Your media stays yours.
Privacy is not a feature toggle — it is the default architecture. Desktop processing never uploads your footage. Cloud processing deletes it when the job is done.
Privacy architecture
Desktop: zero upload
All processing runs on your local GPU. No frames, no video, no metadata leave your machine.
Cloud: job-scoped only
Pro tier uploads are scoped to the processing job. Files are uploaded, processed, and the output is returned.
Deleted after processing
Cloud uploads are deleted when the job completes. No persistent storage of your media on anelo infrastructure.
No media access
anelo does not view, analyze, or use your content for any purpose beyond the processing you requested.
Metadata privacy scanning
Built-in detection and optional redaction of sensitive metadata before your files enter the pipeline or leave your machine.
GPS coordinates
Latitude/longitude embedded in EXIF and XMP metadata
Device identifiers
Camera serial numbers, model names, and software versions
Timestamps
Creation date, modification date, and timezone data
Data handling
Infrastructure security
HTTPS/TLS
All traffic encrypted in transit. HSTS enforced with 1-year max-age.
Content Security Policy
Strict CSP headers prevent XSS and data exfiltration.
Supabase (SOC2)
Authentication and database on SOC2-compliant infrastructure.
Vercel (SOC2)
Web application hosted on SOC2-compliant edge infrastructure.
Encrypted at rest
All cloud data encrypted at rest using AES-256.
Permissions policy
Camera, microphone, geolocation, and payment APIs disabled by default.
Compliance roadmap
Sustained audit demonstrating controls operate effectively over time.
Security questions or vulnerability reports?
Contact the team