, or technical issues, including the prevention of spam/malware.

(b) The Third-Party Subprocessors listed in Section 2 may also collect and analyze information about each request. They generally store the IP address in memory or logs for at least a limited time in order to (i) provide the requested services, (ii) perform load balancing or enforce rate limits, (iii) comply with applicable laws, and (iv) detect, prevent, or respond to fraud, security, or technical issues, including the prevention of spam/malware.

URL Shortener and Click Tracking

We may also collect this basic information when you follow some of the links on our website and in our documentation, especially through standardized short URLs:

(a) Standardized short URLs are used to (i) identify and avoid dead links, especially to external resources we do not control, and (ii) simplify maintenance and reduce overhead, allowing more time for technical support and development of features requested by our users.

(b) Short URLs are managed using a self-hosted Kutt instance. The source code is open and available under the MIT license.

(c) Plausible Analytics and Kutt both provide simple, anonymized statistics based on when and how often a link was followed, which country the requesting IP address likely belongs to, and which browser and operating system vendor was detected. These statistics are used internally by our team to identify which features, pages, or other resources are most valuable to visitors. We do not share any of this information with third parties and do not store it longer than necessary.

10. Debug Information

Our apps and backend services may store information in case of software errors. This information is for internal use only and will not be shared with third parties under any circumstances. Your personal information will be removed from bug reports before they are submitted and will only contain technical details or an anonymous identifier.

Questions?

You may contact us at privacy@photoprism.app if you have any questions about this Privacy Policy, our practices, or other privacy-related topics. Visit photoprism.app/contact to view our full contact information as required by law. We do our best to respond within five business days or less.