Privacy Policy

Pino does not send any of your data anywhere. Everything — your photos, the search index Pino builds from them, recognized text, and locations — lives on your device and stays there. No accounts, no tracking, no ads, no analytics SDKs, no cloud upload.

Pino works completely offline once installed. The AI that understands your photos, the OCR that reads text from them, and the geocoding that recognizes places — all of it runs on your iPhone.

Building the search index

To make your library searchable, Pino reads every photo locally and produces a small numerical fingerprint (an "embedding") that captures what's in the image. These fingerprints are stored on your device only.

• Photo embeddings (~2 KB per photo) — used for visual search
• Recognized text from screenshots and photos (OCR) — used for text search
• City and country names from photo location metadata — used to group photos by place

Where this happens

All processing is done on your iPhone using Apple's on-device AI, Vision (OCR) and CoreLocation (geocoding) frameworks. Nothing about your photos is transmitted to Pino's servers, because Pino has no servers.

• Pino does not upload your photos, anywhere, ever
• Pino does not require an account, email, or any registration
• Pino does not collect analytics about your library, your queries, or how you use the app
• Pino does not contain third-party SDKs for ads, tracking, attribution, or crash reporting
• Pino does not transmit GPS coordinates from photo metadata to any server
• Pino does not share, sell, or transfer your data to any third party — there is nothing to share

What Pino accesses

Pino requests Photos permission when you first open the app. This is required to build the search index that makes the app useful.

• Photo image data — read locally to compute embeddings and OCR
• Photo metadata (date, location, favorites status) — used for date filtering and place grouping
• Asset identifiers — used to look up photos when displaying search results

Your control

• You can revoke Photos permission at any time in iOS Settings → Privacy & Security → Photos
• Pino works with both Full Library access and Limited Library access
• If you uninstall Pino, the entire on-device index is deleted with the app

Pino itself does not make any network requests. The only network activity related to your library is iCloud Photos download, which is handled by iOS — not by Pino — when iOS detects that an iCloud-only photo needs to be made available locally.

You can run Pino completely offline (Airplane Mode) once the index is built and the photos you want to search are available on-device.

If your library uses iCloud Photos with "Optimize iPhone Storage", many photos live on Apple's servers and are downloaded to your device on demand. When Pino encounters an iCloud-only photo during indexing, it asks iOS to download the original — this download is performed by iOS, not by Pino, and goes directly between your iPhone and Apple's servers.

Pino never sees your iCloud credentials and has no access to your iCloud account.