When does encryption occur when a user moves an image from camera roll to my eyes only on Snapchat and does Snapchat ever have access to the unencrypted data during this process

1. What the product claims: encryption happens on the device before storage

Snapchat’s public support and privacy pages describe My Eyes Only as a passcode‑protected folder where snaps are “kept safe and encrypted” and only accessible with the user’s MEO passcode, implying the app encrypts content before making it available again ^{[1] [2]}. Snapchat’s own messaging on community forums bluntly states that without the password “no one can view the things you saved on My Eyes Only — not even us,” which is consistent with a client‑side encryption model where the key is derived from the passcode ^[5].

2. The practical flow: when encryption is applied during a move

According to support material about moving Snaps from Memories to My Eyes Only, after a user moves an item it becomes accessible only via the MEO passcode, which indicates encryption is applied at or immediately after the move into the MEO container within the app’s local storage and/or backup pipeline ^[1]. Multiple user‑facing guides reiterate that items in MEO are encrypted and hidden from other gallery apps, reinforcing the view that encryption occurs on the client side at the moment of transfer into MEO ^{[6] [7]}.

3. Where the company’s claim meets technical nuance and limitations

Third‑party forensic reporting and tool updates complicate the simple company claim: tools like Magnet AXIOM and GrayKey have, in some scenarios, been able to recover and decrypt Memories and MEO snaps if those files were present in unencrypted caches or were previously viewed and left artifacts on the device, indicating that encryption guarantees depend on runtime state and the broader device security posture ^[3]. In other words, if a snap existed unencrypted in a cache or backup before being moved or after being viewed, forensic recovery may expose it even if the MEO store itself is encrypted ^[3].

4. Local artifacts and the MEO passcode handling

Security researchers and community projects have inspected Snapchat’s local data structures and found that the MEO passcode or its verification data is stored in device app data (memories.db), with community code noting the PIN is hashed (Bcrypt mentioned in public repositories) rather than stored as cleartext, which supports client‑side protection but also shows that device compromise/rooting can let attackers access those artifacts ^[4]. This means Snapchat’s architecture leans on local cryptographic controls, but those controls are only as robust as the device’s protections against rooting, backups, or physical extraction ^[4].

5. Reconciling company statements with real‑world risk: who can access unencrypted data?

Snapchat’s official stance is that My Eyes Only is encrypted and inaccessible without the passcode, and that the company does not have access to the unencrypted contents ^{[5] [2]}. Independent forensic sources show that Snapchat‑stored snaps can be recovered and decrypted under specific conditions—chiefly when unencrypted copies exist on the device or when forensic tools exploit local caches or device extraction methods—so while Snapchat may not have direct access to plaintext MEO items in normal operations, actors with device‑level access (forensic vendors, law enforcement with GrayKey‑style tools, or an attacker with root) can potentially retrieve unencrypted material ^{[3] [4]}. Public materials that claim full end‑to‑end recipient key exchange or sharing semantics for MEO go beyond the available technical reporting and should be treated as speculative unless Snapchat publishes a cryptographic whitepaper describing such protocols ^[8].