What Data Does Hasselblad Phocus Send to Google? A Privacy Investigation

While investigating other aspects of Phocus 4.x's behavior for my ongoing documentation work, I noticed something unexpected: network traffic to Google servers that I hadn't anticipated. This led me down a rabbit hole of SQLite databases, cache files, and packet captures. Not because I suspected Hasselblad of anything nefarious, but because I wanted to understand exactly what was happening.

This post documents what I found. I'll cover what Phocus logs locally on your Mac, what it actually transmits over the network, what I could not confirm being transmitted, and how all of this compares to Hasselblad's published privacy policy. My goal isn't to be alarmist (analytics are standard in modern software), but transparency matters, especially for professional tools that cost as much as a Hasselblad system does.

If you just want the summary: Phocus collects usage analytics and sends them to Google Firebase. The transmitted data includes device information and workflow events (like export counts), and I did not observe personally identifiable information like file paths or usernames in the network traffic. However, Phocus does log PII locally, including full file paths containing your macOS username, in databases that most users would never know exist.

The core issues are threefold: Hasselblad's privacy policy is seven years old and reads like it was written for website visitors rather than desktop application users, so it doesn't disclose this local data collection at all; there's no way for desktop users to opt out; and the PII being logged locally is effectively hidden from users, stored in ~/Library directories and hex-encoded in a way that requires both terminal navigation skills and data decoding tools to discover.

Whether that obfuscation is intentional or simply a byproduct of implementation choices, the effect is the same: undisclosed collection of what GDPR classifies as personal data, stored in a manner that prevents practical user access or awareness. (Standard disclaimer: I am not a lawyer, and GDPR is a bit like quantum theory in that anyone who claims to fully understand it probably doesn't.)

Why I Started Investigating Phocus Network Traffic

I run Little Snitch on my Mac, which alerts me when applications make network connections. While using Phocus, I noticed repeated connections to app-analytics-services.com, a domain I didn't recognize but which turned out to be Google's Firebase Analytics infrastructure.¹

This isn't inherently concerning. Most modern applications collect usage analytics to understand how people use their software, identify bugs, and prioritize features. But I was curious: what exactly was Phocus sending? And was any of it documented?

To find out, I used three approaches:

First, I examined the SQLite databases that Google's analytics SDKs create on your Mac. These are stored in ~/Library/Application Support/Google/Measurement/ and contain a record of events that have been logged and queued for transmission.

Second, I looked at the Crashlytics cache in ~/Library/Caches/com.crashlytics.data/dk.hasselblad.phocus/, which stores device information and crash-related context.

Third, I used Proxyman to intercept the actual HTTPS traffic between Phocus and Google's servers, allowing me to see exactly what data was being transmitted over the network.²

What I found was illuminating. Not because it revealed anything scandalous, but because it highlighted a significant gap between what Hasselblad's privacy policy describes and what the software actually does.

What Phocus Stores on Your Mac

Before discussing what gets transmitted over the network, it's worth understanding what Phocus stores on your Mac. This distinction matters because local logging doesn't necessarily mean network transmission. Some data may only exist locally, or may only be transmitted under specific circumstances like a crash.

The Analytics Databases

Google's Firebase SDK creates several SQLite databases in ~/Library/Application Support/Google/Measurement/. The primary one, google-app-measurement.sql, contains event data that has been logged by the application.

Looking at my own system after a few weeks of using Phocus, I found records of workflow events like ImportFiles and ExportFiles, along with counts for each. The database also tracks session information: how many times I've opened Phocus, total engagement time, and timestamps for first and last use. In my case, it showed 46 import events and 328 export events logged over approximately 18 hours of total engagement across 99 sessions.

There's also a database called google_experimentation_database.sql with tables for activated_snapshot_table, launched_snapshot_table, and pending_snapshot_table. This appears to be infrastructure for A/B testing: the ability to test different features or configurations with different users. I can't confirm whether Hasselblad actively uses this capability, but the infrastructure is present.

The Crashlytics Cache

Firebase Crashlytics, Google's crash reporting service, maintains its own cache in ~/Library/Caches/com.crashlytics.data/dk.hasselblad.phocus/. This directory contains several files with device information and application state data.

The device information includes your Mac model identifier, CPU type, macOS version, locale settings, and the number of connected displays. This is fairly standard crash reporting context. When a crash occurs, knowing the hardware and OS version helps developers reproduce and fix issues.

However, I also found something more concerning in these cache files: file paths from folders I had browsed in Phocus, complete with my macOS username. For example, paths like /Users/[myusername]/Pictures/Phocus Captures.localized/B_07829.3FR were present in the log data, along with counts of files in browsed directories.

This raised an immediate question: was this information being transmitted to Google?

