Privacy Policy

Last updated: March 1, 2026

1. Introduction

This Privacy Policy describes how girlfriends.online ("Platform", "we", "us", or "our") collects, uses, and protects your personal data when you use our AI companion service. We are committed to protecting your privacy and processing your data in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), UK GDPR, and the California Consumer Privacy Act (CCPA).

2. Data We Collect

Account Information

  • Email address
  • Encrypted password
  • Display name
  • Account creation date

Service Usage Data

  • Chat messages exchanged with AI companions
  • AI companion preferences and customization settings
  • Generated images and content
  • Credit balance and transaction history

Payment Information

  • Transaction records and payment status
  • Subscription plan details
  • Payment processor references (we do NOT store full card numbers)

Technical Data

  • IP address
  • Browser type and version
  • Device type
  • Log files (retained for 30 days)

3. How We Use Your Data

We process your personal data for the following purposes:

  • Service delivery: To provide AI chat, image generation, and companion features.
  • Account management: To create and manage your account, process payments, and maintain your credit balance.
  • Safety and moderation: To enforce our Terms of Service, detect prohibited content, and prevent abuse.
  • Service improvement: To analyze usage patterns and improve our AI models and platform features.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract performance: Processing necessary to provide the Service you requested.
  • Consent: Where you have given explicit consent (e.g., marketing communications).
  • Legitimate interests: Service improvement, security, and fraud prevention.
  • Legal obligation: Compliance with applicable laws and regulations.

5. Data Sharing

We may share your data with:

  • Payment processors: To process your transactions securely.
  • Hosting providers: Cloud infrastructure providers that store and process data on our behalf.
  • Law enforcement: When required by law, court order, or to protect safety.
  • Professional advisors: Lawyers, accountants, and auditors as needed.

We do NOT sell your personal data to third parties. We do NOT share your chat messages or generated content with advertisers.

6. Data Retention

  • Account data: Retained for 3 years after last activity, or until you request deletion.
  • Chat messages: Retained for the duration of your account. Deleted upon account deletion.
  • Financial records: Retained for 10 years for tax compliance.
  • Log files: Retained for 30 days.
  • Generated content: Retained for the duration of your account. Deleted upon account deletion.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption of data in transit (HTTPS/TLS), encrypted password storage (bcrypt), and access controls on our infrastructure. However, no system is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data (subject to legal retention requirements).
  • Portability: Request your data in a portable, machine-readable format.
  • Restriction: Request that we restrict processing of your data.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

CCPA Rights (California Residents)

California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.

9. Children's Privacy

Our Service is strictly for users aged 18 and older. We do not knowingly collect personal data from anyone under 18 years of age. If we discover that a minor has created an account, we will immediately delete the account and all associated data. See our Underage Policy for details.

10. Cookies

We use essential cookies and local storage to maintain your session and preferences (e.g., authentication token, theme settings). We do not use third-party tracking cookies or advertising cookies.

11. International Data Transfers

Your data may be processed on servers located outside your country of residence. We take appropriate safeguards to ensure your data is protected in accordance with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date.

13. Contact

For privacy-related inquiries, contact us at [email protected].

If you have questions about this policy, contact us at [email protected]