Ohhi

Privacy

Last updated: 14 May 2026

What you share stays yours. We don’t sell your data, we show no ads, we don’t use your photos or videos to train AI models, and we don’t pass anything on to third parties for marketing purposes. Below is exactly what we do do.

What we store

  • Account: email address, name (optional), and a hashed version of your password.
  • Photos & videos: the files themselves plus the associated EXIF metadata (camera, date, GPS if it was embedded in the file). Plus IP address and user agent for each upload.
  • Folder structure and sharing settings you create yourself.
  • Comments and likes you leave on shared photos and videos, visible to the other members of that circle.
  • Derived data:face clusters (only if you’ve enabled face recognition on your profile — off by default), automatic tags, and thumbnails. These are generated locally on our own servers; we never send your photos to external AI APIs.
  • Push notification token: if you enable notifications on your phone, Apple or Google sends us an anonymous device token. We only use it to notify you when your processing is done or when someone shares something in your circle.
  • Payment data: if you take a paid subscription we use Mollie (NL) to process the payment. We only see whether the payment succeeded, never your IBAN, card number or CVC — those stay with Mollie.

Retention periods

  • Photos, videos and albums: as long as your account is active. On cancellation everything is deleted immediately — in practice within minutes from both our database and object storage. There is no recovery window.
  • Account & billing history: personal data is deleted immediately on cancellation; anonymised invoices are kept for 7 years (Dutch fiscal retention obligation).
  • Logs (IP, user agent): 90 days, then automatically deleted.
  • Face embeddings: removed immediately when you disable face recognition, or on account cancellation.

Face recognition & biometrics

Face embeddings fall under special categories of personal data (GDPR art. 9). We only process them after your explicit consent via an opt-in on your profile page. You can withdraw consent at any time; on withdrawal we immediately delete all existing embeddings and clusters.

Where we store it

All data is held on servers within the European Union. Photos don’t leave our servers for processing — face detection and tagging also run in our own environment, not via external AI APIs.

Who can access it

Only you and the people you invite to a folder. We don’t look at your photos; the only exception is an administrator intervening for an acute technical problem, in which case we log what was viewed.

What we don’t do

  • No ads or ad networks
  • No tracking cookies or third-party analytics
  • No training of AI models on your photos
  • No sale or transfer of data to third parties

Cookies

We use one strictly necessary cookie to remember your login session (ohhi_token). No tracking, no analytics, no consent banner needed.

Sub-processors

We use a limited number of partners to run Ohhi — each under a data processing agreement. Photos and videos themselves are stored only with Hetzner in the EU. For partners outside the EU/EEA we rely, where required, on the European Commission’s Standard Contractual Clauses (SCCs) or a valid adequacy decision.

  • Hetzner Online GmbH (Germany/Finland) — server hosting and object storage for your photos and videos.
  • BunnyWay d.o.o. (Slovenia) — Bunny CDN, used to deliver your photos and videos quickly; processes IP address and the requested URL.
  • Mollie B.V. (Amsterdam) — payment processing for subscriptions.
  • MailerSend (MailerLite UAB, Lithuania) — transactional email (confirmations, password resets, notifications).
  • Komoot GmbH (Germany) — Photon geocoding for place search when you tag a location; receives your search query and IP address as you type.
  • OpenStreetMap Foundation(United Kingdom) — map tiles and reverse geocoding on the map view; receives your IP address and the region you’re viewing.
  • Apple Inc. (United States) — push notifications on iOS (device token only, no message content) and Sign in with Apple for accounts that log in with an Apple ID.
  • Google LLC (United States) — push notifications on Android via Firebase Cloud Messaging, device token only (no message content).

Your rights

Under the GDPR you have the right to access, correct, erase, restrict, port and object to the processing of your data. For any of these requests — including a data export — email privacy@ohhi.nl. We respond within 30 days. Not happy with our response? You can lodge a complaint with the Dutch Autoriteit Persoonsgegevens or your local data protection authority.