What Data Phocus Transmits to Google

To answer whether file paths and usernames were being transmitted, I needed to look at actual network traffic rather than just local storage. Using Proxyman, I configured my Mac to intercept HTTPS connections from Phocus and captured packets during normal usage, including several file export operations.

What I Confirmed Being Transmitted

The captured packets, after decoding the Protocol Buffer payloads, revealed the following data being sent to Google's servers:

Device fingerprinting: macOS version, Mac model identifier (like "Mac14,6"), and locale settings. This creates a reasonably unique identifier for your machine, though it doesn't include serial numbers or other hardware identifiers.

App identification: The bundle ID (dk.hasselblad.phocus) and version number, which tells Google which application is reporting.

Persistent installation ID: A unique identifier generated when Phocus is first installed. This allows Google and Hasselblad to track usage patterns over time for a single installation without knowing who you are.

Workflow events: Event names like ExportFiles and Export Adjustments along with associated counts. This tells Hasselblad how people use the software: how often they export, what features they use, and so on.

Google Signals flag: The packets included a flag indicating that Google Signals is enabled. Google Signals is an advertising and remarketing feature that allows cross-device tracking and audience building.³ Its presence in a professional photo editing application is somewhat surprising, though I can't confirm whether Hasselblad actually uses it for advertising purposes.

Session heartbeats: Regular packets indicating the application is still running, used to calculate engagement time.

What I Did NOT Observe Being Transmitted

Despite finding file paths with usernames in the local Crashlytics cache, I did not observe this information in any captured network packets during normal operation. Specifically:

• File paths: not observed in any captured packets
• Usernames: not observed
• Filenames: not observed
• Image content or EXIF metadata: not observed

This suggests that the file path logging in the Crashlytics cache is intended for crash report context rather than routine analytics. If Phocus crashes, that context might be transmitted as part of the crash report to help developers understand what the user was doing when the crash occurred. However, I didn't capture a crash event, so I cannot confirm or deny what gets sent during an actual crash.

For normal, non-crash usage, my investigation suggests that Phocus transmits device information and behavioral events, but not personally identifiable information like your username or the specific files you're working with.

What Hasselblad's Privacy Policy Says

With a reasonably clear picture of what Phocus actually collects and transmits, I wanted to compare this against Hasselblad's published privacy policy.⁴ The policy, last updated on May 21, 2018, includes this statement:

"We use Google Analytics to collect and process certain analytics data"

It also describes automatically collected information including IP addresses, device information, "the pages or other content you view or otherwise interact with on a Product or Service," and timestamps.

The Gaps

Several aspects of what I observed don't quite match what the policy describes.

• "Google Analytics" vs. Firebase Analytics: The policy mentions "Google Analytics," but Phocus uses Firebase Analytics, Firebase Crashlytics, and Google App Measurement. While these are all Google products, they're distinct services with different capabilities. Firebase Analytics, for instance, is designed specifically for mobile and desktop applications rather than websites, and includes features like crash reporting and A/B testing that traditional Google Analytics doesn't offer.
• Web-focused language: The policy's language reads like it was written for web browsing. Phrases like "pages or other content you view" and "web browser" make sense for a website but don't accurately describe desktop application telemetry. Tracking ExportFiles events in a photo editor is conceptually different from tracking page views on a website.
• Google Signals not mentioned: The presence of Google Signals, which enables advertising and remarketing features, isn't disclosed in the privacy policy. Users might reasonably want to know if their usage data could potentially be used for advertising purposes, even if only within Google's ecosystem.
• No desktop opt-out: The policy mentions email marketing opt-outs and links to Google's general privacy controls, but provides no mechanism for desktop application users to disable analytics collection. Phocus has no telemetry settings in its preferences.
• Seven years old: Perhaps most significantly, the policy predates Phocus 4.x by several years. Software analytics implementations change over time, and a policy written in 2018 may not accurately reflect 2025 practices.

A Note on Mobile

Interestingly, Phocus Mobile 2's changelog for version 3.4.1 (September 2025) states: "Added 'Hasselblad Product Improvement Program' and updated Privacy Policy." This suggests Hasselblad has been thinking about analytics transparency, at least for mobile users.

However, when I searched for this "Product Improvement Program" opt-out in the mobile app, I couldn't find it. It's not in the app's settings, not in iOS Settings under Phocus Mobile 2, and not documented anywhere I could locate. The website privacy policy still shows the May 2018 date with no indication of updates.

This creates a confusing situation: the changelog implies user control that either doesn't exist or is so well-hidden as to be effectively non-functional.

How to Block Phocus Analytics Collection

If you'd prefer that Phocus not send analytics data to Google, you have a few options. None of these are officially supported by Hasselblad, but they work.

