AI Companion Privacy & Data Protection Guide
Understand AI companion privacy data: what apps collect, retain, share. GDPR, CCPA, LGPD rights, MyLovely breach, Replika ban. Audit any policy in 5 min.
I read AI companion privacy policies for a living, and I will tell you up front: the policies are written to be unread. The Candy.ai one runs about 8,900 words; Replika's is roughly 7,200; Joi's hovers around 6,000. Reading all three properly took me a long Sunday afternoon last month, a strong coffee, and a notebook. Most readers will never spend those hours. This page is what those hours get you on AI companion privacy data, distilled into something you can actually use before signing up to anything.
What data do AI companion apps collect?
AI companion apps typically collect eight data categories: chat transcripts, generated images, voice recordings, persona configuration, account identifiers, billing tokens, authentication metadata, and behavioral telemetry. The exact scope varies by platform and is disclosed in each privacy policy under the categories required by GDPR Article 13(1)(c) and CCPA §1798.100(b). AI companion privacy data sits across all eight.
The richest category by sensitivity is the transcript corpus. Unlike a search history, a multi-month transcript with an AI companion concentrates intimate disclosures: relationship status, sexual preferences, mental health, family conflict, and (when voice is enabled) diagnostic-grade biometric voice samples. The Mozilla Foundation's Privacy Not Included researchers flagged all 11 audited romantic AI chatbots with its Privacy Not Included warning label in their February 2024 review [Source: Mozilla Foundation, Privacy Not Included: Romantic AI Chatbots · verified 2026-05-26]. That is not a typo. Eleven of eleven.
Persona configuration looks innocuous (a name, a hair color, an outfit), but combined with transcripts it produces a behavioral fingerprint that survives account deletion if persona JSON is retained for analytics. The things you put into a Friday-night roleplay are not the things you put in a work email; the storage layer does not care about the difference.
Last reviewed: 2026.
How long do AI companion apps retain conversation transcripts?
Retention ranges from session-only to indefinite, with most platforms keeping transcripts for the active account lifetime plus a 30 to 365 day soft-delete window before hard erasure. Backups can persist 6 to 12 months beyond the soft-delete window. De-identified embeddings used for model improvement may be retained indefinitely unless an opt-out is exercised.
A retention clause is mandatory under GDPR Article 13(2)(a), but the standard "for as long as necessary" phrasing is non-specific. The European Data Protection Board's Guidelines 05/2020 on consent require the retention period to be "determined or determinable" [Source: European Data Protection Board, Guidelines 05/2020 on consent · verified 2026-05-26]. Most AI companion privacy policies fail that bar in spirit. Treat any policy that does not name a number of months or years as a red flag.
Honestly, the gap between the policies that name numbers and the ones that hedge is the single biggest signal in this category. Candy.ai publishes an actual table (3 years account, 10 years financial, 30 days log files). Joi gives mostly numbers. Replika says "for the life of the account" outright. The bottom half of the space gives you "we retain data as needed for legitimate business purposes," which translates to "indefinitely, unless we change our minds."
Are AI companion chats encrypted?
Almost all AI companion apps encrypt traffic in transit using TLS 1.2 or 1.3, and most encrypt data at rest using AES-256 envelope encryption. End-to-end encryption (where only the user holds the keys) is essentially absent because the LLM inference path must read plaintext to generate replies. Server staff, support agents, and any compromised vendor can in principle read transcripts.
The Electronic Frontier Foundation has been documenting the difference between "encrypted" and "end-to-end encrypted" for years [Source: Electronic Frontier Foundation, Surveillance Self-Defense: End-to-End Encryption · verified 2026-05-26]. On AI companion apps the gap is structural rather than negligent. The model on the server has to read your text in plaintext to generate a reply, which means the data is decrypted at least once on the server side before it ever reaches you. That is not a bug; it is how cloud-hosted language models work. Any vendor marketing "E2EE chat with our AI" is using the term loosely. Same as a restaurant claiming "no-touch food prep" while a chef still plates your meal.
Do AI companion apps share data with third parties?
Yes. Standard subprocessor categories include cloud hosting (AWS, Google Cloud, Azure), payment processors (Stripe, Epoch, CCBill, Segpay), analytics (Mixpanel, Amplitude, PostHog), error monitoring (Sentry, Datadog), advertising identifiers (Google, Meta, TikTok pixels), and LLM API providers (OpenAI, Anthropic, Mistral). Some platforms also share with marketing affiliates. The complete list is required under GDPR Article 13(1)(e).
