AI Companion App Privacy Checklist: What to Check Before Sharing Chats, Photos, or Voice
A source-backed privacy checklist for AI companion apps, AI girlfriend apps, and AI character chat products, using public policies from Replika, Character.AI, Nomi, Candy AI, and current companion-AI research.
Материалы ниже сохранены на языке исходников; мы не переводим их машинно без проверки.
Before sharing personal material with an AI companion app, check whether chats, images, voice, memory, payment data, device data, and support messages are collected; whether content can be reviewed by humans or third-party model providers; whether data is used for training, QA, safety, or advertising; and whether account deletion removes conversation data within a clear time window.
Are AI companion app chats private?
AI companion app chats are not private in the same way as an offline journal or an end-to-end encrypted message thread. Public policies from major companion and character-chat products show that chat content may be processed to operate the service, generate replies, provide memory, troubleshoot, moderate abuse, improve models, or comply with legal requests. Some policies say advertising partners do not receive chat content, but that does not mean the platform itself never stores, processes, reviews, or routes conversation data through vendors. Treat every AI companion chat as server-processed unless the product clearly proves otherwise.
What data should I check before using an AI girlfriend or AI companion app?
Check six data categories before using an AI girlfriend or companion app: account identity, profile details, chat messages, generated images or voice, payment records, and device or usage data. Then check what the company says about model training, safety review, human moderation, third-party model providers, advertising cookies, data deletion, and law-enforcement requests. The riskiest mistake is assuming fictional roleplay is harmless data. A fictional scene can still contain real names, faces, locations, emotional history, payment identifiers, or sensitive preferences.
Should I share photos, voice, or sensitive details with an AI companion?
Do not share photos, voice, legal names, home addresses, workplace details, financial data, health details, explicit images, or identity documents with an AI companion unless you have read the privacy policy and would be comfortable with that material being stored, processed, moderated, or disclosed under the policy's exceptions. Voice, images, and intimate prompts are higher-risk than ordinary text because they can identify you, reveal sensitive traits, or become difficult to separate from your account and billing history later.
What is the safest way to try an AI character chat app?
The safest way to try an AI character chat app is to start with a separate email, a nickname, fictional personas, and low-stakes scenes. Do not upload real faces or identity documents unless the service absolutely requires it and explains retention. Test deletion controls early, read whether chats can be used for training or QA, and review cancellation and payment descriptors before upgrading. A good product should make privacy, support, terms, and paid limits easy to find before the user becomes emotionally or financially invested.
Ключевые выводы
- AI companion privacy is a product-fit issue, not only a legal footer.
- Policies from Replika, Character.AI, Nomi, and Candy AI all show that users should expect account, chat, device, payment, or support data to matter.
- Images, voice, and adult or romantic prompts deserve stricter review because they can be more identifying than ordinary text.
- Human review, third-party model providers, QA, safety moderation, and payment processors are the practical details to check before trusting a companion app.
- OnlyKin should keep competing on story-first character chat, visible policies, source-backed safety guides, and clear user expectations.
Start with the uncomfortable truth
AI companion chats feel private because the interaction feels one-to-one. The product, however, is still software operated by a company. A model has to read or receive enough of the conversation to generate a reply, memory systems need data to create continuity, moderation systems may need to inspect abuse or safety issues, and payment systems connect the account to real billing infrastructure.
That does not mean every companion app is unsafe. It means the right privacy question is not 'does this feel private?' The right question is 'what does the policy allow the company, vendors, moderators, model providers, advertisers, payment processors, and authorities to do with my data?'
This is especially important for AI girlfriend and adult-first companion searches. Those products often invite intimacy, photos, voice, fantasy, preferences, and recurring payment. The user may be roleplaying, but the data can still be real.
Read the policy for data categories, not reassurance
Privacy pages often begin with reassuring language. Skip quickly to the categories. Replika's policy discusses account information, profile information, messages and content, interests and preferences, payments, device and network data, and usage data. Character.AI lists identifiers, demographics, interests, inferences, financial and commercial information, submitted content such as chats and media, voice data, and support communications.
Nomi's policy is more minimalist in tone, saying the system is designed to know as little personal information as possible and that it does not sell or rent personal information. It still says users provide an account email, name or pseudonym, date of birth, chat and customization content, activity information, and payment information if they upgrade.
Candy AI's privacy notice is especially useful as a checklist because it explicitly describes AI companion messages, prompts, outputs, images, videos, voice notes, payment processors, moderation review, QA, logs, marketing, and third-party AI service providers. A policy that names more categories can feel more alarming, but it may also reveal the real operational surface users should compare.
Separate chat privacy from advertising privacy
Some policies say advertising partners do not receive chat content. That is good, but it is not the whole privacy question. Advertising privacy asks whether ad partners or tracking technologies see website behavior, device identifiers, pages viewed, or marketing events. Chat privacy asks whether the platform, model providers, moderators, QA workflows, or support teams can process conversation content.
Replika's policy says advertising partners may collect limited device and interaction information through marketing cookies after consent, but will not have access to conversations or photos submitted through the apps. That distinction matters. It narrows one risk, but users still need to inspect how messages and content are used for operation, safety, improvement, legal compliance, and deletion.
