Generating an Image Is Not Keeping One
Privacy
Transient processing and durable retention are different product choices. Keeping uploads or outputs creates obligations that pure generation may avoid.
- Date
- July 3, 2026
- Author
- Unexposed

Generating an image and keeping an image are not the same product.
They may look similar to a user because both start with upload and end with output. But the legal and privacy posture changes when the service retains source images, generated outputs, prompts, thumbnails, or histories after the immediate task is done.
Transient processing still needs a lawful basis and security. Temporary does not mean exempt. The model has to process content, and that processing can involve personal data. But durable retention adds more questions: why keep it, for how long, who can access it, how can it be deleted, can the user export it, and what happens if the account closes?
A hosted gallery is the obvious example. It may be genuinely useful, but it changes the promise. The service is no longer only an execution path. It is an archive. That means retention policy, access controls, deletion behavior, support visibility, and breach impact all matter more.
Prompts are another example. A product may generate an output and discard the prompt. Or it may keep prompt history for convenience. The second design can support regeneration, but it also stores user intent. If the prompt includes personal data, confidential strategy, or source-image context, that history becomes sensitive product data.
The same distinction applies to uploads. A source image held only during a short-lived generation session has a different risk profile from one stored for future edits. Both can be legitimate. Only one can honestly claim not to keep source images.
The product copy should respect the difference. “We generate images privately” is not the same as “we host your generated image library.” “Temporary upload” is not the same as “saved project asset.” These are different contracts with the user.
If you want lower privacy exposure, keep less. This is not a loophole. It is data minimisation with a normal shirt on.
Further reading: EDPB Opinion 28/2024, Why “delete my uploads” needs to be verifiable, and Unexposed data storage.