Privacy

P1 processing is local-only. The tool does not upload photos, videos, filenames, folder paths, GPS coordinates, descriptions, timestamps, file hashes, or raw JSON content.

The default report is sanitized and uses counts, buckets, warning categories, and field-presence summaries instead of raw personal archive details.

If sample feedback is requested later, only anonymized structure should be shared. Replace real filenames, people, places, albums, and dates before sending a manifest, and never send photos, videos, full archives, raw JSON, GPS, descriptions, timestamps, file hashes, or account details.

Implementation-level privacy smoke tests check that sensitive sample tokens do not appear in network requests, analytics, copied reports, URLs, or browser storage.