Privacy Claims vs Privacy Controls

Research

Privacy claims are sentences. Privacy controls are behaviours in code, infrastructure, logs, access, and deletion paths.

Date
July 3, 2026
Author
Unexposed

A glossy privacy promise card beside a real control panel of retention and access settings

A privacy claim is what the product says. A privacy control is what the system does when nobody is looking.

“We do not store your images” is a claim. Short-lived object storage, expiring signed URLs, disabled prompt logging, cache purge tests, restricted support access, and deletion jobs with monitoring are controls. One belongs in copy. The other belongs in architecture.

This distinction matters because AI products can sound private while behaving loosely. A homepage can say “secure and private” while the service keeps raw prompts in observability logs, stores generated outputs in a gallery, gives support broad access, and lets CDN links live longer than the user’s patience.

Controls are specific. Training exclusion is a control. Retention windows are controls. Access permissions are controls. Encryption is a control. Data residency may be a control. Manual review thresholds are controls. Deletion verification is a control. “We care about trust” is not a control, although it has been known to wear a blazer.

For AI image systems, the most important controls usually sit around data movement. Does the upload leave your infrastructure? Does it go to a third-party provider? Does the provider retain it? Does the output get hosted? Does the prompt enter logs? Does the customer need to opt out, or is privacy the default?

Good privacy copy maps directly to controls. If you claim no prompt history, there should be no prompt-history table, no prompt copies in analytics, and no prompt body in long-lived logs. If you claim temporary uploads, there should be a deletion window and a way to test it. If you claim no training, there should be provider terms and pipeline separation that support that claim.

This is also how buyers should review vendors. Do not stop at the privacy page. Ask for endpoint-level retention, application-state behaviour, abuse-monitoring retention, support access rules, deletion process, subprocessor list, and whether image endpoints differ from text endpoints.

The gap between claims and controls is where trust gets expensive. The best products make the gap boringly small.

Further reading: How to ship AI images without asking users to trust a black box, The privacy policy questions your AI image feature must survive, and Unexposed data storage.

Your prompt. Your model. Only your content.

Create private images with Credits, Access Tokens, and sealed requests. Encrypted in transit, run on ephemeral compute, deleted after delivery.