What Happens to Shared Photos After a Breakup?

Deleting from shared albums. If you shared through iCloud, Google Photos, or a messaging app, you can remove the photo from the shared album. But if your partner already saved it to their camera roll, or if the app auto-downloaded it, the copy on their device is untouched. Removing it from the album removes only the link, not the image.

Asking them to delete it. This requires trust in a situation where trust may have already broken down. Even with the best intentions, you have no way to verify that every copy, including cloud backups, has been removed. You are relying entirely on their word.

Legal action. Congress passed the TAKE IT DOWN Act in 2025, criminalizing nonconsensual intimate image sharing. This is an important step, and it reflects a growing recognition that this is a serious problem. But legal action is reactive: it happens after the damage is done. It is also slow, expensive, and emotionally exhausting. Prevention is better than prosecution.

Some apps claim to let you delete shared photos remotely. In practice, what they usually do is delete a reference: a link, a database entry, a thumbnail. The actual image data may still exist on the recipient's device, in their cache, or in a backup.

The fundamental problem is that once you send someone an unencrypted photo, they have the photo. You can delete your copy. You can ask the server to delete its copy. But the file on their device is theirs. No amount of “unsend” UI can reach into their storage and remove it.

This is not a limitation of any particular app. It is a limitation of how file sharing works when you send plaintext data. To actually solve this problem, you need to change the approach entirely.

What if, instead of sending someone a photo and hoping they delete it later, you never actually give them the photo in the first place?

This is the idea behind Tucked. When you share a photo or video through Tucked, the content is encrypted on your device before it ever leaves. A unique encryption key, called a Content Encryption Key (CEK), is generated for each item. The content is locked with this key, and only a sealed copy of the key is stored on Tucked's server.

Your partner can view the content because their device requests the sealed key from the server, unlocks it with their private key, and decrypts the content in memory. The decrypted image is never saved to their device. It exists only while they are looking at it.

The critical difference is that your partner never possesses the content in a usable form. They can view it through Tucked, where screenshots are blocked , but they cannot export it, save it to their camera roll, or extract the decrypted data.

When you revoke access to a photo or video in Tucked, the server permanently deletes the sealed CEK, the only copy of the key your partner can use to decrypt the content. Once it is gone, the encrypted data cannot be decrypted. Even if your partner has the encrypted bytes cached on their device, the key no longer exists for them to obtain.

This is not a policy. It is not a promise that Tucked will “try to delete” the photo. It is enforced by cryptography. Without the sealed CEK, your partner cannot decrypt the content.

Revocation can be done per item: one tap to revoke a single photo or video. Or, if you end the partnership entirely, all encrypted decryption keys, content, and messages are permanently deleted from the server at once.

If you break up and you shared content through Tucked, you have two options:

• Revoke individual items : open Tucked, tap the item, tap revoke. The decryption key is destroyed. Done.
• End the partnership : this permanently deletes all encrypted decryption keys, content, and messages from the server. Everything you shared becomes inaccessible at once.

No asking. No negotiating. No trusting that they actually deleted it. You destroy the key, and the content is locked forever.

And revocation is free. It is not behind a paywall. Tucked will never charge you for the ability to control your own content.

Revocation prevents access to the encrypted content. But what about screenshots taken while someone was viewing it? Tucked addresses this separately: the app blocks screenshots and screen recordings on content screens using a secure iOS display layer. When a screenshot attempt is detected, the content is hidden.

No software can guarantee 100% screenshot prevention. Someone could always use a second device to photograph their screen. But Tucked makes casual capture difficult, and revocation ensures that even if someone saw the content once, they cannot access it again after you revoke.

The TAKE IT DOWN Act reflects a growing consensus: people deserve protection against nonconsensual intimate image sharing. Legal frameworks are important, but they work after the fact. They punish bad behavior. They do not prevent it.

Tucked is building the technical layer that makes prevention possible. End-to-end encryption ensures that nobody, not even Tucked, can see your content. Cryptographic revocation ensures you can take back access at any time. No data is collected about you beyond what is needed to run the service. And decrypted content is never written to disk. It exists only in memory and is purged when you leave the app.

The technology to share privately and maintain control has not existed before. Now it does.