Privacy
Last updated: 1 May 2026
The short version
Your photos and videos never leave your Mac. Phovi has no servers, no analytics SDKs, and no remote telemetry until you explicitly opt in. There is nothing to leak because nothing is collected.
What runs on your Mac
The entire app — face detection, OCR, scene tagging, CLIP smart search, duplicate detection, the web UI you see — runs as a single process on your computer. The database is a local SQLite file. The ML models are bundled with the app or downloaded once from Apple/Hugging Face during first run.
What we never collect
- Your photos, videos, or any derived embeddings.
- Filenames, faces, locations, or EXIF metadata.
- Account information beyond what you type into the app.
- IP addresses, device identifiers, or precise timestamps.
Telemetry (off by default)
You can optionally enable two separate channels in Settings:
- Usage counters. Anonymous event names like
vacuum_runorimport_complete, with day-precision timestamps. No identifiers. - Crash reports. Stack traces and the path that triggered them. Useful for fixing bugs; useless for tracking you.
When you buy
Payments are processed by Lemon Squeezy as merchant of record. They see your name, email, and payment details to issue a receipt. We see only your email address (so we can deliver the licence key). We don't share, sell, or correlate that email with any other data. Refunds within 14 days of purchase, no questions asked.
Mobile app pairing
Phovi is wire-compatible with the official Immich iOS / Android apps. When you point the Immich app at your Mac, all traffic stays on your local network. Phovi exposes the same API the Immich server would; nothing routes through us.
Updates
Phovi checks for new versions via Sparkle, an open-source updater. The check sends only your current version number — no identifiers, no library size, nothing about you. You can disable update checks entirely in Settings.
Contact
Questions or concerns: privacy@phovi.ai.