We are excited to share that we are set to begin a new chapter with Dropbox, Inc. Dropbox is acquiring our IP technology to embed natively into the Dropbox product, bringing end-to-end, zero-knowledge encryption to millions of business customers around the world. Check out our blog to find out more!

Smartphone with Chat icons in pool

What happens to photos that we upload to social media?

Social media has become essential for most private users but also for companies. They use it as an advertising platform, for corporate branding, or to represent one's own company. Personal photos of the family, vacation, and even parties are shared.

But where are these photos stored? If I delete a photo from my profile, is it also deleted from the servers of the social media platform? What data do the social networks store in general?

We look at Facebook, Instagram, Snapchat, and Twitter to give you an overview of what happens to your photos and what data the four platforms store about you in this article.


Mark Zuckerberg founded Facebook in 2004. Currently, it has almost 3 billion registered members. Since then, the social network has come under fire countless times for its data breaches: at one time, you could access 54 million unprotected data records on the web. Facebook loves data and makes millions with personalized advertising. That makes it even more important to check what data Facebook stores about us without users noticing.

First of all: As soon as you upload a picture to Facebook, you do not lose the rights to your photo, but you do grant the social network the right to use it. The terms of service state:

“Specifically, when you share, post, or upload content that is covered by intellectual property rights (like photos or videos) on or in connection with our Products, you grant us a non-exclusive, transferable, sub-licensable, and worldwide license to host, use, distribute, modify, run, copy, publicly perform or display, translate, and create derivative works of your content (consistent with your privacy and application settings).”

Thus, Facebook is allowed to use photos commercially as soon as you post them. Although the company pays attention to the respective privacy settings, Facebook still owns the information from that point on. Facebook remembers the metadata of the uploaded photos, such as the time and location of the picture or the device used.

Facebook also stores photos shared in a supposedly private chat and not publicly.

The photos, just like other data from us, are distributed on Facebook servers around the world. These pictures and data of individual persons are enriched to create a user-specific profile. According to Facebook, however, these profiles are not stored permanently but are only compiled as needed. Important to know: Because of the Patriot Act, U.S. authorities could demand the stored photos at any time. In such a case, the company must maintain silence, so that users would not even notice if someone viewed their data and photos.


In 2012, Facebook bought Instagram for almost 700 million dollars — the largest sum ever paid for a photo service. Since then, the photo network is part of Mark Zuckerberg’s company Meta. So, is caution called for here, too?

Just like its parent company, Instagram stores every photo, whether shared publicly or sent privately.

Note: Even photos that are only shared privately and delete themselves after being viewed once are analyzed and stored by Instagram.

Instagram stories that are only visible for 24 hours are also stored on Meta’s servers. The same applies to the metadata of the photos. Together with messages and comments, they add up to a data package.

Thus, there are not many differences to Facebook. Here, too, the data would be easy to view in the event of an attack, and US authorities would also have access to every private message sent at some point due to the Patriot Act. Instagram is also allowed to distribute and commercially use the photos according to the terms and conditions — and everyone who wants to use the network must agree to them.


Snapchat is also a photo service but works differently than Instagram. This is already noticeable in its target audience: Almost 70% of the social network's users are under 25. Nevertheless, the platform with almost 300 million daily active users should not be underestimated.

The data protection provisions are particularly interesting for parents. After all, Snapchat is a special case among social networks. Photos are not uploaded from the smartphone gallery but taken “fresh” in the app. After being sent, the recipient can only view them once and then they supposedly disappear again.

Due to this fast pace, many users lull themselves into a perceived sense of security, which tempts them to send photos that are not intended for a larger audience — if you know what I mean... However, it is not particularly complicated to bypass the protective mechanisms and take screenshots of these, supposedly only briefly visible pictures. Here lies great potential for abuse.

Since 2019, sent content is end-to-end encrypted. Important: After the recipient gets the photo and opens it, it doesn't just disappear but gets hidden. This works by changing the file name so that the smartphone gallery no longer recognizes it as a photo file — so it is still stored on the end device. With the necessary know-how, such files can be restored and are thus viewable even after the actual intended viewing time.

In the case of publicly posted images, Snapchat, just like Facebook or Instagram, has the right to sell and use them. Because of various accusations against the disregard for data protection, an independent expert was hired back in 2014 to audit the app for the next 20 years.

Make yourself and your children aware of the pitfalls of Snapchat. Even though Snapchat advertises that you can only see photos once, and then they “self-destruct”, that is not always the case.


Twitter stores relatively little data. The rights to uploaded images remain with the respective user. However, you grant Twitter a license that allows images and other content to be distributed, reproduced, and adapted.

Images sent in private channels, such as Direct Messages, are also stored by Twitter to scan for malicious content or banned images, according to its privacy policy. In addition to images, it also stores profile information, tweets marked with a heart, and the device used. Twitter uses this to compile an advertising profile. If you grant Twitter access to your phone number and address book, this information is also used to optimize the displayed content — as is the case with many other social networks.

What data is really necessary to log in to a social network?

There is not much you can do about the fact that social networks collect your data. However, you can ask yourself the question above. In general, you should always think carefully about where you register and whether it is really necessary. Also, not every social network requires you to give your real name — so if nicknames are allowed avoid giving your real name. In general, you can provide only the information that is necessary, because they are mandatory fields, but refuse all other information. You should definitely disable the synchronization of the address book.

Make your decisions responsibly and always consider whether you can live with your shared content in the long run.

You can also adjust your privacy settings on social media as much as possible, and GPS tracking can be disabled. In some networks, you can also influence the advertising settings.

If you keep these points in mind, data will be collected but kept to a minimum.

Condividi questo articolo

Articoli Correlati


Our New Chapter with Dropbox: What Boxcryptor Users Need to Know

Last week we already announced that we sold important technology assets to Dropbox. What our customers need to know now, we explain in detail here.


A letter from our Founders: We’re joining Dropbox!

Almost 12 years ago, we set out to make complex security solutions easy to use. Now we are excited to share that we are set to begin a new chapter with Dropbox, Inc.

Dummies Book Cover and Back

CLOSED We Celebrate Our Book Release: Your Chance to Win

We have published our first book to get even more people excited about the cloud and data security. Celebrating the official launch, you can win printes copies and Boxcryptor licenses in our raffle. Read about the details in our blog post.