How to evaluate private AI image tools

Privacy

A practical checklist for judging whether an image generation product is actually private enough for serious work.

Date
May 9, 2026
Author
Unexposed

A private AI image tool evaluation card with technical review marks

Privacy claims are easy to write. They are harder to evaluate.

When choosing an AI image tool for serious work, the best questions are concrete. You want to understand what happens to prompts, source images, outputs, logs, and keys.

Ask where generation runs

Does the product run its own generation stack, or does it proxy requests to a third-party image provider? If it uses another provider, which one, and what data is sent there?

This is the first question because it defines the rest of the trust model.

Ask what is retained

The product should be able to explain what it stores after a generation completes. Prompts, uploads, generated images, request metadata, and logs should be discussed separately.

Be careful with vague answers like “we only store data to improve the service.” That can mean many things.

Ask who can see content

Internal access matters. Support teams, engineers, contractors, and admin users should not have broad access to customer prompts by default.

The product should be able to explain when a person can see user content and how that access is controlled.

Ask how deletion works

If generated outputs are stored, deletion should be understandable. If temporary inputs are used, their lifetime should be short and explicit.

Deletion is not a decorative feature. It is part of the privacy model.

Ask for plain language

A good answer should be easy to repeat to your own team. If the explanation depends on too many exceptions, the product may be carrying more risk than the sales page suggests.

Your prompt. Your model. Only your content.

Create private images with Credits, Access Tokens, and sealed requests. Encrypted in transit, run on ephemeral compute, deleted after delivery.