How to Harden AI Companion Privacy: 9-Step Playbook

Open a fresh inbox at a privacy-respecting provider. Proton Mail or Tutanota for full-featured accounts; Apple Hide My Email or SimpleLogin for forwarding aliases tied to an existing primary email. Use it as the only address bound to the companion app. Never reuse your daily email, your work email, or any email tied to a real-name identity.

The breach record in this category makes credential reuse the single highest-cost mistake a new user can make. The MyLovely.ai 2026 exposure leaked email addresses alongside transcripts; if those emails recur in your daily inboxes, the transcripts gain a real-world identity that survives the breach. A burner email also turns the breach-response step (Step 9) into one click instead of a multi-account rotation.

Skip this step only if you already maintain a privacy-segregated email used exclusively for sensitive signups. "I'll just be careful with my Gmail" is not segregation.

Pick one of three options, in order of preference:

A virtual card from Privacy.com (US) or Revolut Disposable (EU and UK) gives you a one-time merchant-locked card number that you can cap to the exact monthly amount and kill in one click. The bank-statement descriptor is set by the issuer, not the merchant; on Privacy.com the descriptor is generic, which avoids the awkward-line-item-on-a-shared-statement scenario.

A prepaid card bought with cash at a convenience store is stronger on anonymity but adds friction at every renewal because the card has a fixed top-up balance. Useful for one-time purchases, less so for monthly subscriptions.

A crypto payment path exists on a minority of platforms (via processors like NowPayments or CoinPayments) and shifts the trust burden to the processor; useful for readers in jurisdictions where mature-platform payment is restricted by the bank.

Before paying, screenshot the bank-statement descriptor disclosed at checkout. Candy.ai discloses "Everai" as its descriptor publicly, which reads discreet on a statement; platforms that refuse to disclose the descriptor or use a generic processor name like "DIGITAL PURCHASE" are a red flag.

Skip this step only if you already have a payment isolation strategy in place. "My partner doesn't check our shared statement" is not isolation.

Connect through an audited no-logs VPN, Mullvad paid in cash, Proton VPN paid through a virtual card, or IVPN, before the very first signup screen so the account is bound to a non-residential IP from the first byte. Use a country that matches your billing region to avoid triggering fraud-check workflows that demand ID re-verification.

Keep the same VPN exit node for the lifetime of the account. Switching exits across sessions can trigger fraud-check flags that force the platform to demand additional ID verification, which defeats the privacy hardening of every prior step. If you need to rotate, rotate the entire account: export, delete, re-signup from the new exit.

The argument against VPNs in this category is mostly weak. Some platforms geo-block VPN exit ranges, but the ones our editorial coverage recommends don't, and the privacy gain outweighs the rare inconvenience.

Skip this step only if you operate from a privacy-segregated network already (residential WireGuard tunnel to a tier-1 host, for example).

Use a privacy-focused browser dedicated to the companion app. Firefox with strict tracking protection, LibreWolf, or Brave all work. Create a separate profile or container reserved for the companion-app domain so cookies, local storage, and IndexedDB do not leak across browsing contexts. Disable third-party cookies globally, install uBlock Origin and Privacy Badger, and turn on canvas-fingerprint protection (Firefox: privacy.resistFingerprinting).

Run the EFF Cover Your Tracks test in the dedicated browser before the first signup. If the test shows a unique fingerprint, the platform can re-identify you across deleted sessions even after a successful account deletion. [Source: EFF Cover Your Tracks, browser fingerprinting test · verified 2026-05-26]

Skip this step if you already use a privacy-hardened browser as your default. Most readers don't, and "I clear my cookies every week" is not hardening.

On the very first signup screen, look for a panel labelled Advanced privacy settings, Data preferences, or Model improvement. Expand it before you click through to the chat surface. Revoke consent for: training data, model improvement, behavioral analytics, third-party advertising identifiers, marketing communications.

Most platforms enable these by default at signup and surface a granular opt-out only at this single screen. Revisiting later is harder and the first-week chats are already ingested into the training corpus.

If the signup flow does not surface a training opt-out at all, treat that as a hard red flag and pick a competitor that does. Honest platforms disclose the opt-out at signup; opaque platforms bury it in the privacy policy or only honor it after a written request.

Skip this step only if the platform explicitly disclaims any training use of chat data in a recent privacy policy version, with a dated audit attestation.

After login, navigate to account settings and set the lowest retention window the platform offers. Some platforms ship a session-only mode that keeps no transcripts across logout; most ship a 30-day, 90-day, or 365-day retention window with the longest as default. Pick the shortest available.

Turn off voice biometric collection if voice is offered. Voice samples are Article 9 special-category data under GDPR and are rarely needed for a text-first companion experience. Disable image-generation memory if a face-lock feature is offered; the persona JSON that drives face consistency survives account deletion in some platforms, which makes it a fingerprint, not a feature.

Never load real-life biographical detail into the persona configuration. The persona JSON is a behavioral fingerprint that compounds across deletion events. Once you tell the app your real birthday, address fragment, or workplace, that data lives in JSON until the platform itself dies.

Skip this step only if the platform exposes no retention or biometric toggles at all. In that case, the right move is to pick a different platform.

EU, UK, and EEA residents file a Subject Access Request under GDPR Article 15. California residents file a Right to Know request under CCPA 1798.110. Either gives you a downloadable archive of every chat transcript, persona JSON, image prompt, image-generation parameter, and behavioral log the operator currently holds about you. [Source: EUR-Lex, Regulation (EU) 2016/679 (GDPR), Articles 15-22 · verified 2026-05-26]

Run the request on day 30 of the account. Compare what the export contains against what the privacy policy claims. Discrepancies (an analytics field not disclosed in the policy, a subprocessor not listed, a retention window longer than advertised) are evidence you can use to file a complaint with the relevant Data Protection Authority, switch platforms, or escalate to the platform's Data Protection Officer.

The controller must respond within one calendar month under GDPR Article 12(3), extendable to three months for complex requests. CCPA grants 45 days, extendable by 45. [Source: California Privacy Protection Agency, CCPA Final Regulations · verified 2026-05-26]

Skip this step only if you are not in a jurisdiction that grants subject-access rights. For everyone else, this is the single highest-value audit move on this list.

Every 90 days, run an in-app deletion of conversation history, regenerate the persona from scratch with no shared attributes against the prior persona, and run a fresh GDPR or CCPA export to verify the deletion took effect. If the export still returns deleted records, escalate to the Data Protection Officer with a screenshot of the deletion timestamp.

For account-level deletion (the nuclear option), expect a 30 to 90 day soft-delete window followed by hard erasure of primary records. Backup tapes can persist 6 to 12 months beyond the window. If you cancel the subscription, the recommended sequence is: full data export first, full account deletion second, written confirmation email third.

Persona configuration JSON is often retained in a separate analytics pipeline even after account deletion. The GDPR Article 17 right to erasure covers it explicitly, but operator practice varies. The only reliable mitigation is to keep the persona attributes generic from day one.

Skip this step only if you treat the platform as fully ephemeral and delete after every session. Most readers don't, and "I'll just forget about it" is the default failure mode this step prevents.

Save the burner-email credential in a password manager, Bitwarden, 1Password, KeePassXC, so rotation across services is one click rather than a chain of password-reset emails. Subscribe to HaveIBeenPwned for the burner email so any breach notification reaches you before the platform's own disclosure timeline finishes. [Source: HaveIBeenPwned, breach notification service · verified 2026-05-26]

If the platform discloses a breach, run the response protocol immediately: rotate the burner password within 24 hours; enable two-factor authentication on every account that shares the burner email; screenshot the disclosure page with timestamp for your records; forward the notice to your virtual-card issuer so the merchant token can be invalidated upstream; monitor your daily-email inbox and SMS for follow-on phishing.

If transcripts are exposed, expect targeted phishing that quotes content from the chats as proof of authenticity. Treat any unsolicited message referencing intimate or personal detail as hostile until verified through an independent channel.

Skip this step only if you already have an incident-response playbook for sensitive accounts. Most readers don't, and the breach record makes this the second-highest-value step after data export.