Privacy Policy

Noodle Gallery is self-hosted software. Your photos, videos, and personal data stay on your own server — we never have access to them.

Last updated: April 20, 2026

Your data stays yours

Noodle Gallery runs entirely on infrastructure you control. All photos, videos, metadata, face recognition data, and user accounts are stored on your server. We — the developers of Noodle Gallery — have no access to your instance, your data, or your users' data.

Mobile apps

The Noodle Gallery mobile apps (Android and iOS) connect directly to your self-hosted server. The apps do not contain analytics, tracking, crash reporting, or any code that sends data to us or third parties. All communication happens exclusively between the app and your server.

Location permissions (mobile)

The Android and iOS apps request location permissions for three on-device purposes. Location data is never transmitted to Noodle Gallery developers or any third party — it is only sent to your own self-hosted server, and only in the ways described below.

Photo and video EXIF location (ACCESS_MEDIA_LOCATION on Android, photo library access on iOS): when you upload or back up a photo or video, the app reads the location that your camera embedded in the file's EXIF metadata and sends it to your server alongside the file. No separate location lookup is performed. This is the same GPS data your camera already recorded.
"Zoom to my location" on the map (ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION on Android, NSLocationWhenInUseUsageDescription on iOS): a one-time foreground location request when you tap the "locate me" control on the map screen, used only to center the map view. Your device's coordinates are not stored or transmitted.
Wi-Fi-based backup rules (ACCESS_BACKGROUND_LOCATION on Android): on Android 10 and later, reading the current Wi-Fi network name (SSID) requires location permission. The app uses this to implement user-configured backup rules such as "only back up on my home Wi-Fi." The SSID is stored on-device only and is never sent to your server or to us. No GPS coordinates are collected by this permission, and no location is tracked in the background.

You can deny or revoke any of these permissions at any time from your device settings. The affected feature (map centering, photo geolocation, or Wi-Fi-restricted backup) will simply be unavailable.

This website

The marketing website at opennoodle.de uses Umami, a privacy-focused, open-source analytics tool. Umami does not use cookies, does not track users across sites, and does not collect personal information. It records anonymous, aggregate page view statistics only.

Demo instance

The public demo at demo.opennoodle.de also uses Umami for anonymous page view analytics. The demo is read-only — uploads and account creation are disabled, so no personal data can be submitted.

Contact

If you have questions about this policy, reach us on Discord or open an issue on GitHub.