1. Data we collect
1.1 Data you provide.
- Account data: email address, password (stored only as a salted hash), display name, and authentication data. If you sign in via a third-party identity provider, we receive a provider identifier.
- Profile and preferences: optional display name, bio/avatar, language, and content preferences — including your adult-content preference/affirmation, which indicates an interest in adult material.
- User Content: the prompts, character configurations, chat messages, and other inputs you submit, and the images and outputs generated for you ("Generated Content").
- Support and communications: messages you send us (e.g., support tickets), which may contain information you choose to include.
- Payment-related data: we use a third-party crypto payment provider (NOWPayments). We receive transaction status and references needed to credit your purchase. We do not collect or store your cryptocurrency wallet keys or card details.
1.2 Data collected automatically.
- Device/usage data: IP address, browser/device type, pages and features used, timestamps, and similar log data, used for security, abuse prevention, and reliability. Where we log IP for the age gate, we store it in hashed (pseudonymized) form, not in the clear.
- Local storage / cookies: language preference, age-affirmation, and authentication tokens. See our Cookie Policy and Section 7 below. Authentication tokens are stored in your browser's localStorage, not in cookies.
- Error and performance data: we operate self-hosted error-tracking and monitoring. Diagnostic events are masked to reduce personal data and are erased for a user upon account deletion (best effort).
1.3 We do not sell your personal data, and we do not use third-party advertising trackers at launch. If that changes, we will update this Policy and obtain consent where required.
2. How and why we use data; legal bases (GDPR Art. 6)
| Purpose | Examples | Legal basis (GDPR) |
|---|---|---|
| Provide the Service | Create your account, run AI chat and image generation, store your content, credit charms | Contract (Art. 6(1)(b)) |
| Process payments | Credit purchases via NOWPayments, prevent payment fraud | Contract; legal obligation for record-keeping |
| Security, abuse and content-policy enforcement | Rate limiting, age-gate logging (hashed IP), detecting prohibited content, moderation | Legitimate interests (Art. 6(1)(f)); legal obligation where reporting is required |
| Adult-content gating and preference | Honoring your adult-content access and preference settings | Consent for the preference/affirmation; contract to deliver the chosen experience |
| Communications | Transactional emails (verification, receipts, deletion notices) | Contract; legitimate interests |
| Improve and maintain the Service | Debugging, reliability, aggregate analytics on our own infrastructure | Legitimate interests |
| Comply with law and respond to lawful requests | Responding to legal process, NCII/CSAM reporting obligations | Legal obligation |
Where we rely on consent, you may withdraw it at any time (this does not affect prior processing). Where we rely on legitimate interests, you may object (Section 6).
Sensitive data note: Your use of adult features and your content preferences may reveal information about your sexual interests. Where this constitutes special-category data under applicable law, we rely on your explicit consent (manifested by affirming you wish to access adult content and setting your preferences) and on the necessity of processing to provide the service you requested. You can change your preference or delete your account at any time.
3. Sharing and sub-processors
We share personal data only with service providers that process it on our behalf under contract ("sub-processors"), and where required by law. Our sub-processors at launch are:
| Sub-processor | Purpose | Data categories | Location / notes |
|---|---|---|---|
| Anthropic | AI chat/text model provider | Prompts, chat content | {{REGION}} — see provider terms |
| Google (Gemini) | AI model provider (chat/image) | Prompts, chat/image inputs | {{REGION}} |
| xAI | AI model provider | Prompts, chat content | {{REGION}} |
| Groq | AI model inference provider | Prompts, chat content | {{REGION}} |
| OpenRouter | AI model routing provider | Prompts, chat content | {{REGION}} |
| ModelsLab | AI image generation provider | Image prompts/inputs | {{REGION}} |
| RunPod | GPU compute for image/video generation (Pro generator) | Image/video prompts/inputs | {{REGION}} |
| Bunny CDN (BunnyWay) | Media storage and content delivery | Generated images/media; separate SFW and NSFW storage zones | {{REGION}} |
| NOWPayments | Cryptocurrency payment processing | Transaction data (no wallet keys/card data stored by us) | {{REGION}} |
| SMTP2GO | Transactional email delivery | Email address, message content of transactional emails | {{REGION}} |
| Google Firebase Cloud Messaging (FCM) | Web push notifications (where you opt in) | Device push token | {{REGION}} — listed per platform design; confirm at launch |
| Self-hosted error tracking & monitoring (GlitchTip/Grafana/Loki, operated by us) | Reliability, debugging, security | Masked diagnostic/log data | Operator-controlled infrastructure |
We may engage additional or replacement sub-processors; we will keep this list current. We do not permit sub-processors to use your data for their own purposes except as needed to provide their service to us or as required by law.
