Where do your clients' photos actually go? On-device vs cloud AI editing for photographers
Every AI culling and editing tool runs its models somewhere — on your Mac or on a server. What each major tool sends off your machine (per their own documentation), which shoots make it non-negotiable, and what to put in your client contract.
Every AI culling and editing tool has to run its models somewhere: on your computer, or on a server. Both are legitimate designs, and every vendor in this article documents theirs openly. But the two architectures give different answers to a question your clients care about — who else handles my photos? — and most photographers have never read the page where their tool answers it.
This isn’t a “cloud is unsafe” piece. Reputable cloud vendors encrypt transfers, publish retention windows, and some have genuinely good deletion practices. The point is simpler: your client agreed to work with you. Whether anyone else’s infrastructure touches their images is something you should know — and, for some shoots, something they should know too.
Why does it matter where the AI runs?
Because the moment an image leaves your machine, three new questions exist that didn’t before: who stores it, for how long, and under what agreement. With on-device processing those questions never arise — the photos stay on your Mac and the AI comes to them. With cloud processing the answers live in the vendor’s privacy policy and support docs, and they vary more than you’d expect.
Cloud designs have real advantages, and it’s worth saying so plainly: the heavy compute happens on someone else’s hardware instead of taxing your laptop, and per-customer model training is easier to run at scale. The trade is that a copy of your work — full-resolution or reduced — travels to and sits on infrastructure you don’t control.
What each tool sends, according to its own documentation
Here is what the major tools say about themselves, as of July 2026. Policies change; the source links are the authority, not this table.
| Tool | Where the AI runs | What leaves your machine | Retention, per their docs |
|---|---|---|---|
| Imagen | Cloud (AWS) | Your photos are uploaded for processing | Originals deleted within 7 days; low-resolution previews retained to tune your personal profile |
| FilterPixel | Cloud-assisted (AWS / Google Cloud) | Low-resolution derivatives of your photos — not the original full-resolution files | See their privacy policy; data may be processed outside your jurisdiction |
| Aftershoot | On your machine | Nothing for culling or editing; small-resolution copies upload when AI learning is enabled (opt-out at import) | Learning copies stored encrypted until you request deletion; requests processed within 14 days |
| LightVision | On your Mac | Nothing — culling, editing, style learning, generative fill and extend, and face AI all run on-device | Nothing to retain; there is no server-side copy |
A little more detail on each, with credit where it’s due:
Imagen is upfront that it is a cloud service: processing happens on AWS, and per their support documentation original files are permanently deleted within 7 days of upload, while low-resolution previews are kept to improve your own editing profile — not to train general models. A hard deletion window and a no-general-training commitment are genuinely good practice for a cloud design.
FilterPixel is cloud-assisted. Their privacy policy states that it processes “lightweight, low-resolution derivatives of your photos (not original full-resolution files)” and uses AWS and Google Cloud for processing and storage. Not sending originals is a meaningful mitigation. The policy references EU legal bases but also allows transfers outside your jurisdiction — worth reading if you’re a UK/EU shooter.
Aftershoot runs culling and editing locally, which deserves clear credit — for day-to-day processing, your images stay put. The nuance, documented on their transparency page, is that when AI learning is enabled, small-resolution copies of your images are uploaded to their encrypted servers to retrain your personal profile. There’s a toggle at album import to switch this off, per album, and the product still works fully.
LightVision keeps everything on-device — including the parts that are usually the exception. Culling, the seven-dimension grading, style learning, semantic search, generative fill and extend, and face AI all run locally on your Mac (16GB machines included). There is no upload step to opt out of, because there is no upload step.
Two more worth knowing: Adobe’s new Assisted Culling in Lightroom Classic also analyses photos locally on your machine — we’ve written an honest look at it separately — and if you use any tool’s optional cloud backup or gallery features, those are separate, deliberate uploads with their own terms.
Which shoots make this non-negotiable?
For a lot of work, a documented cloud pipeline is a perfectly reasonable choice. But some shoots change the calculus, because the client’s expectation of privacy is the product:
- Boudoir. Clients trust you with images they may not want to exist anywhere but your drive and their gallery. “A low-resolution copy went to a server for a week” is a conversation you don’t want to improvise after the fact.
- Newborn and family. Parents are increasingly careful about where photos of their children live. Many will ask; some will put it in writing.
- NDA and corporate work. Product launches, unreleased hardware, internal events. An NDA that forbids sharing materials with third parties can plausibly cover third-party processing infrastructure — that’s a question for the client’s legal team before you import, not after.
