Privacy & Data
Plain language. Last updated 2026-05-15.
We try to collect as little as possible. This page describes exactly what happens to your data when you use the site.
Account
We do not ask for your real name, email address, phone number, or date of birth. You sign up with:
- A username of your choice
- A password
Passwords are hashed with bcrypt before they are stored. We never see your plaintext password.
During signup you'll see an optional checkbox to let your chats be used (in pseudonymised form) to improve future AI models — in exchange we add a small credit bonus to your account. The service works fully without ticking it; details are in the AI model training section below.
Age verification (gated regions)
Several jurisdictions require online services that show adult content to verify a visitor is 18 or older. If your IP address suggests you are in one of the regions below, you must complete an age check before you can use the site. The check runs entirely in your web browser.
Countries: United Kingdom, Germany, France, Italy, Spain.
US states: Alabama, Arkansas, Florida, Georgia, Idaho, Indiana, Kansas, Kentucky, Louisiana, Mississippi, Montana, Nebraska, North Carolina, Oklahoma, South Carolina, Tennessee, Texas, Utah, Virginia, Wyoming.
This list is configured at the server and may change as new laws come into effect. Visitors outside these regions are not gated.
- Three short photos of your face (front, left, right) are captured from your webcam.
- The photos are processed in your browser only, using an open-source machine-learning model.
- The photos are never uploaded to our servers, and we have no copy of them. They are discarded as soon as the page is closed.
- Only a small summary is sent to our server: the verdict (e.g. "Likely Adult"), the model's confidence, and the predicted age bucket. No image data, no biometric template.
- The verdict is wrapped in a short-lived signed token (about 30 minutes) that authorises your signup from the same session.
- After signup, your account simply records that you completed verification. We do not retain the photos, the token, or any biometric data.
Audit log (regulatory record-keeping)
Regulators in the regions listed above (e.g. Ofcom in the UK under the Online Safety Act, similar bodies in EU member states and US state attorneys general) require operators of age-restricted services to keep records of age-assurance attempts. For every attempt — successful or not — we store one row in an audit log containing:
- A timestamp.
- An irreversible one-way hash of your IP address (not the IP itself).
- The country code derived from your IP.
- The verdict ("Likely Adult", "Uncertain", or "Likely Under 18") and the confidence scores returned by the model.
- The predicted age bucket (e.g. "20-29").
- Whether a verification token was issued or the attempt was rejected.
The audit log does not contain any photos, biometric templates, raw IP addresses, names, emails, or any other identifying information. It exists to demonstrate to regulators that age checks are happening and producing reasonable results.
Retention is enforced automatically. Each row is deleted after 365 days. We don't keep any record of attempts older than that.
Linking to your account. When you complete signup, the audit row from your verification attempt is updated with your account ID, so we can demonstrate per-account verification if a regulator asks. The row's content (timestamp, hashed IP, scores) does not change. If you later delete your account, your account ID is removed from the audit row but the row itself is retained until the 365-day window closes — this is required by recordkeeping rules in the gated regions and we cannot waive it.
What is stored on our server
| Item | Stored? | Where |
|---|---|---|
| Username, hashed password | Yes | Server database |
| Date you verified your age | Yes | Server database (only for users in gated regions: UK, DE, FR, IT, ES, plus 20 US states) |
| Age-verification audit log (timestamp, hashed IP, country, verdict, scores) | Yes | Server database — no photos, no raw IP, no name. Required by regulators. Auto-deleted after 365 days. |
| Credit balance & ledger | Yes | Server database |
| Chat messages between you and characters | Yes | Server database |
| Voice messages you record (mic button) | Yes | Cloud object storage. The audio file plus the transcribed text are kept so the conversation can replay. |
| Generated audio of character replies (when you tap play) | Yes | Cloud object storage. Cached so replays don't re-incur cost. |
| Profile photos you generate of yourself | Yes | Cloud object storage. URLs are linked to your account. |
| Photos used for age verification | No | Discarded by your browser, never sent to us |
| Email address | No | We never collect one |
| Real name, date of birth | No | We never collect these |
| Browse / swipe history (likes & passes) | Local only | Your browser's localStorage |
| Image cache for fast display | Local only | Your browser's IndexedDB |
What is sent to third parties
To generate AI characters, images, replies, and voice, we send relevant parts of your messages, any images you generate, and any voice clips you record to upstream model providers. Today this includes:
- xAI (Grok) — for chat replies, image generation, and short videos. Your message text and any reference images are sent to their API.
- Anthropic (Claude) — used optionally for chat replies if you select Claude as your provider in settings.
- Google (Gemini / Imagen) — used optionally for image generation if you select Imagen.
- ElevenLabs — text-to-speech and speech-to-text. When you tap play on a reply, the message text is sent to ElevenLabs and an audio clip is returned. When you record a voice message, the audio clip is sent to ElevenLabs to be transcribed into text. ElevenLabs receives the relevant text or audio for the request only.
- Hugging Face — the age-detection model is downloaded from Hugging Face's CDN by your browser. They see only a model download request, not your photos.
- Telegram — if you choose to chat via Telegram, your messages travel through Telegram's servers.
We do not share your username or password with any of these providers.
AI model training
Opt-in only. When you register there's a checkbox: "Help improve future AI models — let my chats be used in pseudonymised form for training. +50 credits as thanks." If you tick it, we may use your chat messages to evaluate or fine-tune AI models — either ours, or those of the upstream model providers we work with — and we add 50 credits to your balance as a one-time thank you. If you leave it unticked, your chats are never used for training and the service still works exactly the same.
Pseudonymised, not anonymised. Before any chats are used for this purpose, account-level identifiers are stripped:
- your user ID and username
- your hashed IP address
- any wallet or Telegram link associated with your account
We don't currently scrub personal information that might appear inside the message text (names you mention, places, dates, etc.) — that's a hard problem with free-text. So the data is pseudonymised, not truly anonymised: re-identification is unlikely but not impossible.
Voice clips and generated images are not used for model training.
You can change your mind. Contact support to withdraw consent. We will stop including your chats in future training sets and, where reasonably feasible, request removal from any datasets already shared with upstream providers. We cannot un-train a model that has already been trained on data you previously consented to share.
Cookies & local storage
- One session cookie is set after you sign in (or after a guest session is minted on first visit).
- Your browser's local storage holds your cached country code, your matches, and your provider preferences.
- The age-verification token sits briefly in your tab's session storage while you complete signup, then is discarded.
- Profile and chat images are cached locally in your browser for fast display.
Logging out clears the session cookie and all locally cached data.
Your rights
- You can delete your local data at any time by logging out.
- You can request server-side deletion of your account by contacting support.
- You can withdraw your age verification by deleting your account — there is no separate "verification" record to revoke.
Contact
For privacy questions or deletion requests, please reach out via the support channel listed on the homepage.
← Back to the site