Privacy Policy

The data controller responsible for your personal data is:

We process your personal data under the following legal bases:

• Consent (Article 6(1)(a) GDPR): For marketing communications, cookies, and optional features
• Contract (Article 6(1)(b) GDPR): To provide our services and fulfill our agreement with you
• Legal Obligations (Article 6(1)(c) GDPR): To comply with applicable laws and regulations
• Legitimate Interests (Article 6(1)(f) GDPR): For service improvement, security, and fraud prevention

3.1 Information You Provide

• Account Data: Email, username, password (encrypted), age verification
• Profile Information: Gender, preferences, avatar (optional)
• Communication Data: Messages with AI companions, support inquiries
• Payment Data: Processed securely through third-party providers (we don't store card details)

3.2 Automatically Collected Data

• Usage Data: Pages visited, features used, interaction patterns
• Device Data: IP address, browser type, operating system, device identifiers
• Location Data: Country/region based on IP (we don't collect precise location)
• Log Data: Access times, referring URLs, error logs

3.3 Special Categories of Data

We do NOT intentionally collect sensitive data (health, race, religion, sexual orientation). However, if you share such information in chats, it's processed solely to provide the service and is not used for other purposes.

4.1 Service Provision

• Create and manage your account
• Provide AI companion interactions
• Process image generation requests
• Manage subscriptions and credits
• Provide customer support

4.2 Service Improvement

• Analyze usage patterns (aggregated data only)
• Improve AI responses and features
• Fix bugs and technical issues
• Develop new features

4.3 Communication

• Service-related notifications
• Account security alerts
• Marketing (only with consent)
• Legal notices and policy updates

4.4 What We DON'T Do

5.1 Types of Cookies We Use

5.2 Third-Party Cookies

• Google Analytics: Usage statistics (anonymized IP)
• Payment Providers: Secure payment processing
• Security Services: Bot detection and fraud prevention

5.3 Managing Cookies

You can control cookies through:

• Browser settings (may affect functionality)
• Our cookie consent banner
• Google Analytics opt-out: tools.google.com/dlpage/gaoptout

6.1 AI Model Providers

We use third-party AI services to power our AI companions:

• OpenRouter: AI language models
• Straico: Alternative AI models
• Deep-Image.ai: Image generation

6.2 Data Shared with AI Providers

6.3 Data Minimization

We implement measures to minimize data exposure:

• No personal identifiers sent to AI providers
• Conversations are contextualized without full history
• Image requests contain no personal data
• API keys and authentication handled server-side

7.1 Service Providers (Data Processors)

• Cloud Infrastructure: Server hosting (EU-based)
• Database Services: MongoDB (encrypted storage)
• Email Services: Transactional emails only
• Payment Processors: Stripe/PayPal (PCI compliant)
• Analytics: Google Analytics (anonymized)

7.2 Legal Disclosures

We may disclose data when required by:

• Court orders or legal processes
• Law enforcement (with valid requests)
• Protection of rights and safety
• Investigation of fraud or security issues

7.3 Business Transfers

In case of merger, acquisition, or sale, your data may be transferred. We'll notify you before any transfer that results in different privacy practices.

7.4 No Sale of Personal Data

We do NOT sell, rent, or trade your personal data to third parties for their marketing purposes.

Your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards:

• EU-US Data Privacy Framework: For US-based services
• Standard Contractual Clauses (SCCs): For other international transfers
• Adequacy Decisions: For countries deemed adequate by the EU
• Technical Measures: Encryption in transit and at rest

By using our service, you consent to these transfers with the understanding that we maintain equivalent protection standards.

9.1 Retention Periods

• Account Data: Duration of account + 30 days
• Chat History: Until deletion by user or account closure
• Transaction Records: 7 years (legal requirement)
• Analytics Data: 26 months
• Security Logs: 90 days
• Marketing Data: Until consent withdrawn

9.2 Deletion Process

When you delete your account or request data deletion:

• Active data deleted within 30 days
• Backup data deleted within 90 days
• Some data retained for legal/security purposes
• Anonymized aggregate data may be retained

10.1 Technical Measures

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based access, multi-factor authentication
• Infrastructure: Secure cloud hosting with DDoS protection
• Monitoring: 24/7 security monitoring and intrusion detection
• Updates: Regular security patches and vulnerability assessments

10.2 Organizational Measures

• Limited employee access on need-to-know basis
• Confidentiality agreements for all staff
• Regular security training
• Incident response procedures
• Data protection impact assessments

10.3 Breach Notification

In case of a data breach that poses risk to your rights, we will:

• Notify authorities within 72 hours (GDPR requirement)
• Notify affected users without undue delay
• Provide information about the breach and mitigation steps

11.1 Rights under GDPR (EU Users)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion ("right to be forgotten")
• Restriction: Limit processing of your data
• Portability: Receive data in machine-readable format
• Object: Oppose processing based on legitimate interests
• Automated Decisions: Not be subject to automated decision-making
• Withdraw Consent: Withdraw consent at any time

11.2 How to Exercise Rights

To exercise any right, contact us at: privacy@aichatdating.com

Include:

• Your account email
• Specific right(s) you wish to exercise
• Proof of identity (we may request)

We'll respond within 30 days (may extend to 60 days for complex requests).

11.3 Complaints

If you're unsatisfied with our response, you may lodge a complaint with your local Data Protection Authority.

Our service is strictly for users 18 years and older.

We do not knowingly collect data from anyone under 18. If we discover we've collected data from a minor, we will:

• Immediately delete the account and all associated data
• Block the email from creating new accounts
• Report to authorities if required by law

Parents who believe their child has provided data should contact: privacy@aichatdating.com

California residents have additional rights:

• Right to Know: Categories and specifics of data collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We don't sell data, but you can opt-out of analytics
• Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise CCPA rights, email: privacy@aichatdating.com with subject "CCPA Request"

Categories of Information Collected

• Identifiers (email, username)
• Internet activity (usage data)
• Commercial information (purchases)
• Inferences (preferences from usage)

We may update this policy to reflect:

• Changes in our practices
• New features or services
• Legal or regulatory requirements
• Security improvements

Material changes will be notified via:

• Email to registered users
• Prominent notice on the website
• In-app notifications

Continued use after changes constitutes acceptance of the updated policy.

Data Protection Inquiries

For privacy-related questions or to exercise your rights:

General Contact

Supervisory Authority

Spanish Data Protection Agency (AEPD)

Website: www.aepd.es