A good comparison page should not collapse these into one vague 'private' label. For companion apps, a better matrix has separate rows for advertising, model processing, human review, payments, logs, deletion, and sensitive-data warnings.
Training, QA, and moderation are separate questions
Users often ask one broad question: 'Do they train on my chats?' The useful version is more precise. Is content used to train the main model? Is it used to train safety or moderation systems? Is it de-identified first? Can humans review sampled or flagged chats? Can third-party LLM providers receive message content to generate responses? Can logs retain user IDs, timestamps, or IP addresses?
Character.AI's policy says it uses information to analyze, maintain, improve, modify, customize, and measure services, including to train AI and machine learning models. Candy AI's notice describes training and developing AI models and moderation technologies, human review of de-identified or anonymized interactions for datasets, random querying of content for QA, and human review of flagged or reported content.
These details should shape user behavior. If you do not want a human, vendor, safety workflow, or training process to encounter a detail, do not put that detail in the chat. This is boring advice, which is why it works.
Photos, voice, and identity are higher-risk than text
Text roleplay can still be sensitive, but images and voice raise the stakes. A photo may identify your face, home, workplace, or device metadata. Voice can identify you more directly than a fictional persona. A payment record can tie an account to a real card, bank, crypto wallet, billing descriptor, or email address.
Candy AI's notice lists images, videos, voice notes, prompts, outputs, payment processors, support data, log files, and moderation workflows. Character.AI separately names posted images or videos and voice data. That does not mean every media feature should be avoided, but it does mean media-heavy companion products deserve more scrutiny before upload.
The practical rule is simple: keep real identity out of the fantasy. Use fictional personas, avoid real faces, do not share identity documents unless required for age verification and retention is clear, and never include financial, health, workplace, or home-address details in roleplay.
Deletion needs a time window and exceptions
A delete button is not enough. Users should check what deletion covers and what it does not cover. Does it delete chats, character customizations, generated images, memories, personas, support tickets, analytics events, payment records, backups, de-identified datasets, training archives, and legal-retention records? Is there a stated timeline?
Nomi's current privacy policy says account deletion deletes personal information within about 28 days of confirmation, while also naming exceptions for training or communications archives and legal or regulatory retention. Replika says users who shared sensitive information can request deletion as described in its policy or by contacting its privacy email. Candy AI says it retains personal data while the account exists or as necessary for stated purposes, except where law requires otherwise.
The right comparison is not whether a product uses the word deletion. The right comparison is how specific it is, whether the path is visible, and whether the exceptions are understandable before the user shares anything important.
Adult-first companion apps need a stricter checklist
Adult-first companion apps can be legitimate products, but the privacy checklist should be stricter. Users should look for age gating, content-removal policy, moderation rules, refund and cancellation language, payment descriptor details, third-party payment processors, explicit data categories, and whether generated images or videos use tokens or recurring subscriptions.
This is why OnlyKin should not copy adult-first acquisition language just because the keywords have demand. A story-first character app can answer AI girlfriend and companion privacy questions honestly while preserving a broader brand. That is better for trust, app-store fit, creator quality, and long-term SEO than turning every public page into explicit-intent copy.
The growth lesson is not 'avoid the topic.' The lesson is to rank by being more useful. A user searching whether an AI girlfriend app is private needs a checklist, source links, and a clear explanation of trade-offs. That builds more durable trust than a generic promise.
A safer first-session test
Before trusting any companion or character chat app, run a low-risk first-session test. Create an account with a separate email if possible. Use a nickname. Start with a fictional character and a fictional persona. Ask a few normal questions. Test whether you can find privacy, terms, support, and deletion settings. Check whether the paid flow explains credits, subscriptions, billing descriptors, renewal, and cancellation before you pay.
Then ask whether the product still feels good without real-life disclosure. A strong story app should not require your legal name, workplace, home address, intimate photos, health details, or financial information to create a meaningful scene. If the experience depends on oversharing, that is a product design signal.
OnlyKin's safer product direction is to make fictional creation satisfying: structured cards, private drafts, personas, saved sessions, public discovery, source-backed guides, and clear policies. The less a user has to reveal to enjoy a story, the better the privacy posture feels in practice.
FAQ
Can AI companion companies read my chats?
Policies differ, but users should assume the platform can process chat content to provide the service, troubleshoot, moderate abuse, improve systems, or respond to legal requests unless the product explicitly proves a stronger privacy model.
Are AI girlfriend apps safe for private photos?
Private photos are high-risk data. Do not upload real faces, intimate images, or identifying media unless you have read the policy and understand storage, moderation, deletion, vendor, and law-enforcement terms.
Does deleting my account delete AI companion chats?
Sometimes, but the timing and exceptions vary. Check whether deletion covers chats, generated images, support tickets, payment records, backups, training archives, de-identified data, and legal-retention exceptions.
Is story roleplay safer than AI girlfriend chat?
Story roleplay can be safer if you keep it fictional and avoid real identifying details. It is not automatically safe, because fictional chats can still contain real emotions, preferences, names, photos, voice, or payment-linked account data.