Model Training vs Uploaded Images
Research
Uploaded images, inference, logging, application state, fine-tuning, and model training are different. Privacy reviews get messy when teams blur them.
- Date
- July 3, 2026
- Author
- Unexposed

Developers often say “we are not training on it” as if that answers the whole privacy question.
It answers one important question. It does not answer all of them.
An uploaded image can be used for inference without being used for training. Inference means the model processes the image to return an output. Training means the image changes model weights. Fine-tuning means a narrower training process adapts a model using a dataset. Logging means the service records content or metadata. Application state means the service stores data so a feature can function. These are different things. They deserve different sentences.
The confusion matters because a product can make a true claim and still leave users exposed. “We do not train on uploads” can be true while prompts sit in logs for 30 days, outputs live in a hosted gallery, files remain in stateful tools until deleted, or source images are accessible to support staff.
Provider documentation often reflects these distinctions. OpenAI’s API data controls separate training use, abuse monitoring, application state, endpoint eligibility, and image/file input handling. Microsoft’s Foundry data privacy documentation separates inferencing, stored features, fine-tuning data, abuse monitoring, and geography. The tables are boring because the distinctions matter.
Developers should map the full path. User uploads image. Product sends it to provider. Provider processes it. Output returns. Product stores or does not store output. Logs capture or do not capture prompt and content. Safety systems inspect or do not inspect. Files expire or do not expire. User deletes or does not delete. Every verb is a privacy decision.
This is especially important for image features because users may assume “not training” means “not kept.” Those are not equivalent. A non-training retention path can still create exposure through breach, support access, legal discovery, public links, or internal misuse.
The right developer habit is to avoid umbrella words. Say “not used for model training.” Say “not stored as application state.” Say “abuse-monitoring logs retain customer content for X unless ZDR is enabled.” Say “uploaded images are deleted after generation.” Say “outputs are hosted only when the user saves them.”
Privacy gets much less mystical when the pipeline has names. The user does not need every implementation detail, but the team does. Otherwise “we do not train on it” becomes a tiny true island in a much larger sea of unanswered questions.
Further reading: OpenAI API data controls, Microsoft Foundry data privacy, and Why “We Don’t Train on Your Data” is not enough.