Immich vs Google Photos (2026)

TL;DR

Google Photos charges $35.88/year for 200GB ($99.99/year for 2TB). Immich (AGPL 3.0, ~55K GitHub stars) gives you everything Google Photos does — plus no ads, no AI training on your photos, and ownership of your data — for the cost of a storage drive. If you have 50GB+ of photos and value privacy, self-hosted Immich is the better choice in 2026. Migration from Google Photos is straightforward via Google Takeout.

Key Takeaways

Cost: Google Photos costs $3/month for 100GB; Immich costs ~$5/month amortized for a home server
AI features: Immich has face recognition, semantic search, and scene detection — comparable to Google
Mobile backup: Immich iOS/Android apps backup photos automatically — same UX as Google Photos
Privacy: Immich processes all AI locally; Google uses your photos to train AI models
Migration: Google Takeout exports all photos; Immich imports the folder directly
Tradeoff: Immich requires a server to maintain; Google Photos works if you close your laptop

Cost Comparison

Google Photos pricing (2026)

Storage	Price	Annual Cost
15GB	Free	$0
100GB	$2.99/mo	$35.88
200GB	$2.99/mo	$35.88
2TB	$9.99/mo	$119.88
5TB	$24.99/mo	$299.88
10TB	$49.99/mo	$599.88

Google One pricing — includes Gmail and Drive storage

Immich self-hosted cost

Component	One-time	Monthly
Home server (mini PC like Beelink Mini S12)	$160	$3-5 electricity
4TB HDD for photos	$80	$0
Total (Year 1)	$240	~$4/mo
Total (Year 2+)	$0	~$4/mo

Break-even vs Google Photos 2TB: ~18 months. After that, Immich is $4/month vs $9.99/month.

Already have a NAS/homelab? Immich adds essentially zero cost.

Feature Comparison

Feature	Immich	Google Photos
Auto-backup (iOS/Android)	Yes	Yes
Face recognition	Yes (local)	Yes (cloud)
Semantic search	Yes ("beach sunset")	Yes
Scene/object detection	Yes	Yes
Shared albums	Yes	Yes
Partner sharing	Yes	Yes
Video support	Yes	Yes
RAW files	Yes	No (converts to JPEG)
HEIC/HEIF	Yes	Yes
Live photos	Yes	Yes
Motion photos	Yes	Yes
Maps/geo	Yes	Yes
Memories	Yes	Yes
Albums	Yes	Yes
Google Lens equivalent	No	Yes
Edit photos	Basic	Advanced
Storage compression	No (original quality always)	Yes (lossy "Storage saver")
Offline access	Via download	Yes (cached)
Smart home displays	Yes (API)	Yes (Chromecast)
Privacy	Your server only	Google trains AI on photos

Migration: Google Photos → Immich

Step 1: Export from Google Photos

Go to takeout.google.com
Deselect all → Select only Google Photos
File type: .zip, Size: 50GB max (multiple files)
Delivery: Email link when ready (1-48 hours for large libraries)
Download all .zip files

Step 2: Import to Immich

# 1. Extract all Google Takeout zips:
mkdir -p ~/google-photos-export
for zip in ~/Downloads/takeout-*.zip; do
  unzip -o "$zip" -d ~/google-photos-export/
done

# 2. Use immich-go for clean import (handles JSON metadata):
# Install immich-go (recommended for Google Takeout):
curl -L https://github.com/simulot/immich-go/releases/latest/download/immich-go_Linux_x86_64.tar.gz | tar xz
sudo mv immich-go /usr/local/bin/

# 3. Import with metadata preservation:
immich-go upload \
  --key your-immich-api-key \
  --server https://photos.yourdomain.com/api \
  --google-photos \
  ~/google-photos-export/Takeout/Google\ Photos/

# This preserves:
# - Original dates from JSON metadata files
# - GPS location data
# - Album structure
# - Starred photos

Step 3: Verify the import

# Check import stats:
immich-go stats \
  --key your-api-key \
  --server https://photos.yourdomain.com/api

# Expected: same count as Google Photos total
# Check: Immich web UI → Photos → sort by date → verify oldest photos

Mobile App Setup

iOS

Install Immich from App Store
Server URL: https://photos.yourdomain.com
Log in → Enable Backup in settings
Select: Back up photos + videos
Optional: Disable Google Photos backup (Settings → Google Photos → turn off)

