As a self-hosted site, I assumed that I would be self-hosting images found through the Unsplash integration, but that’s not the case. This behavior apparently due the Unsplash API Terms of Service, which seems to require hotlinking. Here’s the phrasing:
In connection with any Photos that you access via the APIs, you must directly use or embed the related image URLs returned by the API in your Developer Apps (generally referred to as “hotlinking”) in accordance with the API Guidelines.
The API terms are clear that they are collecting photo view data, and that the developer is on the hook for any data privacy implications of that:
You are solely responsible for ensuring that any contractual arrangements required by applicable law are in place, including with API developers, including any relevant data processing and transfer agreement (including where relevant appropriate standard contractual clauses) between you and Unsplash or any other party to which you provide personal data, and that we may freely deny or revoke access to the API if you do not do so. You represent and warrant that you are authorized by the applicable third parties to act on their behalf, and that your collection, storage and onward transfer to Unsplash of the personal data of any such third parties complies with all applicable data privacy laws and regulations.
For self-hosted blogs, the API key in use belongs to the Ghost organization, so it appears they are the legally responsible party, although as site owner you should still be aware you are sharing some visitor data with Unsplash about which photos they use.
You should also be aware that Unsplash may go down, throttle the API or change how it works. For example, they could later serve ads on the photos-- you don’t control what’s displayed, Unsplash does. Unsplash also reserves the right to crawl or monitor developer apps. Here’s the language on that:
Unsplash may at any time change the specifications of or restrict or limit access to the APIs in Unsplash’s sole discretion, without any liability to you. Your right to access and use the APIs is a privilege, which may be revoked by Unsplash at any time, with or without notice. You acknowledge and agree that Unsplash may use any technological means to enforce these API Terms. Notwithstanding anything to the contrary, you hereby grant Unsplash the right to crawl, test, or otherwise monitor your Developer App, and that you will not block, attempt to block, or otherwise interfere with such crawling or monitoring.
If you want to host Unsplash photos yourself instead of having them hotlinked from unsplash.com, there’s a way to that. You have to download the photo from Unsplash.com or possibly through the Ghost integration Then re-upload the photo. The photos themselves are quite liberally licensed for re-use. It’s finding photos through the Unsplash API that gets the API Terms of Service involved. Here’s the full text of the Unsplash API ToS if you want to read it:
