Legal
Privacy Policy
Last updated: June 1, 2025 · Effective immediately
The short version:
- We never download, store, or view your photos
- Photos stream directly from Google to your device — we never touch them
- We store only your Google account email, name, and OAuth tokens
- We don't sell, share, or monetize your data in any way
- You can delete your account and all data at any time
1. Who We Are
DaroFrame ("we", "us", "our") is a free personal project operated by Daron Gma, located at daroframe.ikarauok.com. DaroFrame allows you to display your Google Photos library as a digital photo frame slideshow on any browser-enabled device.
2. What Information We Collect
When you sign in with Google, we collect and store:
- Google account email address — to identify your account
- Display name and profile picture URL — shown in your dashboard
- Google OAuth access token and refresh token — to fetch your photos on your behalf
- Photo metadata only — file names, dimensions, capture dates, camera model, and GPS coordinates if present. We cache this in our database to avoid re-fetching it on every page load. We do not cache or store the actual photo or video files.
- Your slideshow preferences — duration, shuffle, fit mode, selected albums, and weather location
- Frame token(s) — cryptographically random URLs that identify your frame device
We do not collect passwords, payment information, or any data beyond what is listed above.
3. How We Use Your Information
We use the information collected solely to provide the DaroFrame service:
- To authenticate you and maintain your session
- To fetch your Google Photos library and return playable URLs to your frame device
- To remember your slideshow settings and album selections
- To generate and manage your private frame URL(s)
We do not use your data for advertising, analytics, profiling, or any commercial purpose.
4. How Your Photos Are Accessed
This is the most important section to understand:
- When your frame displays a photo or video, it streams directly from Google's servers to your device. The image bytes never pass through our servers.
- We request a list of your media items and their temporary URLs from the Google Photos API. These URLs expire after approximately 60 minutes.
- We cache metadata only (file name, date, dimensions, camera info) in our database to improve performance. This cache is refreshed every 6 hours.
- We request only the
photoslibrary.readonly scope, meaning we can only read your library — we cannot upload, edit, or delete your photos.
5. Data Sharing
We do not sell, rent, trade, or share your personal data with any third party, except:
- Google LLC — we communicate with Google's APIs to authenticate you and fetch your photos. Google's privacy policy applies to that interaction: policies.google.com/privacy
- Open-Meteo — if you configure weather, your latitude/longitude is sent to the Open-Meteo API for weather data. No personal identity is shared. Open-Meteo is a free, open-source weather service.
- Nominatim / OpenStreetMap — if your photos have GPS data, approximate coordinates may be sent to reverse-geocode a city name for display. No identity is shared.
6. Data Retention
- Your account data is retained as long as your account exists
- Media metadata cache is automatically refreshed every 6 hours
- You can delete your account at any time from your dashboard, which permanently removes all your data from our database
- Revoking DaroFrame's access in your Google Account permissions will prevent us from fetching new data, but does not delete data already in our database — use the dashboard delete option for that
7. Security
- All connections are encrypted via HTTPS/TLS
- Frame URLs are 64-character cryptographically random tokens — impossible to guess
- OAuth tokens are stored in a private database, not exposed to the browser
- Sessions use HttpOnly, Secure, SameSite cookies
While we take reasonable precautions, no system is perfectly secure. We recommend revoking access via your Google account if you no longer use DaroFrame.
8. Your Rights
You have the right to:
- Access — request a copy of data we hold about you
- Delete — delete your account and all associated data from your dashboard
- Revoke — revoke Google Photos access at myaccount.google.com/permissions
- Correct — contact us to correct any inaccurate data
9. Children's Privacy
DaroFrame is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of DaroFrame after changes constitutes acceptance of the updated policy.