ImageTools Privacy
Last updated: 2026‑05‑27

ImageTools is open‑source software that can be installed and run by anyone on their own infrastructure. This page describes what the software does with data by design. Responsibility for the privacy and handling of any data uploaded to a specific deployment rests with the operator who runs that deployment — not with the ImageTools project.

About this instance. This deployment of ImageTools is hosted by the operator of this domain. The ImageTools project does not host, control, or have visibility into data stored on this instance and cannot make any assertion about how the operator handles, retains, secures, or shares uploaded data.

For privacy questions about this deployment specifically — including where your images are stored, how long they are kept, who has access, and how to delete them — please contact the operator of this domain. If you cannot identify the operator, you should not upload personal or sensitive material to this instance.

What the software is capable of handling
When you use ImageTools, the software running on this server may process and store:

Images you upload — via the web interface, the mobile companion app, or the ImageTools Screenshot Capture browser extension. Images are processed (resized, compressed, annotated, tagged) and stored against your user account on this server.
Image metadata (EXIF) — extracted from uploads, including capture date, camera information, and GPS coordinates if they are present in the original file.
Account information — depending on the authentication method the operator has configured (OAuth2 provider, Authelia or another reverse‑proxy header, basic auth, or anonymous mode), the software may receive your username, display name, and email address from that identity provider.
Service logs — request paths, IP address, and timestamps for security, rate limiting, and debugging.
Optional integrations
ImageTools includes optional features that, when enabled by the operator, will send some data to external services:

AI features via OpenRouter. If the operator has enabled the AI integration, and you explicitly invoke an AI action, the relevant image and prompt are sent to OpenRouter, which forwards them to the underlying model provider you select. AI features are never invoked unless you start them yourself.
OAuth2 / single sign‑on. If the operator has configured an external identity provider, your authentication request is sent to that provider as part of the sign‑in flow. The ImageTools project does not operate any identity provider on your behalf.
Whether either of these is enabled, and which providers are used, is the operator’s decision. Check with the operator of this domain to find out what is configured on this instance.

Browser extension specifics
The ImageTools Screenshot Capture browser extension only captures images when you explicitly invoke a capture (popup button, right‑click context menu, or keyboard shortcut). It does not run captures in the background. Captures are sent over HTTPS to whichever ImageTools server you connected the extension to; no third party receives them.

The extension stores its authentication token in browser.storage on your device. The token is sent only to the ImageTools server you registered with, and can be revoked from that server’s Settings panel at any time.

The extension requests the following permissions:

activeTab and tabs — to capture the currently visible tab on your command.
contextMenus — to add capture commands to the right‑click menu.
storage — to remember the authentication token across browser restarts.
notifications — to show capture success or failure messages.
<all_urls> — required so the capture works on any page. The extension does not read or send page content automatically; it only acts when you invoke a capture.
Data retention defaults
By default the software:

Retains images uploaded by authenticated users until you delete them or your account is removed by the operator.
Deletes images uploaded in anonymous mode after 30 days.
Retains service logs for up to 90 days.
The operator of this instance may have configured different retention windows, or may have additional backup, replication, or archival policies the ImageTools project has no visibility into.

Your rights and how to exercise them
Within the application you can:

Delete any image at any time from the web UI.
Revoke connected browser extensions and active sessions from the Settings panel.
For account deletion, a copy of your data, correction of inaccurate information, or any other formal privacy request under your local data‑protection law, contact the operator of this domain. The ImageTools project cannot fulfil requests against individual deployments.

About this software
ImageTools is open‑source. The project source is available at https://github.com/githuba42r/ImageTools.

This page describes the software’s default data‑handling behaviour. Each operator may configure or customise it. The current state of this specific instance — including all of the above — is the responsibility of the operator of this domain.

ImageTools is open‑source self‑hosted software. This privacy notice describes the software’s default behaviour and does not bind any specific operator. Contact the operator of this domain for instance‑specific privacy enquiries.