4. International transfers
We and our sub-processors may process data in countries outside your own, including outside the EEA/UK. Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum / IDTA where applicable) or an adequacy decision. You may request information about the safeguards used by contacting privacy@charmloop.ai.
5. Retention
5.1 We keep your account and associated data until you delete your account. When you request deletion, a 30-day grace period begins, during which you can cancel the request and recover your account. After the grace period expires, we permanently anonymize or erase your personal data as described below.
5.2 What deletion does. On completion we anonymize your user record (we remove or replace your email, username, password hash, display name, avatar, bio, and third-party provider identifier), zero your charm balance, and delete your support tickets and messages. Images and other content you generated are removed from active service per our deletion process. Diagnostic/error events associated with you are erased on a best-effort basis.
5.3 What we retain, and why. We may retain (a) limited records required for legal, tax, accounting, fraud-prevention, and security-audit purposes (including immutable security/audit logs of staff actions and abuse handling), and (b) content we are legally required to preserve or report. Public content you chose to publish (for example, a public AI Companion you created) may remain available with your authorship shown as "Deleted User"; private content is removed.
5.4 Data export. Before deleting, you can request a copy of your data; we generate an export file, and the download link is available for a limited time before it expires.
5.5 Backups are rotated on a normal cycle; residual copies in backups are overwritten in the ordinary course.
6. Your rights
Depending on where you live, you may have the right to: access your data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict or object to processing; data portability; and to withdraw consent. Charmloop provides self-service data export and account deletion in your account settings; you can also exercise rights by contacting privacy@charmloop.ai.
- EU/EEA/UK (GDPR/UK GDPR): the rights above, plus the right to lodge a complaint with your supervisory authority ({{LEAD_SUPERVISORY_AUTHORITY_OR_LOCAL_DPA — fill before publication}}).
- California (CCPA/CPRA): rights to know, delete, correct, and opt out of "sale"/"sharing" (we do not sell or share personal data as defined), and the right not to be discriminated against for exercising your rights. We do not knowingly process data of consumers we know to be under 18.
- Other jurisdictions: we honor applicable local rights.
We will verify your identity before acting on a request and respond within the time required by law. We will not charge a fee except where permitted.
7. Cookies and local storage
We use a minimal set of strictly-necessary and functional cookies/local-storage items — a language preference (NEXT_LOCALE), an age-affirmation token (cl_age_18), and authentication tokens in localStorage. We do not use third-party advertising or analytics trackers at launch. Full detail, including durations, is in our Cookie Policy at charmloop.ai/cookies.
8. Security
We use technical and organizational measures to protect personal data, including encryption in transit, hashed passwords, access controls, pseudonymization of certain logs, and separation of adult and non-adult media storage. No system is perfectly secure; we cannot guarantee absolute security. Tell us about any suspected vulnerability at support@charmloop.ai.
9. Children / 18+ only
The Service is strictly for adults 18+ and is not directed to children. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected data from a person under 18, we will delete it and terminate the account. If you believe a minor is using the Service, contact abuse@charmloop.ai.
10. Changes
We may update this Policy. Material changes will be signaled by an updated "Last updated" date and, where appropriate, additional notice. Continued use after changes take effect constitutes acceptance where permitted by law.
11. Contact
Privacy / data protection: privacy@charmloop.ai. Controller: {{LEGAL_ENTITY_NAME — fill before publication}}, {{LEGAL_ENTITY_FORM_AND_ADDRESS — fill before publication}}. {{DPO_DETAILS_IF_APPOINTED — fill before publication if applicable}}. {{EU_REPRESENTATIVE_ART_27_IF_REQUIRED — fill before publication if required}}.