the permissions here are unusually large, so the architecture is unusually plain
This page asks for something serious: access to a folder of your photographs, with permission to delete from it. That's more trust than most tools ask for, so it's worth being exact about what happens to it. Your browser reads the folder. Web workers running on your own processor decode each photo, compute two perceptual fingerprints, and discard the pixels. Thumbnails for the review wall are made locally and live in tab memory. The site is a folder of static files on a CDN — no server-side application exists, so there is no endpoint any of this could be sent to, by intent or by accident.
The proof that matters here: load the page, disconnect the internet entirely, then scan your library. Everything works — the reading, the hashing, the review, the deleting. A tool with an upload path cannot do that. Run this test before granting folder access to any web page, including this one.
The deletion power, and its limits: the browser's file-system permission is granted by you, per session, to a folder you chose, and it expires when the tab closes. Nothing is deleted without your ticks and an explicit confirmation naming the file count and size. The page can only touch the folder you handed it — not your documents, not your other drives.
Kept: nothing. No storage, no history, no library index. Close the tab and the whole session evaporates; scanning again is quick.
Counted: no analytics, no advertising, no cookies from this site. A single typeface is fetched once from Google Fonts, then cached. Hosting reports nothing beyond raw page views. What's in your photos — and how many copies of it there were — is knowledge this operation cannot have.
questions → the loupe · reviewed 12 jul 2026