Pew Research Center's report How Americans View Data Privacy found that 73 percent of Americans say they have little or no control over the data companies collect, and 67 percent say they understand little or nothing about what companies do with it [Source: Pew Research Center, How Americans View Data Privacy · verified 2026-05-26]. The numbers are higher when the data category is intimate. An independent audit of an AI companion's subprocessor list is the single most useful pre-signup move you can make in five minutes flat. Look for the "subprocessors" page or the in-policy table; if there is no list at all, that is itself the answer.
Can I delete my AI companion conversation history?
Most reputable AI companion apps offer in-app deletion of individual messages, full transcripts, and the entire account. Account deletion typically initiates a 30 to 90 day soft-delete window during which the data is recoverable, followed by hard erasure. Backup tapes can persist for 6 to 12 months. Under GDPR Article 17 and CCPA §1798.105, deletion is a statutory right with formal response timelines.
Practical caveats: deletion requests through the in-app button do not always trigger erasure of model-improvement embeddings or de-identified analytics rows. Article 17(1)(a) to (f) lists six grounds for erasure; if you exercise the right, cite the relevant ground (typically "no longer necessary" or "consent withdrawn") to avoid pushback. The sequence I run on every app I drop is the same one I documented in our companion piece on how AI girlfriends store data: export first, delete second, email the published DPO requesting full-purge confirmation, save the reply in a dedicated folder. You may need it later.
Last reviewed: 2026.
What is the MyLovely.ai breach?
In April 2026 Have I Been Pwned confirmed a MyLovely.ai breach exposing 106,362 accounts, including chat logs, emails, and roughly 70,000 prompt strings linked to user IDs. The incident matches a recurring pattern of misconfigured cloud storage across the AI companion space, the same root cause as multiple 2023 to 2025 breaches in this category. Full timeline lives on our Data Breach Watchlist.
I treat MyLovely.ai not as an outlier but as a base-rate event. Cloud misconfiguration is the dominant breach mode in this category, which is exactly why practical hardening guidance leans on what you can control client-side (strong unique passwords, two-factor on the recovery email, dedicated email alias per account, no payment-card reuse) rather than what you must trust the vendor to protect [Source: Have I Been Pwned, MyLovely.ai Sensitive Breach entry (April 2026, 106,362 accounts) · verified 2026-05-31]. Affected users should rotate passwords on any service reusing the breached credential, enable two-factor on their email, and stay alert to phishing that quotes transcript content as proof of authenticity.
What was the Replika 2023 Italian ban about?
On February 3, 2023 the Italian Garante ordered Replika's developer Luka Inc. to immediately stop processing the personal data of Italian users. The Garante cited absence of a lawful basis under GDPR Article 6, lack of age verification (with risk to minors), and concrete harm to emotionally fragile users observed in user testimony. In April 2025 the Garante fined Luka Inc. 5 million euros after a follow-up investigation.
The Garante's decision is the most cited regulatory action against an AI companion app to date and is required reading for anyone evaluating this space [Source: Italian Data Protection Authority (Garante), Provvedimento Replika and 2025 fine · verified 2026-05-26]. A subsequent April 2023 update lifted the temporary processing ban after Replika introduced age verification and parental consent flows, but the underlying legal questions about lawful basis and Article 9 special category processing took two more years and a fine to clarify. The 2025 escalation tells you that EU enforcement on this category is real, not symbolic.
How do I read an AI companion privacy policy?
Open the privacy policy and use Ctrl+F (or Cmd+F) to search five keywords in order: 'retention', 'third-party' or 'subprocessor', 'marketing', 'training', and 'encryption'. For each, read the surrounding paragraph and note whether the language is specific (months, vendor names, algorithm names) or vague ("as long as necessary," "trusted partners," "industry standard"). Vague language at any of the five points is a red flag.
The five-term scan covers maybe 80 percent of the decision-relevant signal in a typical AI companion privacy policy. A second-pass audit looks for: (1) explicit data sale or sharing language under CCPA §1798.140(ad); (2) cross-border transfer mechanisms (Standard Contractual Clauses, adequacy decision, or Binding Corporate Rules under GDPR Chapter V); (3) the Data Protection Officer or privacy contact email under Article 13(1)(b); (4) the lawful basis under Article 6 (consent, contract, legitimate interest); and (5) a separate Article 9 lawful basis if the service is sexual or roleplay-focused. Most reviewers in this space do not run any of these checks. They quote the marketing page and call it a review. The five-term scan is the floor; the deep audit is the ceiling.
