Is Your Image Editor Training AI on Your Photos?
Some online image tools upload your photos to servers where they could be used to train AI models. Here's how to check and what to do about it.
My sister sent me a photo of her new baby last year. Cute kid, tiny hands, the whole deal. She had taken it with her phone and wanted me to compress it so she could email it to our parents. I opened the first image compressor that came up on Google, dropped the file in, and moved on with my day.
A week later I was poking around that same site’s privacy policy. I do that sometimes because I’m weird. And right there in section 4, buried under some legal boilerplate, was this sentence: “We may use uploaded content to improve our services and develop new features.”
Improve our services. That phrase is doing a lot of heavy lifting.
What that phrase actually means
“Improve our services” can mean a lot of things. It could mean they’re looking at what file types people upload so they can add support for more formats. That’s fine. But it can also mean they’re feeding your photos into a machine learning pipeline to train image recognition models. Or background removal models. Or generative AI features.
You can’t tell from the outside. The language is deliberately vague so it covers everything.
I started checking privacy policies for the image tools I’d used over the past year. It took an afternoon and a lot of coffee. Here’s what I found.
What the major tools say about your data
I looked at five popular image editing tools that millions of people use every month.
TinyPNG says in their FAQ that they “do not use uploaded images for training machine learning models.” That’s pretty direct. They also say files are deleted from their servers after 20 minutes. Good stuff. But notice the wording only covers machine learning. There’s no guarantee they won’t use upload data for other analytics purposes.
iLoveIMG states that uploaded files are “automatically deleted” after a few hours. Their privacy policy mentions processing data for “service improvement” but doesn’t specifically address AI training. The ambiguity is the problem. You’re left guessing.
Fotor is where things get less clear. Their terms reference using user content for “product development and improvement.” Fotor has AI features baked into their product: AI background removal, AI enhancement, AI object removal. Where did the training data for those features come from? Their policy doesn’t say it wasn’t user uploads. Draw your own conclusions.
Remove.bg has a solid privacy page that says they don’t sell your images. But their AI model has to be trained on something. They don’t explicitly rule out using uploaded images for retraining or fine-tuning their background removal model.
Canva is upfront about using content to improve their AI features. Their 2024 policy update specifically mentions AI training on user content with an opt-out mechanism. At least they tell you. Most don’t.
I’m not saying any of these companies are doing something shady. Some of them are probably fine. The point is that most privacy policies are written so broadly that they could do it tomorrow without changing a single word.
The AI training problem is real
This isn’t hypothetical panic. In 2023, a study from researchers at USC and UC Berkeley found that popular image generation models had been trained on copyrighted photographs scraped from the web without consent. Photographers found their exact images reproduced in AI outputs.
Midjourney and Stability AI both faced class action lawsuits from artists and photographers in 2023 and 2024. The Getty Images lawsuit against Stability AI alleged that over 12 million Getty photos were used to train Stable Diffusion without permission or compensation.
In April 2024, a Stanford study found that the LAION-5B dataset, which was used to train many popular image models, contained thousands of images of real people who never consented to being included. Some were minors.
The models are hungry. They need millions of images to get good at what they do. And every photo you upload to a server is potentially a data point someone could use.
What’s hiding in your photos
Here’s the part that really bothers me. It’s not just the image itself. It’s the metadata.
Every photo your phone takes includes EXIF data. That’s a small bundle of information attached to the file. A typical smartphone photo includes the GPS coordinates of where it was taken, the exact date and time down to the second, the camera model, the lens, the aperture setting, and whether the flash was used.
I checked a photo I took at my apartment last week. The EXIF data had my exact address. Latitude and longitude, precise to about three meters. Anyone who gets that file knows where I live.
Now think about what happens when you upload a family photo to an image compressor. If the server stores it, even temporarily, someone with access could pull your home address, your kids’ school location, your vacation spots. Faces in those photos could be run through facial recognition. The interior of your home is visible.
In 2019, a researcher found that a popular photo editing app had been quietly uploading full EXIF data to their servers, including GPS coordinates. The app had over 10 million downloads on Android alone.
How to check if a tool is safe
I made myself a checklist after that baby photo incident. I run through it before I use any new image tool.
Does the privacy policy say “upload”? If the tool talks about uploading your images, that means your files are going to a server. That’s the first flag.
Does it mention “improving services” or “product development”? This is the phrase that covers AI training. If you see it, assume your images could end up in a training set.
Is there a specific statement about AI training? Some tools will explicitly say they don’t use your images for AI. That’s a good sign. But check if that promise is in the actual terms of service or just a blog post. Blog posts can be quietly updated.
Does it offer local processing? Tools that run entirely in your browser don’t need to upload anything. Your images stay on your device. This is the strongest guarantee you can get.
How long are files retained? If files are deleted immediately after processing, the risk is lower than if they’re stored for days or weeks. Look for specific timeframes, not vague language like “retained as needed.”
Can you delete your data? GDPR requires companies to let you request deletion. But the process should be easy, not buried in a contact form that nobody reads.
Why I switched to local processing
After going down that rabbit hole, I stopped using server-based image tools for anything personal. Family photos, ID documents, anything with my face or my address in it. It wasn’t worth the anxiety.
That’s what led me to build my workflow around ImgPrism. The architectural difference is the whole point. Server-side tools follow a client-server model: your browser is a thin client that sends data to a backend for processing. Client-side tools invert that. Your browser is the runtime. The “backend” is the JavaScript engine and WebAssembly runtime already installed on your machine.
In a client-server architecture, the server must receive the data to do anything with it. That’s not a policy choice. It’s how the architecture works. The only way to guarantee your images won’t be used for AI training is to use a tool where the images are never available to be used for anything, because they never reach a server in the first place. Client-side processing makes that guarantee structural, not contractual.
I’ve run about 500 product photos through it since switching. Work stuff, personal shots, screenshots, you name it. The compression quality matches what I was getting from TinyPNG. Usually within 2-3% on file size. And I don’t have to think about who else might be looking at my files.
The tradeoff is speed on very large batches. Processing 50 images locally takes a bit longer than a cloud service because your CPU is doing all the work. On my MacBook it handles about 3-4 images per second. For most people that’s plenty fast.
A simple rule of thumb
If the image has personal information in it, faces, addresses, documents, kids, use a local tool. If it’s a product shot on a white background with all metadata stripped, a cloud service is probably fine.
I still use cloud tools for generic stuff. But the baby photos? Those stay on my machine.
Try it yourself. Open the ImgPrism compressor, drop in a photo with sensitive content, and notice the architecture. There is no progress bar for an upload because there is no upload step. The file opens, compresses, and saves, all within the same runtime that loaded the page. Structural privacy beats a privacy policy every time.