AI photo app privacy: which apps actually protect your data in 2026?
A privacy-focused comparison of the major AI photo apps in 2026. Which apps train shared models on your photos? Which delete on request? Which encrypt at rest? An honest comparison.
By Jiuhong Deng · · Updated
In 2026, the most consequential privacy question for AI photo apps isn’t whether they “store your photos.” It’s whether your reference photos are used to train shared models that future users — or future training data providers — can learn from. This piece compares the major apps on that question and a few others.
The privacy questions that actually matter
For AI photo apps, the privacy considerations break into five categories:
- Shared model training. Are your reference photos used to improve models other people use?
- Data retention. How long after you delete a photo or close your account is the data actually removed from systems?
- Encryption. Are photos encrypted at rest and in transit?
- Third-party sharing. Do they share data with third-party AI training data providers?
- Memorial-specific protections. For photos of deceased people, are there additional retention or sharing protections?
The 2026 comparison
| App | Shared model training | Default retention | Encryption | 3rd-party AI training data | Memorial-specific |
|---|---|---|---|---|---|
| Lover Snap | Never | 30 days post-deletion | AES-256 at rest, TLS 1.3 | Never | Yes (published ethics) |
| MyHeritage Deep Nostalgia | Not used for shared models per current ToS | Per MyHeritage genealogy ToS | Standard MyHeritage | Per ToS | Implicit |
| PhotoAI | Per current ToS, photos used only for user’s own generations | Per ToS | Standard | Per ToS | None |
| Aragon AI | Explicit no-training claim | 30-90 days | Standard | None | None |
| Lensa | Earlier policy attracted criticism in 2022-23; check current ToS | Per current ToS | Standard | Check current ToS | None |
| Hereafter AI | Conversational training only on recorded sessions | Per consent | Standard | None | Yes (consent-based) |
| Remini | Per current ToS; restoration is single-photo workflow | Per ToS | Standard | Check current ToS | None |
The honest disclaimer: ToS change frequently, and the table reflects best-available information as of mid-2026. Always check the current policies of any tool you’re seriously considering.
What “never used for shared models” should mean
A meaningful no-shared-training commitment includes:
- Your reference photos are not used to fine-tune the publicly-available image model the app uses.
- Your trained AI character is not used as training data for the app’s general improvement.
- Your generated outputs are not used to train any other model.
- The app does not sell, license, or otherwise share your data with third-party AI training data providers.
All four matter. A claim like “we don’t sell your data” without the other three is hollow.
What 30 days post-deletion actually means
When you delete a photo or close your account, two clocks start:
- Soft delete clock: The data is marked deleted and inaccessible. This typically happens immediately.
- Hard delete clock: The data is removed from active systems and backups. This typically takes between 24 hours and 30 days, depending on backup rotation schedules.
30 days is the industry floor in 2026. Anything longer is a red flag; anything significantly shorter suggests they may not have proper backup hygiene.
Memorial-specific privacy considerations
For AI photo apps that handle photos of deceased loved ones, additional protections matter:
- Next-of-kin takedown. Can a family member request removal of a deceased person’s likeness from another user’s account?
- No public model contamination. Are reference photos of the deceased never used to train shared models that other users will encounter?
- Refusal of minors. Does the app refuse to generate AI photos of children even when the uploader is a family member of a deceased child?
Lover Snap addresses all three explicitly — see our AI Content Policy and ethics framework.
What about payment and account data?
Beyond reference photos, AI photo apps also handle:
- Email address for account creation.
- Payment info, typically via Apple App Store (we never see card numbers) or Stripe.
- Usage metadata (which scenes you generate, when, how often).
Standard 2026 practice: Apple billing handles all card data; Stripe handles backend refunds. Usage metadata should be retained for product analytics with anonymization, but not sold.
How to evaluate any app’s privacy
Five questions to ask before uploading photos to an AI app:
- Does the privacy policy explicitly say reference photos are not used to train shared models?
- Is there a clear data-deletion mechanism with a 30-day-or-less hard-delete promise?
- Is encryption at rest and in transit specified?
- Is third-party sharing limited to processors with binding agreements?
- For memorial use specifically: is there a next-of-kin takedown channel?
A “yes” to all five is the 2026 standard. Anything less is worth questioning.