Privacy Policy

Last updated: 2026-06-27 · Operator: [LEGAL ENTITY NAME], [JURISDICTION] · Contact: [[email protected]]

Draft — not legal advice. This document describes how the product is built to handle data, written to match the actual implementation. The bracketed fields and final wording must be completed and reviewed by qualified counsel before launch.

Short version: we collect as little as possible, your chats are encrypted per conversation, deleting really deletes, and we do not track you across other apps.

1. Who we are

character.chat is an AI character-roleplay app operated by [LEGAL ENTITY NAME] ("we", "us"). This policy covers the iOS and Android apps and this website.

2. What we collect

Data	Why
Device identifier	An anonymous, device-bound account so you can start chatting with no sign-up. Used to attribute your credits and to rate-limit abuse.
Email (optional)	Collected only when you make a purchase or link a device — via a one-time magic link. We do not use passwords or social login.
Chat messages	Your conversations, stored encrypted (see §4) so the experience persists across sessions. You can delete them at any time.
Characters you create	The persona/scenario text for characters you author, so you can chat with them and optionally share an unlisted link.
Purchase records	Credit grants and purchase status. Payment itself is handled by Apple/Google — we never see your card.
Minimal diagnostics	Basic technical logs to keep the service running. These exclude your message content.

We do not collect your real name, government ID, or precise location, and Stage 0 has no adult-age verification (the app is SFW).

3. What we do NOT do

No cross-app/cross-site tracking. We do not follow you around other apps or websites for advertising.
No selling your data. We do not sell or rent personal data.
No training on your chats by us. Your conversations are not used to train our own models.

4. How your messages are protected

Each chat is encrypted with its own data-encryption key (AES-256-GCM). The plaintext exists only transiently in memory while a turn is processed; at rest we store ciphertext only.

Deletion is real (crypto-erasure). When you delete a chat or your account, we destroy that chat's key. Without the key the stored ciphertext is permanently unrecoverable — that is mathematically equivalent to deletion. We also purge derived data (summaries, memory, generated-image bytes, redacted safety snippets).

5. Retention

Chats & memory: kept while you want them; deletable, and crypto-erased on deletion.
Generated images: the image binary auto-expires after ~30 days (the prompt is kept so you can regenerate); erased immediately on chat/account deletion.
Purchase & safety-audit records: kept as required for accounting and legal/compliance obligations. These hold only IDs, amounts, hashes, redacted excerpts, and state — never your raw chat content.

6. Third parties we use

To run the app we share the minimum necessary with service providers, each chosen to meet a zero-retention / no-training standard where applicable:

AI inference — generates character replies. Routed through hosts contractually held to zero-retention and no-training; the assembled prompt is sent transiently and not persisted by them.
Content moderation — screens messages for safety (e.g. OpenAI Moderation).
Image generation — produces an image only when you request one.
Payments — Apple App Store / Google Play handle the transaction; RevenueCat validates the receipt. We receive a confirmation, not your payment instrument.
Email delivery — sends your one-time login link (e.g. Resend).

If we later add error-monitoring or analytics tools, they will be configured to exclude message content, and this policy will be updated before they go live.

7. Your rights

You can delete individual chats or your entire account from within the app, which triggers the crypto-erasure described above. To request access, correction, or to raise a concern, contact [[email protected]]. Depending on where you live, you may have rights under laws such as the Korean PIPA or the GDPR; we honor applicable deletion and access requests.

8. Children

character.chat is not directed to children under [AGE]. We do not knowingly collect data from them. If you believe a child has used the app, contact us and we will delete the account.

9. Changes

We may update this policy; material changes will be reflected by the "Last updated" date above and, where appropriate, in-app notice.