When was your product first developed?
How many years has the product been sold to companies?
Our software is Open Source, has been available for years, and as such is used by a significant number of companies, some of which have a paid PhotoPrism+ Membership or individual support contracts with us. Sales of commercial licenses, standardized support agreements and professional services will begin in 2022, after we have made sure that nothing is missing and we have had time to tweak everything we think is important. This includes preparing all the documents needed to meet the compliance requirements of larger companies.
What is the difference between your public and commercial license?
A key difference between the open source and commercial license is that you get access to additional support and configuration options, as well as the right to customize functionality to your needs without having to publicly disclose your changes. We are also working to optimize the default configuration, feature set, and scalability of the Pro Edition to meet the needs of professional users and enterprises.
How many organisations are using your product?
PhotoPrism currently has about 15,000 active installations, growing daily. Because we respect the privacy of our users, we do not have detailed information about whether these are run by individuals, businesses, or other organizations. By comparison, Canto, the leading commercial asset management solution, has about 2,500 customers, according to their website.
How many clients have stopped using the product?
Are you prepared to guarantee the renewal price?
As stated in our Terms of Service and in the PhotoPrism® Pro License Agreement, prices are subject to change and may be adjusted to account for currency fluctuations, inflation, new features and enhancements.
Changes will take effect at the next renewal of the Subscription Term. We intend to avoid unexpected changes and announce price adjustments in a timely manner.
Where can I learn more about your team?
PhotoPrism was founded by Michael Mayer and Theresa Gresch. Before founding PhotoPrism, Michael spent more than two decades advising startups and corporate clients such as Deutsche Telekom, Mercedes-Benz, SensioLabs and many more. Theresa holds a Master's degree in Neurobiology. Before starting to work on PhotoPrism, she used her organizational skills as a freelance product manager at startups and creative agencies.
Do you organize user forums or conferences?
How can we ensure that developments based on our requirements are not shared?
Purchasing a commercial license gives you the right to customize the functionality to your needs without having to publicly disclose your changes. When PhotoPrism provides professional services to you for a fee, our Terms of Service include an agreement to maintain the confidentiality of trade secrets and confidential or proprietary information.
In any event, PhotoPrism retains all proprietary rights in its software, services, documentation and all derivative works thereof, however created, and all intellectual property rights incorporated in or related to the foregoing. All rights not expressly provided by us to you under a license agreement or public license are reserved.
Technology, Development, and Documentation
What range of documentation do you provide?
Is your source code available on demand?
Are you following software development best practices?
Our approach relies heavily on agile methodologies with a high degree of automation and continuous integration. Many of the best practices we use and have proven to be effective are described in Quality and Best Practices, which is part of the Developer Guide.
What technologies is your software based on?
Do you provide any mobile apps?
At the moment, PhotoPrism does not have a native mobile app that can be installed through an official app store. However, our Progressive Web App (PWA) offers an almost native app-like experience. You can conveniently install it on the home screen of all major operating systems and mobile devices.
Which photo and video file formats are supported?
How many and which APIs do you have?
Is there an explicit file size limit?
JPEG images are generally supported up to a maximum size of 30,000 pixels. Note, however, that high-resolution panoramic images may require additional swap space and/or physical memory beyond the recommended minimum.
The file size limit in megabytes and the resolution limit in megapixels can be changed using parameters, so these depend on your individual configuration.
What is the maximum number of files that are allowed or can be managed?
There is no explicit limit to the number of files, except for the limitations imposed by the underlying database, the server's file system, and the size of the variables used as record identifiers, i.e. in the billions.
The number of files is primarily limited by the storage available. Practical usability also relies on the server's CPU and memory, while the time needed for indexing depends on the size of your files and their formats. We recommend that you test the performance with our freely available community edition before purchasing a commercial license.
Is your solution load-balanced?
In general, it is possible to run PhotoPrism in a cluster configuration. However, this is complex and there are trade-offs that you need to consider. If this is required, we offer professional services to help you set up a load balanced solution on an individual basis.
How many users can use your software simultaneously?