Last reviewed: 2026.
What are my GDPR rights with AI companion apps?
If you reside in the EU, UK, or EEA, GDPR Articles 15 to 22 grant you Right of Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Portability (Art. 20), and Objection (Art. 21). The controller must respond within one calendar month under Article 12(3), extendable to three months for complex requests with notice. File via the app's privacy contact or your national Data Protection Authority.
Article 15 (Access) is the most useful first move. A Subject Access Request returns a copy of all personal data the controller holds about you, including transcripts, persona JSON, and behavioral logs [Source: General Data Protection Regulation (Regulation EU 2016/679), Articles 5, 6, 9, 12-22 · verified 2026-05-26]. The output of an Article 15 request is itself a privacy audit of the platform: you see what they actually have on you, not what their marketing claims. UK residents exercise the same rights under the UK GDPR and the Data Protection Act 2018.
What are my CCPA rights?
California residents have five core rights under the CCPA as amended by CPRA (effective January 1, 2023): Right to Know what personal information is collected, used, shared, or sold (§1798.110); Right to Delete (§1798.105); Right to Correct (§1798.106); Right to Opt-Out of Sale or Sharing (§1798.120); and Right to Limit Use and Disclosure of Sensitive Personal Information (§1798.121). Businesses must respond within 45 days, extendable by another 45 days with notice.
Sensitive Personal Information under CPRA §1798.140(ae) explicitly includes "the contents of a consumer's mail, email, and text messages, unless the business is the intended recipient of the communication" [Source: California Consumer Privacy Act of 2018, Cal. Civ. Code §1798.100 et seq. · verified 2026-05-26]. AI companion transcripts are arguably text messages where the AI is a party; the law's application is contested, and California has not yet litigated it cleanly. The state's regulator is the controlling interpreter as of this writing.
Do AI companion apps sell my data?
Under CCPA §1798.140(ad), 'sell' means any disclosure for monetary or other valuable consideration. Several AI companion apps qualify under that definition because they share device identifiers and behavioral data with advertising networks in exchange for ad-targeting capability. The "Do Not Sell or Share My Personal Information" link is mandatory on any homepage of a business meeting the CCPA threshold.
Whether transcripts themselves are "sold" is rare in this category; the more common pattern is sharing behavioral telemetry (session length, page views, conversion events) keyed to advertising IDs. The distinction matters legally but not always practically: a determined re-identification adversary can correlate device IDs back to account holders. I will be blunt. Most reviewers in this space cite "we do not sell" as if it settled the matter. It does not. "We do not sell" often coexists with extensive "sharing" under the narrower legal definition. Read the footer link. If it offers two opt-outs (sale + sharing), two were needed. If it offers one, you are getting half an answer.
What happens to data if the AI companion app shuts down?
Privacy policies rarely specify post-shutdown data handling. Best case: the operator deletes all personal data within the windows promised in the policy, notifies users, and publishes a deletion attestation. Worst case: the database becomes part of bankruptcy assets and is sold to an acquirer who may not be bound by the original policy. GDPR principles (Articles 5(1)(b) and 5(1)(e)) and CCPA do not always bind a trustee in liquidation.
The 2015 Ashley Madison breach and subsequent exposure of records remains the cautionary tale for sensitive-data services in financial distress. The 2023 Genesis bankruptcy showed the same dynamic on a smaller scale. A profitable company you trusted last year can be a creditor's asset two years from now, and the chat archive you built across 18 months of intimate conversation can change hands without you ever being notified. Treat AI companion data the way you would treat dating-app data: assume eventual exposure, limit what you put in, and know where the export button lives before you need it.
Are sensitive Article 9 GDPR categories inferable from chats?
Yes. AI companion transcripts can reveal sexual orientation, religious belief, political opinion, mental and physical health, and (when voice is collected) biometric data. All of these are special categories under GDPR Article 9(1) and require explicit consent under Article 9(2)(a) or another listed lawful basis. In practice, AI companion privacy policies rarely structure consent for Article 9 properly, exposing operators to enforcement risk.
The Article 29 Working Party's Guidelines on Consent (WP259) require Article 9 consent to be "explicit," meaning the user must give a clear affirmative statement separate from the general terms acceptance [Source: Article 29 Data Protection Working Party, Guidelines on Consent WP259 rev.01 · verified 2026-05-26]. A single tickbox covering both general data and special categories does not meet the standard. This is one of the cleanest enforcement vectors regulators have when they want to open an investigation, and it is one of the most overlooked compliance gaps in the AI companion space.
