Get Back

Help Center

Privacy Policy

Privacy Policy

Last updated: 2025-11-16

Eigenphoto runs entirely on your Mac. Your photos and metadata never leave your device.

Eigenphoto is built with privacy in mind. If you want to help improve the app, you can optionally export a small feedback bundle and send it to us. This Privacy Policy explains what data we collect, how we use it, and what choices you have under GDPR.

1. Summary

  • Eigenphoto processes your photo library 100% locally on your Mac
  • We never upload actual photos or raw metadata
  • TelemetryDeck sends anonymous, aggregate app analytics (counts, thresholds, progress numbers – never images)
  • If you join the waitlist, we store only your email address
  • You may optionally export correction files and send them to us to improve the model
  • You can request deletion of your data at any time

2. Data Controller

Paul E.
Berlin, Germany
Email: privacy@eigenphoto.app

Although we use “we” throughout this policy to describe the product, the legal data controller is the individual named above.

3. What the app does locally

Eigenphoto analyzes your library offline, directly on your device. This includes:

  • photos & videos
  • EXIF metadata (timestamps, camera info, location if available)
  • vision embeddings
  • quality signals
  • face embeddings (local only)
  • ML predictions and confidence scores
  • clustering & diversity features

This information never leaves your device.
Eigenphoto does not upload, sync, or transmit any part of your photo library.
We cannot access your library in any way.

4. Permissions & Sandboxing (macOS)

Eigenphoto relies on official Apple frameworks plus the macOS sandbox.

Photos Library

  • macOS shows a Photos prompt the first time you open the app
  • We need read access to load thumbnails and metadata so ML can run locally
  • Without permission, Eigenphoto cannot function

iCloud Photos

  • If iCloud Photos is enabled, macOS streams originals on demand
  • Eigenphoto never sees your Apple ID and cannot talk to iCloud servers directly

Export Folder

  • You pick the destination folder once; we store a security-scoped bookmark so the sandbox only lets us revisit that exact path
  • All other data stays inside the macOS app container, including an encrypted export database whose key lives in your Keychain

No hidden access

  • We only read the Apple Photos library and the folder you approved
  • No background uploads, no extra scans, no network calls beyond TelemetryDeck and the system frameworks we rely on

5. Anonymous analytics (TelemetryDeck)

Eigenphoto uses TelemetryDeck, a privacy-friendly EU-based analytics service.

What we send

TelemetryDeck assigns each installation a random hashed identifier. Every signal we emit only contains aggregate usage metrics so we can improve onboarding and reliability:

  • Library statistics: photo/video counts and total size in GB when the Photos framework finishes loading
  • Onboarding choices: selected quality mode, whether calibration completed, keep rates/thresholds (numbers only) so we know if personalization succeeds
  • Export progress: counts of items exported/kept in cloud, batch numbers, durations, optional review override counts
  • App context: ML model version, deletion batch size preference, whether auto-approve is enabled

We never send filenames, image previews, asset identifiers, personal locations, or the content of your photos. TelemetryDeck automatically hashes the client identifier, strips IP addresses, and hosts the data on EU servers.

Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in understanding feature usage, reliability, and onboarding success. Signals are purely operational statistics, and you can disconnect the Mac from the network if you prefer to run Eigenphoto fully offline.

6. Waitlist Email Collection (Website)

If you join the waitlist at eigenphoto.app, we collect:

  • your email address

Collected via Webflow Forms, which securely stores the submission and forwards it to our inbox.

What we do with your email

  • notify you about the public launch
  • invite you to beta testing (optional)
  • send occasional pre-launch updates

Legal basis: Art. 6(1)(a) GDPR — your consent.

Storage duration

We keep your email until:

  • you unsubscribe
  • or you request deletion
  • or the public launch occurs (after which renewed consent may be required)

You can unsubscribe anytime by replying or emailing privacy@eigenphoto.app.

7. Optional User-Provided Feedback Files

Eigenphoto includes an optional feature allowing you to export:

  • model predictions
  • your corrections (labels)
  • local ML features
  • metadata relevant to improving accuracy

This export stays on your device unless you choose to manually send it to:

feedback@eigenphoto.app

Key points

  • Eigenphoto never uploads these files automatically
  • You choose whether to export them
  • You choose whether to send them
  • Sending them is fully optional
  • You may request deletion at any time

Purpose: Improving the ML model and app quality.

Legal basis: Art. 6(1)(a) GDPR — explicit consent (you initiate the sending).

If you do email us an overrides archive, each photo reference is hashed (SHA-256, truncated) and features are listed by anonymous keys, so we cannot tie feedback back to your library without your accompanying explanation.

8. Website & Hosting

Our hosting provider (Webflow) automatically collects minimal technical logs:

  • IP address
  • browser type/version
  • timestamps
  • visited pages

These logs are used only for security and diagnostics.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in operating a reliable website.

Server data may be stored in the EU or US under Standard Contractual Clauses (SCCs). We also keep the app’s TelemetryDeck data in the EU by default.

9. Your GDPR Rights

You can request at any time:

  • access to your data
  • correction or deletion
  • withdrawal of consent
  • restriction of processing
  • objection to processing
  • a copy of your waitlist data
  • erasure of any data you sent us voluntarily

To exercise your rights, email: privacy@eigenphoto.app

You also have the right to lodge a complaint with the Berlin Data Protection Authority.

10. Children

Eigenphoto is not intended for children under 16.
We do not knowingly collect data from children.

11. Changes

We may update this policy periodically.
We will update the “Last updated” date and notify users of significant changes.

Private, on-device photo cleanup for macOS.