There is no built-in limit to the number of concurrent users. PhotoPrism generally scales well with the number of CPU cores. However, you should keep in mind that the hardware resources available for handling frontend requests can be significantly reduced while the backend is busy indexing or importing files. If necessary, the number of indexing workers can be limited based on your individual requirements.
If you are exposing your instance to the Internet, where the number of users can fluctuate greatly and some users may be accessing the service from remote locations with high latency, we strongly recommend configuring a Content Delivery Network (CDN) as this will reduce server load and improve the user experience. When in doubt, please test the performance with our freely available community edition before purchasing a commercial license.
How much data is cached by the database?
When using MariaDB, the InnoDB buffer pool serves as a cache for data and indexes. It is a key component for optimizing MariaDB performance. Its size should be as large as possible to keep frequently used data in memory and reduce disk I/O - typically the biggest bottleneck.
What is the concurrency of the APIs before degradation?
There is no built-in limit to the number of concurrent requests. PhotoPrism generally scales well with the number of CPU cores. However, you should keep in mind that the hardware resources available for handling API requests can be significantly reduced if the backend is busy indexing or importing files. If necessary, the number of indexing workers can be limited depending on your individual requirements.
Note that there are certain actions that may use a high amount of resources, such as ZIP file creation and some indexing operations, so concurrency also depends heavily on the particular API endpoint and the size of your media library.
We therefore recommend limiting full access to users you trust, as it otherwise could be abused to perform denial of service attacks by flooding the server with requests that cause high server load due to their nature, e.g. uploading and indexing extremely large images. The file size limit in megabytes and the resolution limit in megapixels can be changed using parameters, so these depend on your individual configuration.
If performance is of high importance to you, we also recommend configuring a Content Delivery Network (CDN), as this reduces server load and improves the user experience. When in doubt, please test the performance with our freely available community edition before purchasing a commercial license.
Can you provide detailed performance test results?
You may find performance test results attached to specific GitHub issues or pull requests, for example, to document the result of a performance optimization. However, we do not currently publish performance test results in a form that would be suitable for the general public or as marketing material.
When in doubt, we recommend that you test performance with our freely available community edition before purchasing a commercial license.
Has a development roadmap been created?
Yes, our Project Roadmap shows what tasks are in progress and what features will be implemented next.
Can you describe the product changes you plan to make over the next three years?
Our Project Roadmap shows what tasks are in progress and what features will be implemented next. Be aware that we have a zero-bug policy and do our best to help users when they need support or have other questions. This comes at a price, as we can't give exact release dates for new features.
As stated in our Terms of Service, you are welcome to ask for implementation of new features, enhancements, or other changes in the software, services or documentation. Our team will carefully consider your requests, but is not legally obligated to implement the changes you request. If your purchase depends on the availability of a certain feature, we recommend to wait until it has been released.
How far into the future are you planning?
We focus on outcomes, optimize effectiveness before efficiency, and plan as much ahead as necessary to meet our goals and commitments. To reduce risk, overhead, and the need to schedule manual work, our approach relies heavily on agile methodologies with a high degree of automation and continuous integration. Many of the best practices we use and have proven to be effective are described in Quality and Best Practices, which is part of the Developer Guide.
How frequently do you release updates?
Fully functional development previews with the latest features and improvements are provided very frequently, up to several times a day.
New stable versions that have been thoroughly tested are made available up to several times a month. Since quality is our top priority, this depends on what we are currently working on and whether we consider it ready for release.
How do you resolve defects and provide corrections?
PhotoPrism follows a zero-bug policy, which means that we do our best to fix any issues we learn about. Corrections will then be made available with the next stable release. Fully functional development previews with the latest features and improvements are made available very frequently, up to several times a day.
If resolving an issue is not immediately possible, for example due to dependencies on third-party libraries or other applications, or because it is a specific use case that we do not currently support, you can find a note and available workarounds in our Known Issues.
Do you have a web-based support service?
We provide support via email and optionally via chat. Upon request, we also provide remote assistance via online meeting and screen sharing.
Do you have a support phone number?
We can optionally provide you with telephone support so that you are immediately assisted by our staff.
What happens on bank holidays?
If you choose the highest level of support we offer, we can provide assistance even on holidays in the event of a critical incident.
