Home Upload How it works Plugins API FAQ Contact
uploadimages://privacy
SIGNED
[system] Loaded canonical privacy policy.
[meta] last_updated = June 21, 2026
[meta] covers = website + mobile app (Google Play)
tl;dr

UploadImages.org is designed so we cannot see your images. Photos are encrypted on your device before they are uploaded. The decryption key never reaches our servers - it travels only in the share link you control. We do not require accounts, do not show advertisements, and do not use third-party analytics or tracking.

This Privacy Policy describes how UploadImages.org ("we", "us", "the service", "the app") handles information when you use our website at https://uploadimages.org or our mobile application available on Google Play. This policy applies to both the website and the mobile app.

1. Information We Process

1.1 Encrypted image data

When you upload an image, the app first encrypts it locally on your device using AES-256-GCM, an industry-standard authenticated encryption algorithm. The encryption key is derived from a random 256-bit seed using HKDF-SHA256. Only the encrypted ciphertext is transmitted to our servers. We do not have the keys necessary to decrypt your images, and we cannot recover their content. The ciphertext we store appears to us as random bytes with no intelligible structure.

1.2 Share-link fragments

The decryption key, initialization vector, and integrity tag are encoded into the URL fragment (the part after the #) of the share link the app generates for you. URL fragments are, by standard web browser behaviour, never transmitted to the server during normal navigation. We therefore do not receive or store these values.

1.3 Server logs

Our web server keeps short-lived access logs containing:

  • Your IP address
  • The HTTP method and path requested
  • Response code and size
  • User-agent string
  • Timestamp

These are retained for up to 30 days for security and abuse-prevention purposes, then automatically rotated and deleted. We do not link log entries to identities, and we do not sell, share, or use them for advertising. Logs may be inspected manually only in response to a specific abuse report or security incident.

1.4 Image metadata

The app strips EXIF metadata (including GPS coordinates, camera model, and timestamps) from selected photos before encryption. The unencrypted metadata never leaves your device.

2. Information We Do Not Collect

We do not collect or process:

  • Your name, email address, phone number, or any account credentials (the service does not use accounts)
  • Your contacts, calendar, location, microphone audio, or camera streams
  • Advertising identifiers or any data used for behavioural advertising
  • Third-party analytics, fingerprinting, or cross-site tracking data
  • Decrypted image content (we cannot, by design)

3. Permissions Used by the Mobile App

  • Read media images — to let you pick a photo from your gallery to upload. We do not scan your gallery; only the file you explicitly select is read.
  • Internet — required to upload encrypted data to our servers and to fetch encrypted data when you view a shared link.

The app does not request camera, location, microphone, contacts, calendar, SMS, call-log, or accounts permissions.

4. Local Storage on Your Device

The app stores the following locally on your device, never transmitted to us:

  • Your saved share links ("vault"), encrypted at rest using a key held in your device's secure storage (Android Keystore / expo-secure-store)
  • Your app preferences (theme, language)

Uninstalling the app deletes all locally stored data. This data is not recoverable after uninstall.

5. How Long We Retain Encrypted Images

Encrypted images are stored on our servers indefinitely unless:

  • You request deletion using the deletion link or contact us at the address below;
  • The content is removed under our abuse policy;
  • We discontinue the service, in which case we will provide at least 30 days' notice on the website.

6. Disclosure to Third Parties

We do not sell, rent, trade, or share your data with any third party for marketing or analytics purposes. We may disclose encrypted ciphertext or server log entries only if:

  • Required by a binding legal order from a competent authority with jurisdiction over us;
  • Necessary to investigate a credible report of abuse, fraud, or a security incident affecting the service.

Because we do not hold the decryption keys, we cannot disclose decrypted image content even when ordered to. We would be able to disclose only the ciphertext, IP-address log entries (if still within retention), and the image identifier.

7. Your Rights

7.1 Users in the United States

Depending on your state of residence, applicable laws (such as the California Consumer Privacy Act and similar state privacy statutes) may grant you the right to:

  • Know what categories of personal information we process about you;
  • Request deletion of personal information we hold about you;
  • Opt out of any sale or sharing of personal information (we do not sell or share personal information for advertising purposes);
  • Be free from discrimination for exercising any of these rights.

Because we do not require accounts and do not collect identifiers beyond ephemeral IP-address logs, the practical scope of these requests is limited. We will honour verified requests within the timeframes required by applicable law.

7.2 Users in the European Economic Area and United Kingdom

If you are located in the EEA or UK, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent UK law:

  • Right of access — to know what data we hold about you. In practice, this is limited to recent server log entries containing your IP address.
  • Right of erasure — to request deletion of uploaded images or log entries that can be linked to you.
  • Right to object — to processing for security and abuse prevention; we may refuse only where overriding legitimate grounds exist.
  • Right to lodge a complaint — with your national data protection authority.

7.3 How to exercise your rights

Requests can be sent to the contact address in section 12. Please include enough information for us to identify the data in question (for example, the image ID from a share link, or an approximate date and IP address for a log lookup).

8. International Data Transfers

The service is operated from the United States. If you access the service from outside the United States, your data may be transferred to and processed in the United States. We rely on standard contractual protections and the safeguards described in this policy to ensure your data receives appropriate protection regardless of where it is processed.

9. Children's Privacy

The service is not intended for users under 18 years of age, and is not directed at children. We do not knowingly process data from anyone under 13 years of age. If we become aware that we have collected data from a child under 13 without verified parental consent, we will delete it promptly. If you believe a minor is using the service in a way that creates a privacy concern, please contact us.

10. Abuse Reporting and Illegal Content

Although we cannot decrypt user images, we take reports of illegal content seriously. To report suspected abuse — including child sexual abuse material, non-consensual intimate imagery, or content that violates our terms of service — use our contact form or email [email protected] with the share link. We will:

  • Remove the underlying ciphertext from our servers within 24 hours of receiving a credible report;
  • Preserve the ciphertext and minimal log data for the purposes of reporting to the competent authorities where legally required, including reports to the National Center for Missing & Exploited Children (NCMEC) for suspected child sexual abuse material;
  • Cooperate with law enforcement under valid legal process.

11. Security

All connections between your device and our servers use TLS 1.3. Encrypted image data is additionally protected at rest by a separate cryptographic envelope (NIST-standardized post-quantum algorithms ML-KEM-1024, ML-DSA-87, and SLH-DSA-SHAKE-256s). We follow current best practices in server configuration, dependency management, and key handling. No security system is ever perfect; we will notify affected users without undue delay if we become aware of an incident that materially affects their data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced on the website with at least 14 days' notice before they take effect. The "Last updated" date at the top of this document reflects the most recent revision.

13. Contact

For privacy inquiries, deletion requests, or general questions about how the service handles data, contact us via the contact form or directly at: