Privacy Policy

Last updated: March 1, 2026

What Data We Access

When you connect your Google account, the plugin requests the following OAuth scopes and accesses the corresponding Google user data:

Google User Data	OAuth Scope	Why We Access It
Email address	`email`	Displayed in the plugin settings so you know which Google account is connected
Photos and videos	`photoslibrary.appendonly`	Upload your Lightroom exports to Google Photos
Album metadata (names, IDs) created by this plugin	`photoslibrary.readonly.appcreateddata`	List your plugin-created albums inside Lightroom so you can publish to them
Media items created by this plugin	`photoslibrary.edit.appcreateddata`	Re-publish edited photos and remove images from plugin-created albums

How We Use Your Data

Your Google user data is used only to perform the photo publishing actions you explicitly initiate within Lightroom. We do not use your data for advertising, profiling, or any purpose beyond operating the plugin's core functionality.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What Data We Store

All data is stored locally on your computer:

OAuth tokens — stored in Lightroom preferences on your machine, used to authenticate with Google
License key — stored in Lightroom preferences on your machine

No data is sent to any server other than Google's APIs (for photo uploads and album management) and LemonSqueezy's API (for license key validation).

How We Protect Your Data

We apply the following technical and procedural safeguards to protect sensitive data:

Encryption in transit — All communication with Google Photos API and LemonSqueezy uses HTTPS/TLS. OAuth tokens and photo data are never transmitted over unencrypted connections.
Secure local storage — OAuth access tokens and refresh tokens are stored exclusively in Lightroom's built-in preferences store on your local machine. That storage is protected by macOS file-system permissions (user-only read/write access). No credentials are held on any external server.
No token logging — OAuth tokens are never written to log files, analytics systems, or any UI element. The only credential-derived information displayed is your Google account email address, used solely to confirm which account is connected.
Minimal-privilege access — The plugin requests only the narrowest OAuth scopes required for its core functions. It is technically unable to access photos or albums not created by the plugin (enforced by Google API restrictions since April 2025).
Token expiry and revocation — Access tokens expire automatically (typically within 1 hour). Refresh tokens are used only to obtain new short-lived access tokens without re-prompting you. Revoking access at myaccount.google.com/permissions immediately invalidates all tokens.

What We Do Not Do

We use Cloudflare Web Analytics for anonymous website traffic insights (pages visited, referrer). It uses no cookies and collects no personal data. We do not collect plugin usage data.
We do not store your photos on our servers
We do not share your data with third parties
We do not access photos you did not upload through the plugin (enforced by Google's API restrictions since April 2025)

Third-Party Services

Google Photos API — used to upload photos and manage albums. Subject to Google's Privacy Policy.
LemonSqueezy — used for license key validation only. Subject to LemonSqueezy's Privacy Policy.

Data Deletion

Revoke Google access: Disconnect your account in the plugin settings, or revoke access at myaccount.google.com/permissions
Deactivate license: Use the deactivate option in plugin settings to clear your license data
Uninstall: Remove the plugin from Lightroom to delete all locally stored data

Contact

For privacy inquiries, please use our contact form.