Android

Install from Google Play or F-Droid
Same setup process

Immich Docker Setup

# docker-compose.yml
services:
  immich-server:
    image: ghcr.io/immich-app/immich-server:release
    container_name: immich_server
    restart: always
    ports:
      - "2283:2283"
    volumes:
      - /path/to/your/photos:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    environment:
      DB_HOSTNAME: database
      DB_USERNAME: postgres
      DB_PASSWORD: "${DB_PASSWORD}"
      DB_DATABASE_NAME: immich
      REDIS_HOSTNAME: redis
    depends_on:
      database:
        condition: service_healthy
      redis:
        condition: service_started

  immich-machine-learning:
    image: ghcr.io/immich-app/immich-machine-learning:release
    container_name: immich_ml
    restart: always
    volumes:
      - model_cache:/cache
    environment:
      DB_HOSTNAME: database
      DB_USERNAME: postgres
      DB_PASSWORD: "${DB_PASSWORD}"
      DB_DATABASE_NAME: immich

  redis:
    image: redis:6.2-alpine
    restart: always

  database:
    image: tensorchord/pgvecto-rs:pg14-v0.2.0
    restart: always
    environment:
      POSTGRES_PASSWORD: "${DB_PASSWORD}"
      POSTGRES_USER: postgres
      POSTGRES_DB: immich
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
      start_period: 30s

volumes:
  pgdata:
  model_cache:

photos.yourdomain.com {
    reverse_proxy localhost:2283
}

Privacy Comparison

Google Photos data usage

AI training: Google's Terms of Service allow using photos to improve AI models
Advertising: Image content analysis informs advertising profiles
Third-party access: Law enforcement can subpoena your photos from Google
Data residency: Photos stored in Google's data centers globally

Immich privacy

AI runs locally: Face recognition and semantic search run on your hardware
No advertising: No ad profile, no data mining
No third-party access: Law enforcement must subpoena your server
Data sovereignty: Photos stay on your hardware in your country

When to Choose Google Photos Instead

Immich is better in most cases, but Google Photos still wins for:

Zero maintenance: Immich requires keeping your server running and updated
Storage flexibility: Google scales infinitely; self-hosting is limited by your drive
Mobile reliability: If you're often off-home-network without VPN, Immich may be slower
Google Lens: Object identification, text extraction, plant/animal ID — Immich doesn't have this yet
Family who's not technical: Google Photos family sharing is easier to set up for less-technical relatives

See our Immich self-hosting guide for the full Docker setup.

See all open source photo management tools at OSSAlt.com/categories/photos.

Data Ownership and File Management

Self-hosted file storage gives you control over data residency, access patterns, and cost that no cloud provider can match. The tradeoff is operational responsibility — you own the uptime and durability guarantees you create.

Redundancy at the disk level: For critical data, use RAID or ZFS on your storage node. RAID 1 (mirroring) protects against a single disk failure; ZFS adds checksumming that detects and corrects silent corruption. Neither is a replacement for offsite backups — they protect against disk failures, not against the broader failure modes (fire, theft, software bugs, accidental deletion) that offsite backups handle.

Offsite backups: Use Duplicati for automated encrypted daily backups to Backblaze B2 or Cloudflare R2. The 3-2-1 rule (3 copies, 2 different media, 1 offsite) remains the standard for data you can't afford to lose. B2 storage costs $0.006/GB/month — a 1TB backup repository costs $6/month.

File synchronization across devices: Syncthing provides peer-to-peer file synchronization without a central server. Files sync directly between your devices without routing through your server, making it useful for camera rolls, documents, and any dataset that needs real-time synchronization rather than archive access.

Access control: For team environments, use your server's user/group permissions plus application-level access control. Authentik provides SSO and role-based access that integrates with applications supporting OIDC or LDAP.

Monitoring storage health: Track disk usage trends with Prometheus + Grafana. A disk that fills gradually will fail suddenly if you're not watching — set an alert at 75% capacity to give yourself time to archive old data or expand storage.