Data, Backups, and Reports
Do you work with a concept of master data?
No. However, we embrace open standards and make our source code available to ensure a high level of compatibility and transparency. Our knowledge base contains an overview of the supported Exif, XMP, IPTC, and DCMI tags and their internal field names.
Can you share a data dictionary?
How does your product allow us to create reports?
There is currently no business reporting engine integrated in our product. Technical reports, e.g. on the status of database migrations, can be displayed via the command line interface and exported as CSV or Markdown. You can access the index database directly to generate reports on specific metrics using standard products designed for this purpose. If required, we offer professional services to help you set up a custom solution.
Can databases be modified by means other than the user interface?
Yes, you can modify the index database and create backup copies using standard database tools compatible with the database you have chosen.
Do you provide the possibility to anonymize copies of the database?
No. If required, we offer professional services to help you implement a custom solution.
What tools do you recommend for alternate data mining?
We do not recommend any particular tools. If needed, we offer professional services to help you implement a custom solution.
Do you have documents defining the referential elements of the database?
In our experience, the entity models as part of the public source code document this in a way that can be used well by most developers. Please contact us with your specific requirements and let us know your use case so we can provide you with technical documentation if needed.
Is data archiving part of the solution?
PhotoPrism provides commands for backing up and restoring the database. It is your responsibility to back up your data and make sure it is kept safe. Backing up media files is possible with standard file backup tools. We do not recommend any particular tools at this time.
Does your product identify unused data over a period of time?
Our solution does not currently provide analytics that allow you to identify media content that you have not downloaded or viewed for a period of time. However, commands are available to remove stale index entries and unused thumbnail files.
In the event of an outage, how would you recommend to recover without a loss of data?
It is your responsibility to manage your own infrastructure, provide a sufficient level of redundancy, back up your data and ensure that it is kept secure.
Privacy and Security
How does your product support GDPR and Data Protection?
Does your software depend on external services or is it completely self-contained?
Your use of these services is fully covered by us. So there are no usage-based fees, unlike with other vendors who may charge additional fees and may also not allow you to use caching, e.g. Google Maps.
Should you still wish to operate one or both of these services on your own premises, we can set up such a fully autonomous solution for you, provided you are prepared to cover the initial setup costs as well as ongoing maintenance fees for content licenses and updates.
What capabilities are built-in to protect from issues with the GDPR?
Please explain the built-in security of your product?
PhotoPrism uses common best practices to protect the application from unauthorized use, such as setting HTTP security headers and storing secrets as a hash that cannot be reversed.
Be aware that virtually all file format parsers have vulnerabilities that just haven't been discovered yet. For example, the release notes of pretty much all Apple products include a long list of fixes for flaws that allow the execution of arbitrary code with kernel privileges. This is a known risk that can affect you even if your server is not directly connected to the Internet.
Running applications in a container with limited host access is an easy way to improve security without compromising performance and usability. When combined with a virtual machine or dedicated server, this provides optimal protection against malicious code accessing other applications and data. Most importantly, only trusted users should be able to upload files, manage them via WebDAV, or modify them directly in the file system.
If you install our software on a public server outside your local network or connect your server to the public Internet, we advise you to always run it behind a secure HTTPS reverse proxy like Traefik Proxy. All files and passwords will otherwise be transmitted in clear text and can be intercepted by anyone, including your provider, hackers, and governments.
In addition, we recommend businesses and other organizations to use a professional firewall like OPNsense®.
Which tools are required for monitoring and alerting the product?
You can use the API endpoint
GET /api/v1/status to perform health checks in combination with any standard monitoring solution. In addition, we recommend monitoring CPU and memory usage, especially during indexing, so that you can add more resources if needed, depending on your individual use case and requirements. We do not recommend any particular tools at this time. If required, we offer professional services to help you set up a custom solution.
Has your product ever been exposed to DDOS attacks and what was the result?
This document contains "forward-looking statements" that involve risks and uncertainties. You should not place undue reliance on forward-looking statements because they are subject to factors that are difficult to predict. These forward-looking statements are generally identified by the use of "anticipate," "believe," "could," "estimate," "expect," "intend," "may," "plan," "target," "will," "would" and similar terminology.