How is AI companion data secured at rest?
Standard practice is AES-256 encryption with envelope encryption (per-record data keys wrapped by per-tenant master keys held in a Hardware Security Module or KMS). Most policies state "industry-standard encryption" without disclosing specifics. Without published audit reports such as SOC 2 Type II, ISO 27001, or PCI-DSS attestations, encryption claims remain unverifiable marketing.
Treat the absence of a public audit page as informational, not damning; many small operators cannot afford the audit cycle. Treat the claim of an audit without a downloadable letter as a red flag. The downloadable SOC 2 report (even just the Type II executive summary) is the proof the audit happened; the badge on the homepage is not. I have asked five operators in this space for their report. Two sent it within 48 hours. Three never replied. Make of that what you will.
What does end-to-end encryption mean here?
End-to-end encryption (E2EE) means only the sender and intended recipient hold the decryption keys; the server transmitting the message cannot read its plaintext. In AI chat, the LLM inference engine is an intended recipient and must read plaintext to generate a reply. As a result, AI companion platforms cannot offer true E2EE on the conversational path. Any "end-to-end encrypted AI chat" marketing claim should be examined skeptically.
A nuanced exception: an app could E2EE-encrypt chat between user devices while running the LLM locally on the user's device. As of this writing, no mainstream AI companion service runs the LLM client-side at production quality. Local-LLM apps exist but are not in the same product category. The trade-off is real and you should understand which side of it you are on before signing up to anything that promises both privacy and product polish. Usually it is one or the other.
How do I file a privacy complaint?
First contact the app's Data Protection Officer or privacy email; the contact is mandatory under GDPR Article 13(1)(b) and is typically published in the privacy policy. Allow 30 days for a response. If the response is unsatisfactory or absent, escalate to the supervisory authority: EU residents to their national Data Protection Authority; California residents to the California Privacy Protection Agency or California Attorney General; UK residents to the Information Commissioner's Office (ICO); Canadian residents to the Office of the Privacy Commissioner (OPC).
For EU users, the European Data Protection Board lists every national DPA, and the most active on AI companion enforcement are the Italian Garante (Replika ban + 2025 fine) and the French CNIL. For US users without a state law, the FTC complaint assistant accepts complaints under Section 5 of the FTC Act for unfair or deceptive practices, including privacy misrepresentations. Subject line for the initial DPO email: "Article 17 deletion request" (EU) or "CCPA §1798.105 deletion request" (CA). Body: account email, account creation date, clear ask for full-purge confirmation across primary store + backups + training datasets. Save the timestamp. If the operator misses the statutory window, you have standing. Last reviewed: 2026.
Sources and further reading
[Source: *Romantic AI Chatbots: Privacy Not Included audit* · verified 2024-02-14] [Source: *How Americans View Data Privacy* · verified 2023-06-27] [Source: *Surveillance Self-Defense: End-to-End Encryption* · verified 2024-09-18] [Source: *Provvedimento Replika and 2025 fine* · verified 2025-04-10] [Source: *Guidelines 05/2020 on consent under Regulation 2016/679* · verified 2020-05-04] [Source: *General Data Protection Regulation (Regulation EU 2016/679), Articles 5, 6, 9, 12, 13, 15-22, 25, 32, 33-34* · verified 2016-04-27] [Source: *California Consumer Privacy Act of 2018, Cal. Civ. Code §1798.100 et seq.* · verified 2018-06-28] [Source: *MyLovely.ai Sensitive Breach — 106,362 accounts* · verified 2026-04-08]Cite this page (APA)
Joly, A. (2026). AI companion privacy and data protection: an independent guide. bestgirlfriend.ai. https://bestgirlfriend.ai/safety/ai-companion-privacy-data
Frequently asked questions
What data do AI companion apps collect?
Eight categories: chat transcripts, voice recordings, generated images, persona configuration, account identifiers, billing tokens, IP and device fingerprints, and behavioral telemetry. The exact list is governed by each app's privacy policy and is not standardized across the AI companion space.
How long do AI companion apps retain conversation transcripts?
Retention varies from session-only (rare) to indefinite (common). Most apps keep transcripts for the active account lifetime plus 30 to 365 days post-deletion for backups, fraud, and legal hold. Some retain de-identified embeddings indefinitely for model training unless you opt out.
