Trust by architecture
Stream is built so there is nothing to trust us with.
Photo apps often ask you to believe a privacy promise. Stream takes a different route: your photos stay in your storage, AI runs on your device, and organization data stays under your account.
Data handling
Three rules behind the product.
Photos stay in your storage
Stream connects directly to Local Photos, NAS, WebDAV, S3, FTP, Immich, and PhotoPrism. Your originals do not pass through Stream servers.
AI runs on your device
Image models, text models, indexing, and natural language search run locally, so prompts and search results stay on your device.
Marks sync through your account
Favorites, archive state, private marks, and albums live on your device and can sync through your iCloud, not through a Stream account.
Practical result
Privacy becomes verifiable from your side.
Because Stream is a management interface instead of a storage service, the important question is not whether a company behaves well on hidden servers. The data path is visible: your device talks to your storage and your iCloud.
We cannot look at your photos
The library is not on our side, so privacy does not depend on a promise not to inspect it.
We cannot train on your data
Stream does not possess your photo library or search prompts as a server-side dataset.
A Stream breach cannot leak your library
There is no Stream-hosted photo copy to expose. Your risk belongs to the storage locations you choose.
Honest trade-off
Local privacy uses local resources.
On-device AI means indexing and search may use battery, storage, and compute on your device. Since Stream does not keep a server-side copy of marks data, enabling iCloud Sync or keeping regular backups is the right habit.