Privacy Best Practices

Maximize privacy while using Rando effectively.

Understanding Rando's Privacy Model

Rando is built with privacy as a core principle.

Local-Only Architecture

No cloud servers, no data uploads:

100% Local Processing: All operations happen on your device
No Remote Servers: Rando doesn't connect to any servers
No Photo Uploads: Your photos never leave your computer
No Account Required: Use Rando without creating accounts or logging in
Offline Capable: Works completely offline after installation

What this means for you:

Your photos remain entirely private
No risk of data breaches or server hacks
No dependency on internet connectivity
Complete control over your data

Data Collection Philosophy

Privacy by default:

Analytics: Disabled by default, requires explicit opt-in
No Personal Information: Never collects names, emails, or identifying data
No Photo Data: File names, paths, and content never transmitted
Local Storage Only: All settings stored on your device
No Tracking: No behavioral tracking across websites or apps

Contrast with typical apps:

Feature	Rando	Typical Photo Apps
Account Required	No	Yes
Cloud Upload	Never	Usually required
Analytics Default	Opt-in	Opt-out (or forced)
Photo Access	Local only	Cloud storage
Metadata Collection	None	Extensive

Platform-Specific Privacy

macOS:

Sandboxed: Restricted file system access
Security-Scoped Bookmarks: Only accesses folders you explicitly grant
No Keychain Access: (Except for legacy Pro status storage)
Privacy Preferences: Respects macOS privacy settings

Windows:

Isolated Settings: Per-user configuration in AppData
No Registry Pollution: Minimal system footprint
Standard Permissions: Uses normal Windows file access
Local Storage: Settings never sync to cloud

Folder Selection Strategy

Organizing for privacy.

Separation of Concerns

Keep sensitive content separate:

Work Photos:

Location: ~/Documents/Work/Photos/
Contents: Client work, professional projects
Access: Professional use only

Personal Photos:

Location: ~/Pictures/Personal/
Contents: Family, friends, private moments
Access: Personal use only

Public/Portfolio:

Location: ~/Pictures/Portfolio/
Contents: Shareable work, public-facing content
Access: Can be shared safely

Benefit: Never accidentally show sensitive content during professional presentations

Folder Hierarchy for Privacy

Recommended structure:

Pictures/
├── Public/             # Safe to share or display
│   ├── Portfolio/
│   ├── Social Media/
│   └── Prints/
├── Private/            # Sensitive or personal
│   ├── Family/
│   ├── Documents/
│   └── Medical/
└── Work/               # Professional content
    ├── Client A/
    ├── Client B/
    └── Drafts/

Rando usage:

Select Public/ for general browsing
Select Work/Client A/ for specific presentations
Never select Private/ for public displays

External Drive Privacy

Using external storage for sensitive content:

Advantages:

Physical Control: Disconnect drive when not needed
Encryption: Use encrypted external drives
Portability: Move sensitive data easily
Separation: Complete isolation from main system

Best practices:

Encrypt the drive: Use BitLocker (Windows) or FileVault (macOS)
Eject properly: Always safely eject before disconnecting
Secure storage: Lock away when not in use
Backup encrypted: Maintain encrypted backups

Network Storage Considerations

Privacy implications of NAS/network drives:

Risks:

Network traffic potentially visible to others on same network
Shared drives may be accessible by multiple users
Cloud-synced NAS may upload thumbnails

Mitigation:

Use VPN: Encrypt network traffic
Check permissions: Verify who has access to shared folders
Disable cloud sync: For sensitive folders on NAS
Use wired connection: More secure than WiFi

Analytics Settings

Understanding what's collected and how to control it.

What Analytics Tracks (When Opted In)

Feature usage:

Which buttons clicked
Which features used
How long app is open
Navigation patterns

Performance metrics:

Folder scan times
Thumbnail generation speed
App startup time
Memory usage

Error tracking:

Crash reports
Error messages
Stack traces (no personal data)

Device information:

OS version (macOS 12/13/14 or Windows 10/11)
Screen resolution
Device type (general category)

What Analytics NEVER Tracks

Absolutely never collected:

❌ Photo filenames or paths
❌ Photo content or thumbnails
❌ Folder names or locations
❌ Tag names or tag associations
❌ IP addresses (anonymized)
❌ Personal information
❌ Browsing history outside Rando
❌ Location data

How to Control Analytics

macOS:

On first launch:
- Welcome screen offers opt-in
- Default: Disabled
- Choice remembered
Change anytime:
- Preferences → General
- Uncheck "Send anonymous usage data"
- Takes effect immediately

Windows:

On first launch:
- Welcome screen offers opt-in
- Default: Disabled
- Choice remembered
Change anytime:
- Preferences → General → Privacy & Analytics
- Uncheck analytics checkbox
- Takes effect immediately

Windows DEBUG builds:

Access Analytics Debug window
View what's being logged locally
See exact data points before transmission

Why Opt In?