Immich is the most actively developed self-hosted Google Photos alternative, with mobile apps for iOS and Android, real-time upload, and on-device ML for face and object recognition. For an alternative with a different approach to organization, PhotoPrism uses AI tagging without requiring mobile client uploads — suitable for existing photo library organization rather than ongoing mobile backup.

Network Security and Hardening

Self-hosted services exposed to the internet require baseline hardening. The default Docker networking model exposes container ports directly — without additional configuration, any open port is accessible from anywhere.

Firewall configuration: Use ufw (Uncomplicated Firewall) on Ubuntu/Debian or firewalld on RHEL-based systems. Allow only ports 22 (SSH), 80 (HTTP redirect), and 443 (HTTPS). Block all other inbound ports. Docker bypasses ufw's OUTPUT rules by default — install the ufw-docker package or configure Docker's iptables integration to prevent containers from opening ports that bypass your firewall rules.

SSH hardening: Disable password authentication and root login in /etc/ssh/sshd_config. Use key-based authentication only. Consider changing the default SSH port (22) to a non-standard port to reduce brute-force noise in your logs.

Fail2ban: Install fail2ban to automatically ban IPs that make repeated failed authentication attempts. Configure jails for SSH, Nginx, and any application-level authentication endpoints.

TLS/SSL: Use Let's Encrypt certificates via Certbot or Traefik's automatic ACME integration. Never expose services over HTTP in production. Configure HSTS headers to prevent protocol downgrade attacks. Check your SSL configuration with SSL Labs' server test — aim for an A or A+ rating.

Container isolation: Avoid running containers as root. Add user: "1000:1000" to your docker-compose.yml service definitions where the application supports non-root execution. Use read-only volumes (volumes: - /host/path:/container/path:ro) for configuration files the container only needs to read.

Secrets management: Never put passwords and API keys directly in docker-compose.yml files committed to version control. Use Docker secrets, environment files (.env), or a secrets manager like Vault for sensitive configuration. Add .env to your .gitignore before your first commit.

Production Deployment Checklist

Before treating any self-hosted service as production-ready, work through this checklist. Each item represents a class of failure that will eventually affect your service if left unaddressed.

Infrastructure

Server OS is running latest security patches (apt upgrade / dnf upgrade)
Firewall configured: only ports 22, 80, 443 open
SSH key-only authentication (password auth disabled)
Docker and Docker Compose are current stable versions
Swap space configured (at minimum equal to RAM for <4GB servers)

Application

Docker image version pinned (not latest) in docker-compose.yml
Data directories backed by named volumes (not bind mounts to ephemeral paths)
Environment variables stored in .env file (not hardcoded in compose)
Container restart policy set to unless-stopped or always
Health check configured in Compose or Dockerfile

Networking

SSL certificate issued and auto-renewal configured
HTTP requests redirect to HTTPS
Domain points to server IP (verify with dig +short your.domain)
Reverse proxy (Nginx/Traefik) handles SSL termination

Monitoring and Backup

Uptime monitoring configured with alerting
Automated daily backup of Docker volumes to remote storage
Backup tested with a successful restore drill
Log retention configured (no unbounded log accumulation)

Access Control

Default admin credentials changed
Email confirmation configured if the app supports it
User registration disabled if the service is private
Authentication middleware added if the service lacks native login

Getting Started

The best time to set up monitoring and backups is before you need them. Deploy your service, configure it, and immediately add it to your monitoring stack and backup schedule. These three steps — deploy, monitor, backup — are the complete foundation of a reliable self-hosted service. Everything else is incremental improvement.

For most users making the switch from Google Photos, Immich is the clear choice in 2026. The mobile apps, automatic upload, and album-sharing features match or exceed Google Photos' core functionality. The self-hosted deployment runs on a single VPS or NAS with the provided Docker Compose configuration. The operational consideration is storage: configure external volume mounts for your photo library rather than storing files inside Docker volumes, and back up the storage location separately from the container volumes. Photos are not recoverable if the storage is lost.

The SaaS-to-Self-Hosted Migration Guide (Free PDF)