concern with be my AI photo's privacy

Hi. Rather than getting this information second hand, I’d suggest you read Be My Eyes own statements on this.
In the app, go to Settings, then Privacy and terms. It’s also on their website.
Dave

When it comes to other entities, both people and companies, my recommendation is to not take anything for granted, especially in the case of personal information that, if leaked, can result in devastating consequences to your personal life. Even if an entity fully commits to privacy in good faith, you always need to consider the possibility of the data that they store about you, even temporarily, getting compromised and leaked.

For example a data cache, which is a relatively small space used for ephemeral very fast storage and retrieval, can contain temporary data that has not been wiped yet because that space has not been reallocated. Even permanent storage can be a problem, because when you delete data from a filesystem, the default approach is to just mark that space as free without actually spending time erasing the content. Add the fact that a sizable portion of software engineers are totally incompetent, and that the software industry as a whole values cheap and fast delivery at the expense of quality, and you quickly reach the conclusion that the chances of anyone's personal data leaking is huge. While in most situations the consequences are negligible, the life-ruining potential of having your private data leaked is not zero so don't gamble on it.

One thing I often tell people when they ask me to enumerate security threats, is that my biggest concern are the threats that I don't know about, not the ones I do, because in the latter case I can devise strategies to completely block or at least mitigate them, so my approach to security is to implement overly conservative compartmentalized designs in order to minimize the damage that a bad actor can potentially cause.

For starters, if you are on macOS, enabling File Vault and Firewall are pretty low hanging fruit waiting to be collected, and beyond that the general advice is to just avoid remote services as much as possible.

On a more technical ground, my home network has two layers, with the first being the ISP router and the second being a 2011 Airport Time Capsule, where the ISP router is available to everyone in my family who knows its Pre-shared Key and the Time Capsule only being used by my own devices. Inside the Time Capsule network there's also a Raspberry Pi running Pi-hole which is a network service that blocks DNS queries to advertisement services. My no-reply E-mails are also automatically archived locally and deleted from the server, as well as any other E-mails that are not part of a conversation and to which I do not reply to in a week, and the default loading of remote files from E-mail content is also blocked. I don't use browser add-ons since those may bring their own security problems.

As for pictures, since I'm totally blind they are of no use to me, so whenever I take one to OCR, which Apple devices can do locally, I delete it right after. I don't have a lot of image recognition needs, but when I do I find the local solution implemented by Apple to be enough.

There are other things that I intend to implement at some point in the future, like running a large language model locally so that I can take full advantage of AI without having to send my data to a remote server, but until then I will only rely on AI as a math teacher.

I also intend to build a company in the future, and will not be messing around since one of my plans is to provide security software and hardware solutions, meaning I'll be building a fully compartmentalized digital bunker where access to sensitive data will be provided by a cluster of micro-controllers certified to be security-hardened, ensuring that only software digitally signed by the company can run on it and that I don't have to concern myself with speculative execution vulnerabilities like all the Spectre variants. In the beginning I'll be using off-the-shelf micro-controllers like the RP235x, but in the long run the idea is to eventually design my own hardware. There's also going to be a local large language model running inside the company integrated with a retrieval-augmented generation implementation, access to company information will be totally compartmentalized by department and security clearance on a need to know basis where even I won't have access to almost anything, authentication will be passwordless and based on smart cards, tokens, and devices with security by design hardware implementations like Apple's Secure Enclave, and the master cryptographic keys will be stored in safe containers in several banks who will be instructed to only allow access from other people in the event of my death or loss of relevant legal capacity and only with an authorization from a court.

I've also been concerned with the way Be My Eyes handles our data. As Dave Nason said, check the privacy terms for all the details, but the short answer is, they store images and interactions for 30 days on their servers (the reason given is sonething along the lines of "improving our services", which does not really say that much) and the images/conversations are not used to train underlying models (however, most AI API use, which this is, stores everything for 30 days at least for monitoring/security reasons, but that's on the AI vendors, not Be My Eyes).
As for what you can do to minimize the privacy impact, I'm no expert but my thoughts are that the best way is to be mindful of what you upload. If you can, minimize the information that can be linked to who you are, where you live, etc. (which can be extra tough for us blind people since we don't always know everything that can be seen in an image). This also includes registration, e.g. use mail adresses that can't be linked to your name, use fake names, and so on (this is of course best for services like these that does not involve financial information, if you're gonna pay for something and have to give your name/adress anyway, hiding your e-mail won't help you). On the technical side, using a VPN to hide your IP adress will make you more anonymous, however some services will block known VPNs (because they're also used for illegal activities).
There are many guides on the web if you wnat to delve deeper into things like these. Privacyguides.org is one that I personally have checked on multiple occasions.

Under Be My AI there is a button called History where you see all of your uploaded pictures. They are deleted automatically after 30 days, but you can also manually delete each photo.

Yes, the picture will be deleted and also everything that you shared in it as well.

How long before they delete the photo you upload? Is that fast or take several days. If so, what happens to them between the time is not deleted? Just curious.