Private by default is a product decision
Product
Privacy is strongest when it shapes defaults, support flows, telemetry, and documentation instead of living only in policy text.
- Date
- June 6, 2026
- Author
- Unexposed

Privacy does not become real because a product has a policy page. It becomes real when the product’s defaults make the private path the normal path.
That is especially true for image generation, where users often upload or describe material they would never publish.
Defaults teach users what is safe
If a product saves every image to a public gallery by default, users learn that generated work is social content. If a product routes every prompt through a third-party provider by default, users learn that convenience comes before control.
The opposite is also true. A private default tells the user their work is theirs unless they choose otherwise.
Internal tools matter
The product surface is only one part of privacy. Admin tools, support workflows, logs, analytics, and billing systems also shape what can be seen.
If an internal dashboard casually exposes prompts to every support user, the customer-facing copy does not matter much. The internal product needs the same discipline as the external one.
Make sharing intentional
Teams still need to collaborate. Users may want to share outputs, send prompts to support, or publish examples.
Those actions should be explicit. The product should make sharing easy when the user chooses it, without turning private work into shared work by accident.
Private can still be usable
The lazy argument is that privacy makes products clumsy. In reality, good privacy removes surprise.
Users should be able to generate images quickly, inspect results, download assets, and move on. The system can do all of that without keeping a long memory of their creative work.