Delete duplicate photos without uploading them

Why upload-based cleaners are risky

Even reputable services increase attack surface. Local-first tools let you verify behavior with your own Network tab.

• Entire albums copied to third-party infrastructure
• Slow uploads on home broadband or mobile hotspot
• Unclear retention after “free” scans
• Harder to audit what left your machine

What DupShelf does instead

DupShelf uses browser file APIs to read only the directory you select. Hashing and grouping happen in memory on your device. We do not operate a “upload your library” step. Optional move-to-folder writes duplicates into a subfolder you can inspect before permanent delete.

You stay in control of deletion

The app does not include a “delete all duplicates” nuclear button. Move non-keepers to dupshelf-duplicate-images, open that folder, confirm visually, then delete. CSV export supports users who want to delete via scripts they trust.

Verify privacy yourself (5 minutes)

Open DevTools → Network, start a scan on a test folder, filter by your domain. You should see static assets, not outbound image payloads. Disconnect from the internet after first load; scanning should still work for local files.

Who benefits most

Families with children’s photos, medical imaging folders, legal documents saved as JPG, journalists with source material, and anyone in regulated or cautious environments. Also practical for large libraries where upload time alone would take days.

Pair with good backup habits

Before bulk delete on an irreplaceable archive, keep a second copy on another drive. DupShelf moves files; it does not replace backups. Dedup before backup also shrinks the next snapshot.

Journalists and researchers

Source photos and document scans saved as JPG should stay on device during review. Local exact dedup helps when the same leak or exhibit was saved multiple times from email without sending a sensitive folder to a cloud vendor.

GDPR and right-to-erasure context

Local processing means you are not creating a second copy on a vendor by scanning. Your erasure obligations still apply to backups you control—dedup reduces how many duplicate copies exist in those backups after cleanup.

Schools, clinics, and shared PCs

On shared machines, scan only folders you own. Log out of shared accounts after cleanup. Because nothing uploads, you reduce the risk of leaving copies on a vendor server—but local folder permissions still matter.

Regulated or sensitive content

For HIPAA-like or legal sensitivity, combine local scan with organizational policy. DupShelf is a tool, not a compliance certification. Document your workflow: scan, move, review, delete in file manager.

Summary and next steps

Choosing not to upload is only step one; operational privacy is step two. Scan a test folder with ten images while watching the Network panel so you know what normal looks like. Then scan your real library. Move duplicates before delete, and keep a cold backup until you are confident. On shared networks, avoid scanning employer-owned paths unless policy allows. For creators, local dedup means RAW selects and unreleased work never touch a vendor pipeline. For parents, school and medical photos stay in the house. Document your workflow for future you: which folder was scanned, date, and whether quarantine was deleted. That log costs five minutes and saves hours if someone asks where a file went. DupShelf does not replace legal advice or compliance programs—it gives you a local tool that respects the principle that your bytes should stay yours. When privacy policy matters, local hash beats marketing promises. Run one audited scan, export CSV if needed, and build trust in the process before touching family archives.