Are AI companion chats encrypted?
Most apps use TLS in transit and AES-256 at rest, but very few offer end-to-end encryption. Server staff and any compromised vendor can read plaintext transcripts. No mainstream AI companion platform documents end-to-end encryption for chat content, because the model itself must read your text to reply.
Do AI companion apps share data with third parties?
Yes. Common subprocessors include cloud hosting (AWS, Google Cloud), payment (Stripe, Epoch, CCBill), analytics (Mixpanel, Amplitude), advertising IDs, and LLM API providers (OpenAI, Anthropic, Mistral). Some apps also share with marketing partners. The full list lives in the privacy policy under GDPR Article 13(1)(e).
Can I delete my AI companion conversation history?
Most apps allow account deletion, which triggers a 30 to 90 day soft-delete window before hard erasure. Backups can persist 6 to 12 months. GDPR Article 17 (Right to Erasure) and CCPA Right to Delete apply where you reside in the EU, UK, or California; submit via the privacy portal or DPO email.
What is the MyLovely.ai breach?
In April 2026 Have I Been Pwned confirmed a MyLovely.ai breach exposing 106,362 accounts, including chat logs, emails, and roughly 70,000 prompt strings linked to user IDs. The incident matches a recurring pattern of misconfigured cloud storage across the AI companion space, not an anomaly.
What was the Replika 2023 Italian ban about?
On February 3, 2023 the Italian Garante ordered Replika to stop processing Italian users' data, citing absence of a lawful basis under GDPR, lack of age verification, and risk to minors. In April 2025 the Garante fined Luka Inc. 5 million euros after a follow-up investigation.
How do I read an AI companion privacy policy?
Open the privacy policy and search five terms: retention, third-party or subprocessor, marketing, training, encryption. Read the surrounding paragraph for each hit. Vague language at any of the five points is a red flag worth a second pass.
What are my GDPR rights with AI companion apps?
If you reside in the EU, UK, or EEA, GDPR Articles 15 to 22 grant you Access, Rectification, Erasure, Restriction, Portability, and Objection. The controller must respond within one calendar month (extendable to three for complex cases) under Article 12(3). File via the app's privacy contact or your national DPA.
What are my CCPA rights?
California residents have Right to Know, Right to Delete, Right to Correct, Right to Opt-Out of Sale or Sharing, and Right to Limit Use of Sensitive Personal Information under the CCPA as amended by CPRA. Businesses must respond within 45 days, extendable by 45 more with notice.
Do AI companion apps sell my data?
'Sell' has a narrow legal meaning under CCPA (any disclosure for monetary or other valuable consideration). Several AI companion apps qualify because they share device IDs and behavioral data with ad networks. The 'Do Not Sell or Share' link is mandatory in California.
What happens to data if the AI companion app shuts down?
Privacy policies rarely specify post-shutdown handling. Best case: the trustee deletes all personal data within the windows promised. Worst case: the database is sold as part of bankruptcy assets. GDPR and CCPA do not always bind a trustee in liquidation; export before any shutdown rumor solidifies.
Are sensitive GDPR Article 9 categories inferable from chats?
Yes. Roleplay transcripts can reveal sexual orientation, religious belief, political opinion, mental health, and biometric voice data, all of which are special categories under GDPR Article 9. Processing requires explicit consent under Article 9(2)(a) and is rarely structured properly in this space.
How is AI companion data secured at rest?
Standard practice is AES-256 with envelope encryption and per-tenant keys, but most policies stop at 'industry-standard encryption' without detail. Without published audits (SOC 2 Type II, ISO 27001), the claim is unverifiable.
What does end-to-end encryption mean here?
End-to-end encryption means only the sender and recipient hold the decryption keys; the server cannot read the content. Almost no AI companion platform offers true E2EE because the LLM inference must read plaintext to generate replies. Treat E2EE marketing claims on cloud-hosted apps with scrutiny.
How do I file a privacy complaint?
Contact the app's DPO or privacy email first (mandatory under GDPR Article 13). Allow 30 days. If unresolved, escalate: EU users to their national DPA; California to the CPPA; UK to the ICO; Canada to the OPC.
Related reading on bestgirlfriend.ai
Up to the parent: Are AI companions safe?
Across (sibling Topic-Pillars in the safety section):
- AI companion mental health risks
- AI companions and minors: age verification
- AI companion legal landscape
Down (deep-dives that follow from this Pillar):