Privacy Policy

Last updated: March 1, 2026

What Data We Access

When you connect your Google account, the plugin requests the following OAuth scopes and accesses the corresponding Google user data:

Google User Data	OAuth Scope	Why We Access It
Email address	`email`	Displayed in the plugin settings so you know which Google account is connected
Photos and videos	`photoslibrary.appendonly`	Upload your Lightroom exports to Google Photos
Album metadata (names, IDs) created by this plugin	`photoslibrary.readonly.appcreateddata`	List your plugin-created albums inside Lightroom so you can publish to them
Media items created by this plugin	`photoslibrary.edit.appcreateddata`	Re-publish edited photos and remove images from plugin-created albums

How We Use Your Data

Your Google user data is used only to perform the photo publishing actions you explicitly initiate within Lightroom. We do not use your data for advertising, profiling, or any purpose beyond operating the plugin's core functionality.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What Data We Store

All data is stored locally on your computer:

OAuth tokens - stored in Lightroom preferences on your machine, used to authenticate with Google
License key - stored in Lightroom preferences on your machine

No data is sent to any server other than Google's APIs (for photo uploads and album management) and LemonSqueezy's API (for license key validation).

How We Protect Your Data

We apply the following technical and procedural safeguards to protect sensitive data:

Encryption in transit - All communication with Google Photos API and LemonSqueezy uses HTTPS/TLS. OAuth tokens and photo data are never transmitted over unencrypted connections.
Secure local storage - OAuth access tokens and refresh tokens are stored exclusively in Lightroom's built-in preferences store on your local machine. That storage is protected by macOS file-system permissions (user-only read/write access). No credentials are held on any external server.
No token logging - OAuth tokens are never written to log files, analytics systems, or any UI element. The only credential-derived information displayed is your Google account email address, used solely to confirm which account is connected.
Minimal-privilege access - The plugin requests only the narrowest OAuth scopes required for its core functions. It is technically unable to access photos or albums not created by the plugin (enforced by Google API restrictions since April 2025).
Token expiry and revocation - Access tokens expire automatically (typically within 1 hour). Refresh tokens are used only to obtain new short-lived access tokens without re-prompting you. Revoking access at myaccount.google.com/permissions immediately invalidates all tokens.

What We Do Not Do

We use Cloudflare Web Analytics for anonymous website traffic insights (pages visited, referrer). It uses no cookies and collects no personal data. We do not collect plugin usage data.
We use Google Analytics 4 to understand how visitors use the site (page views, button clicks, scroll depth) so we can improve it. IP addresses are anonymized and Google’s advertising signals are disabled.
We use Microsoft Clarity to capture anonymized session recordings and click heatmaps so we can see where visitors get stuck or confused. No personally identifiable information is collected. See Clarity’s privacy statement.
We do not store your photos on our servers
We do not share your data with third parties
We do not access photos you did not upload through the plugin (enforced by Google's API restrictions since April 2025)

Third-Party Services

Google Photos API - used to upload photos and manage albums. Subject to Google's Privacy Policy.
LemonSqueezy - used for license key validation only. Subject to LemonSqueezy's Privacy Policy.

Data Deletion

Revoke Google access: Disconnect your account in the plugin settings, or revoke access at myaccount.google.com/permissions
Deactivate license: Use the deactivate option in plugin settings to clear your license data
Uninstall: Remove the plugin from Lightroom to delete all locally stored data

Face Tagger - Biometric Data

This section applies only to the Face Tagger plugin. It describes how the plugin handles face data (biometric identifiers and biometric information as defined by laws such as Illinois BIPA and GDPR Art. 9).

Everything stays on your Mac. Face Tagger detects and recognizes faces using AI that runs entirely on your computer (InsightFace for face encoding, YOLO for body detection). Face images, face encodings (512-dimensional numeric vectors), and scan results are stored in a local SQLite database (face_data.db) next to the plugin folder.
Nothing is uploaded. The plugin does not transmit your photos, face encodings, or any derived biometric data to our servers, to any cloud service, or to any third party. After a one-time model download at first launch (~500 MB of public AI model weights), the plugin operates fully offline.
Model weights source. On first launch, the plugin downloads InsightFace (ArcFace buffalo_l) and YOLO model weights from their respective public CDNs. These are the AI models themselves - no personal data is sent to download them. After that initial download, no further internet access is required for face recognition.
You are the controller. You alone decide which photos to scan, which faces to train, and which names to assign. We have no access to any of this data.
Deletion:
- Remove a specific person: Library > Plug-in Extras > Manage People & Data > Delete Person erases that person's training encodings and all scan-result rows referencing them.
- Remove all face data: delete face_data.db from the plugin parent folder, or uninstall the plugin.
- Uninstalling the plugin from Lightroom's Plug-in Manager does not delete face_data.db automatically - remove the file from disk as well if you want a clean slate.
Retention: face data is retained only on your machine, only for as long as you keep the plugin installed and the database file in place. There is no fixed retention period; you delete it when you want to.
No sharing or sale. We do not and cannot sell, share, trade, or otherwise transfer your biometric data. It never reaches us.
GDPR (EU/UK users): you act as both the data controller and the data processor of the biometric data Face Tagger generates. We are not in the data flow and have no processor relationship with you regarding this data.
BIPA (Illinois users): biometric identifiers (face geometry) and biometric information derived from your photos are collected by Face Tagger running on your own computer, solely to provide the face-recognition feature you purchased. The data is stored on your device, retained only at your discretion, and is never disclosed, redisclosed, sold, leased, traded, or otherwise profited from by Lightroom Tools.
License validation: the only outbound network call Face Tagger makes is to LemonSqueezy for license-key activation and deactivation. No biometric data, photo data, or face encodings are included in that call - only the license key and a machine identifier.

Contact

For privacy inquiries, please use our contact form.