About
A private library is the only kind worth having.
Tessera exists because your photos and video are yours — and the tools that understand them should run where the media already lives.
Private by architecture, not by promise.
Most "private" apps ask you to trust a privacy policy. Tessera asks you to trust math: your library is indexed, searched, and understood on your own hardware, so there is no server holding a copy of your life. We can't lose what we never receive, and we can't be compelled to hand over what we don't have.
Open core, under AGPLv3.
The full local pipeline — search, tagging, faces, places, video — is open source under the AGPLv3. You can read it, audit it, and self-host it. A small Pro tier funds the work with power features and support, sold once, with no subscription and no phone-home. Open core keeps the incentives honest: the privacy guarantees are inspectable, not marketing.
It's your library — we don't police it.
Tessera organizes whatever you point it at. We don't inspect or restrict your own content, because it's yours and it never leaves your machine. What you keep in your private library is between you and your disk.
Made by a small, independent maker.
Tessera is built by an independent developer who wanted a serious, local-first DAM for a large personal library — and decided to make it good enough to share. Development happens in the open on GitHub.
Principles
What we won't compromise on.
Local first
Everything that can run on your machine, does. The default path never touches a server.
No telemetry
We collect nothing. No analytics, no crash pings, no usage beacons — there's nothing to opt out of.
Open core
The pipeline is AGPLv3 and auditable. Pro adds features on top; the core stays open.
You hold the keys
Bring your own optional compute and keys. Your credentials and your data stay with you.