- High-profile and celebrity weddings. Security riders sometimes specify how images are stored and who may access them. “Nothing leaves my machine until you approve the gallery” is the simplest possible answer.
In all four cases, on-device processing doesn’t just reduce risk — it shortens the conversation. There is nothing to disclose, because nothing happens.
What should your contract say about AI processing?
Most photography contracts were written before AI tooling existed and say nothing about it. That gap cuts both ways: clients can’t consent to what isn’t mentioned, and you can’t point to a clause if a question comes up later. General guidance — this is not legal advice, and a solicitor or lawyer should review your actual contract:
- Say that you use software tools, including AI-assisted ones, for selection and editing. This is normal and nothing to hide.
- State whether images leave your systems. If your tools are fully on-device, say so — it’s a selling point. If a cloud service is involved, name the category (“third-party image-processing services”) and point to your privacy notice for specifics.
- Cover retention. How long you keep originals, and — if a cloud tool is in the chain — that the vendor’s documented retention window applies to its copies.
- Offer a sensitive-shoot carve-out. A line saying that for designated shoots, processing happens only on equipment you control. If your workflow is already fully local, this clause costs you nothing.
- For NDA work, invert the default: ask the client whether third-party processing is acceptable, and get the answer in writing.
A photographer whose entire pipeline is on-device can honestly write: “All image selection and editing is performed on the photographer’s own equipment; your images are not transmitted to third-party processing services.” If that sentence isn’t true of your current stack, that’s worth knowing today.
What does GDPR mean for UK and EU photographers using AI tools?
Under UK and EU GDPR, photos of identifiable people are personal data, and for client work you are typically the data controller. Again, general guidance rather than legal advice — but the shape of the obligation is clear:
- A cloud AI vendor is a data processor acting on your behalf. That normally means you need a processor agreement (a DPA) with them, and your privacy notice should reflect that processing happens.
- Transfers outside the UK/EU need a lawful mechanism — adequacy, standard contractual clauses, or similar. If your vendor processes on US-region servers, that’s your transfer to account for, not just theirs.
- On-device processing adds no new processor for this step. Your existing GDPR duties as a photographer — lawful basis, retention, subject access — don’t disappear, but the AI step introduces no new party, no DPA, and no transfer.
If you’re cloud-based and unsure, the fix is administrative, not technical: ask the vendor for their DPA and transfer documentation. If they’re professional, they’ll have it ready.
What about working offline?
Where the AI runs also decides when it runs. Cloud tools need a connection and an upload before results come back; on-device tools need neither. In practice that means:
- Venues without usable wifi — barns, marquees, remote estates, most of the places weddings actually happen. Cull on-site during the reception lull instead of after you get home.
- Flights and trains. A destination-wedding photographer can land with the cull done — the flight home is long enough.
- Same-day previews. A sneak-peek selection graded and picked before you leave the venue, with no dependency on venue bandwidth.
- No upload tax. A full wedding is thousands of RAW files. However fast a cloud service processes, the round trip starts with getting derivatives up and results back. On-device, the first results appear as soon as import starts.
Frequently asked questions
Is cloud AI processing unsafe for client photos?
No — “unsafe” is the wrong frame. Reputable vendors encrypt transfers, document retention, and some (Imagen’s 7-day deletion, FilterPixel’s originals-stay-home design) have thoughtful mitigations. The real issues are disclosure and consent: whether your client knows a third party handles their images, and whether your contract covers it.
Does Aftershoot upload my photos?
Per their transparency page: culling and editing run locally, so no — with one exception. When AI learning is enabled, small-resolution copies upload to their servers to retrain your personal profile. You can turn this off per album at import.
Do I need client consent to use AI culling?
If processing is fully on-device, you’re using software on your own computer — no new party is involved. If a cloud service processes the images, UK/EU photographers in particular should disclose it in their privacy notice and have a DPA with the vendor. Either way, a sentence in your contract is cheap insurance. (Not legal advice — check with a professional for your jurisdiction.)
Can I cull and edit a full wedding with no internet at all?
Yes, with a fully on-device tool. LightVision runs culling, grading, editing, generative fill and extend, and face AI locally on a 16GB Mac, so the entire cull-to-edit pass works in aeroplane mode. Cloud-first tools need a connection for the processing round trip.
Where a tool runs is one of the five things worth checking before you commit — the others are covered in AI photo culling, explained. And if you’re weighing specific tools, our comparison pages for Aftershoot and Narrative Select cover the rest of the picture.