Blocking Network Access

The simplest approach is to block Phocus from connecting to Google's analytics servers. You can do this with:

• Little Snitch or Lulu: Create a rule to block connections from Phocus to app-analytics-services.com. Little Snitch will prompt you automatically when Phocus tries to connect; you can deny the connection and make it permanent. Lulu is a free alternative that works similarly.
• Pi-hole or network-level blocking: If you run a Pi-hole or similar DNS-based ad blocker on your network, you can add app-analytics-services.com to your blocklist. This will affect all devices on your network.
• macOS firewall rules: You can also configure the built-in macOS firewall through the command line, though this is more complex than using a dedicated tool.

In my testing, blocking analytics doesn't affect Phocus's functionality at all. The application continues to work normally; you just don't contribute to Hasselblad's usage statistics.

Clearing Existing Data

If you want to remove the analytics data that's already been collected on your Mac, you can delete the following directories:

~/Library/Application Support/Google/Measurement/

~/Library/Caches/com.crashlytics.data/dk.hasselblad.phocus/

Be aware that these directories will be recreated the next time you run Phocus, though they'll start fresh with no historical data. If you've also blocked network access, new data will accumulate locally but won't be transmitted.

Providing Feedback to Hasselblad

If you'd prefer an official solution rather than workarounds, consider contacting Hasselblad directly. Specifically, you might request:

• An opt-out toggle in Phocus preferences, similar to what many applications offer
• An updated privacy policy that accurately describes what data is collected and how it's used
• Clarification about Google Signals and whether the data is used for advertising purposes

Hasselblad's support can be reached through their website, and feedback through official channels is more likely to influence product decisions than blog posts like this one.

My Privacy Expectations for Premium Camera Software

I want to be clear about my perspective here: I don't think Hasselblad is doing anything malicious, and I'm not switching away from Phocus because of this. The data being collected is fairly typical for modern software analytics, and it helps companies understand how their products are used so they can make them better.

That said, three things bother me.

• First, there's no opt-out. Many applications, including those from Apple, Microsoft, and Adobe, give users the choice to participate in analytics or not. Hasselblad's mobile changelog suggests they understand this expectation, but the desktop version of Phocus has no such option, and the mobile opt-out appears to be non-functional or undiscoverable.
• Second, the privacy policy is outdated. A seven-year-old policy that uses web browsing language to describe desktop application telemetry doesn't give users an accurate picture of what's happening. When you buy into a premium camera system, you reasonably expect the company behind it to maintain accurate documentation, and that includes privacy practices.
• Third, Google Signals is surprising. I don't know whether Hasselblad actively uses this for advertising, but its presence means the capability exists. For professional software that costs what Phocus does (admittedly, free, but bundled with very expensive hardware), seeing advertising infrastructure is unexpected.

None of this rises to the level of a scandal. It's more like finding out your expensive car has been quietly reporting your driving habits to the manufacturer: technically disclosed somewhere in the fine print, arguably useful for improving the product, but not something you expected or consented to in any meaningful way.

For my own setup, I've blocked app-analytics-services.com in Little Snitch and moved on. Phocus works exactly the same, and I have peace of mind knowing my workflow data isn't being transmitted.

Conclusion

Phocus 4.x for macOS (tested with versions 4.0.1 and 4.1) collects usage analytics and transmits them to Google Firebase. The data includes device information, workflow events like import and export counts, and session engagement metrics. Based on my packet capture analysis, file paths and usernames are logged locally but do not appear to be transmitted during normal operation, though they may be included in actual crash reports.

Hasselblad's privacy policy, last updated in 2018, mentions "Google Analytics" generically but doesn't describe the specific Firebase Analytics, Crashlytics, and Google Signals implementation that Phocus actually uses. There's no opt-out mechanism for desktop users, and the mobile opt-out announced in recent changelogs appears to be either non-existent or undiscoverable.

If you want to prevent analytics collection, you can block app-analytics-services.com at the network level without affecting Phocus functionality.

I reported these findings to Hasselblad in mid December 2025. As of publication, I have not received a specific acknowledgment or response regarding these specific privacy concerns. I'll update this post if that changes.

References

¹ Firebase Analytics uses the domain app-analytics-services.com for data collection. See Google's Firebase documentation at https://firebase.google.com/docs/analytics

² Proxyman is an HTTPS debugging proxy for macOS. See https://proxyman.io/

³ Google Signals enables cross-device reporting and remarketing audiences. See https://support.google.com/analytics/answer/7532985

⁴ Hasselblad Privacy Policy, last updated May 21, 2018: https://www.hasselblad.com/legal/privacy-policy/

This post is part of my ongoing work documenting undocumented behaviors in Hasselblad's software ecosystem. For more, see my series on understanding Phocus for macOS.