Benefits of enabling analytics:

Better Product: Helps prioritize features users actually use
Bug Fixes: Crash reports identify issues to fix
Performance: Metrics guide performance optimization
Anonymous: Your identity remains completely private

When to opt out:

Corporate/work device with strict policies
Personal preference for zero data collection
Using for sensitive content
Any reason - no judgment, no nag screens

Best Practices

Practical privacy tips for daily use.

Slideshow Display Privacy

When presenting to others:

Pre-curate selection:
- Review thumbnail grid first
- Remove any sensitive images
- Use tag filtering for safety
Use dedicated folders:
- Create "Presentation" or "Public" folders
- Only add pre-approved photos
- Never use "Pictures" root for presentations
Test first:
- Start slideshow privately
- Watch first 10-20 images
- Verify no surprises
Tag-based curation:
- Tag all presentation-safe photos
- Filter by that tag
- Run slideshow from filtered view

Tag Privacy Considerations

Tags contain file paths:

What this means:

Tag export files include full file paths
Paths may reveal folder organization
Paths may include usernames or personal folder names

Best practices:

Don't share tag exports unless you trust recipient
Review export files before sharing
Use generic folder names if sharing tags
Clear paths when importing others' tags

Folder Permission Best Practices

Minimize permission grants:

macOS:

Only grant access to folders you'll actually use
Don't grant access to entire Home folder
Use specific subfolders instead
Revoke access if no longer needed

Windows:

Check folder permissions before scanning
Don't run as Administrator unless troubleshooting
Use Read-only access when possible

Screenshot and Screen Recording

Remember Rando is visible:

Screen sharing: Close Rando or switch to empty folder
Screenshots: Check what's visible in Rando windows
Recording: Rando windows may appear in recordings
Demo mode: Use empty folder for screen captures

Backup Privacy

When backing up your system:

Settings and tags:

Tags stored in preferences (include file paths)
Settings files include folder paths
Consider encrypting backups

Photo files:

Original photos unchanged by Rando
Backup photos separately
Encrypt backup drives for sensitive content

Cache files:

Thumbnail cache contains downsized copies
Stored in:
- macOS: ~/Library/Caches/com.ijoseph.rando/
- Windows: %LOCALAPPDATA%\Rando\ThumbnailCache\
Can be cleared anytime (regenerates automatically)

Multi-User System Privacy

If sharing computer with others:

macOS:

Each user has separate Rando settings
Tags don't cross user accounts
Preferences isolated per user
Other users can't see your tags

Windows:

Settings in per-user AppData folder
Tags separate per Windows user account
Other users can't access your configuration

Best practice: Use separate macOS/Windows user accounts for privacy

Uninstalling Cleanly

Removing all traces:

Before uninstalling:

Export tags (if you want to keep them)
Note your preferred settings
Clear thumbnail cache if desired

macOS cleanup:

Delete app from Applications
Delete: ~/Library/Preferences/com.ijoseph.rando.plist
Delete: ~/Library/Caches/com.ijoseph.rando/
Delete: ~/Library/Application Support/Rando/ (if exists)

Windows cleanup:

Uninstall via Control Panel
Delete: %APPDATA%\Rando\
Delete: %LOCALAPPDATA%\Rando\

Result: No traces of Rando or your usage remain

Privacy Checklist

Quick reference for maximum privacy:

[ ] Analytics disabled (Preferences → General)
[ ] Separate folders for public/private content
[ ] Sensitive photos on encrypted external drive
[ ] Pre-curate before presentations
[ ] Don't share tag export files
[ ] Use specific folder grants, not Home folder
[ ] Close Rando during screen sharing
[ ] Enable disk encryption (FileVault/BitLocker)
[ ] Use separate user accounts on shared computers
[ ] Clear thumbnail cache before selling/donating computer

Privacy FAQs

Q: Can Rando access my webcam or microphone? A: No. Rando doesn't request or use webcam/microphone permissions.

Q: Does Rando send data to developers? A: Only if you explicitly enable analytics. Default is disabled.

Q: Are my photos uploaded anywhere? A: Never. All processing is 100% local.

Q: Can other apps see my Rando data? A: No (macOS sandbox prevents it). Yes on Windows (standard file permissions apply).

Q: What about StoreKit/Microsoft Store? A: Purchase info stays between you and Apple/Microsoft. Rando only knows if you have Pro.

Q: Can family members see my tags? A: No. Tags are per-user account on the computer.

Q: Is Rando safe for private photos? A: Yes, with proper folder organization and pre-curation before presentations.

Next Steps

Review Organizing Photos for folder structure tips
Learn Workflow Optimization for tag-based curation
Check Platform Guides for OS-specific privacy settings
Read Preferences to disable analytics