The short version
DupeOut never sends your photos anywhere. Hashing, similarity embeddings, clustering, and bad-photo detection all run locally on your iPhone or iPad using Apple's Vision and PhotoKit frameworks. There is no DupeOut server because there is no DupeOut server. Nothing to upload, nothing to leak, nothing to subpoena.
What data is collected
None on our side. DupeOut has no analytics, no telemetry, no crash reporters, no third-party SDKs, and no advertising. The app makes zero network calls during normal use. The only data the app touches is your photo library, and only because you explicitly granted Photos access.
Photo library access
When you grant Photos access (full library, not Limited), DupeOut reads each asset's perceptual hash, a small image embedding, sharpness/luminance signals, EXIF capture date, and Live Photo / file size metadata. Those derived signals stay in a SwiftData store inside the app's sandbox on your device. The original photos are never copied — only short fixed-size feature vectors derived from a 96×96 grayscale pass.
The app uses Apple's VNFeaturePrintObservation for similarity, the system Laplacian variance for sharpness, and standard luminance histograms for the Bad Photos detector. None of that touches the network.
Deletions and the Trash safety net
When you tap Move to Trash, DupeOut backs up the photo's image data to its local sandbox first, then asks the system Photos library to delete the original via PHAssetChangeRequest.deleteAssets. Photos shows the standard "Allow DupeOut to delete N photos?" confirmation; tap Don't Allow and nothing is deleted. The 30-day Trash inside DupeOut is the safety net — restore from there returns the photo to your library with its Live Photo pairing intact when applicable.
iCloud Photos
DupeOut respects your iCloud Photos download state. If a photo is iCloud-only and not downloaded to your device, DupeOut will request the resource from iCloud through PhotoKit (the same way Photos.app does); Apple handles the network. We never see iCloud credentials or content directly.
Third-party services
DupeOut uses only Apple-provided frameworks: PhotoKit, Vision, SwiftData, StoreKit, App Intents. There are no third-party tracking SDKs, ad networks, analytics services, or AI providers in the app.
Data retention
The local SwiftData index persists on your device until you clear the cache from Settings → Cache, or delete the app. There is no remote copy. Uninstalling DupeOut removes everything.
Children's privacy
DupeOut is not directed at children under 13. We do not knowingly collect data from children.
Changes to this policy
If material changes are made, the "Last updated" date above changes and the change is mentioned in the next release notes.
Contact
For privacy questions, email hechen.dream@gmail.com.