LogoLogo Illust

Privacy Policy

Last Updated: 2025.03.09

1. General Provisions

  1. Purpose and Scope
    • This Privacy Policy (“Policy”) explains how Lovechat (the “Company,” “we,” or “us”) collects, uses, stores, and shares personal data when you (the “User”) utilize our AI character chat service (collectively, the “Service”).
    • This Policy applies to all platforms operated by the Company (e.g., website(s), mobile applications). If there is a separate privacy notice or additional terms for specific functionalities, that document may take precedence.
  2. Legal Compliance
    • The Company complies with relevant data protection laws, including but not limited to U.S. federal/state laws (e.g., CCPA/CPRA), and the EU General Data Protection Regulation (GDPR). We endeavor to safeguard users’ personal information as required by these regulations.
  3. Definitions
    • “Personal Data” means any information related to an identified or identifiable individual (e.g., name, email address, etc.) or any data that can be combined with other information to identify a specific person.
    • “AI Chat Logs” refer to text-based interactions (questions and responses) you exchange with AI characters, as well as any uploaded images or generated results. If these logs contain details that could identify you or another individual (e.g., names, faces, contact info), they may be treated as personal data under applicable laws.
    • “Service” encompasses the AI character chat functionality and related features (e.g., image generation, community boards) provided by the Company.
  4. Revisions to This Policy
    • We may update or amend this Policy as required by law or changes in our Service operations. For significant changes, we will give notice at least 7 days in advance (30 days for major revisions) via our official website, email, or other communication channels.
    • The revised Policy becomes effective on the specified date. Continued use of the Service thereafter constitutes your acceptance of the updated Policy.

2. Categories and Methods of Personal Data Collection

  1. Categories of Personal Data
    1. Account Registration and Management
      • Required: email address, password, nickname, age verification (confirming 18+).
      • Optional: profile photo, gender, interests, or other details voluntarily provided by the user.
    2. Payment and Premium Services
      • Payment details (credit card info, payment gateway data), transaction records, bank account info (if needed for refunds), etc.
    3. Automatically Collected Data
      • IP address, cookies, browser/OS info, device identifiers, timestamps of access, usage logs, and so on.
    4. AI Conversation and Image Generation Data
      • Text logs from your interactions with AI characters (questions/responses), any uploaded images (profile/reference), and final generated outputs (images or text).
      • Potential Personal Data:
        • If these conversations or images include identifying details (e.g., name, face, personal info), they may be considered personal data.
        • The Company may store or analyze such data for AI model improvements, quality checks, or moderation. Where actual personal information is found, we handle it according to applicable laws and this Policy.
        • We recommend that you do not include sensitive or private personal data in your conversations. Please be cautious to avoid unnecessary disclosure of personal identifiers.
  2. Methods of Collection
    1. Direct Collection
      • Data you provide when signing up, making payments, contacting support, editing your profile, participating in events, or posting in community features.
    2. Automated Collection
      • Cookies, IP tracking, device logs, and other technical data captured during web/app usage.
      • AI chat or image generation logs are stored on our servers as you interact with the Service.
    3. Third-Party Sources
      • Minimal user info received from social logins (e.g., Google, Apple) if you choose to link or log in via such platforms.
      • Payment gateways may share transaction confirmations or failures.
      • Any additional external service integrations only occur within the scope of your explicit consent.
  3. Sensitive Personal Data
    • We do not intentionally request or store data such as religion, health status, or political views (“sensitive data”). However, if you voluntarily include such details in AI chats or images, we will restrict its use to AI operations (e.g., processing for improvements, moderation) and, when appropriate, anonymize or delete it to comply with legal obligations.

3. Purposes of Use and Retention Period

  1. Purposes of Use
    1. Service Provision and Operation
      • User authentication, login maintenance, customer support (inquiries, complaints), announcements, and community features (boards, comments, character creation/sharing).
    2. AI Model Improvement and Feature Enhancement
      • Analyzing user chat logs and image generation records to enhance AI accuracy, fix errors, and develop new functionalities.
      • Note: If personal identifiers (e.g., real name, photos) appear in these logs, we apply the necessary safeguards (anonymization, etc.) and do not use them beyond the stated purpose.
    3. Secure and Compliant Environment
      • Detecting and preventing fraudulent or abusive activities (spam, hacking, illegal/harmful content), enforcing internal policies, and complying with legal requirements.
    4. Marketing and Promotions (with optional consent)
      • Sending event announcements, discounts/coupons, updates on new features, or partner services to users who opt in.
  2. Retention Period
    1. General Principle
      • We promptly delete or anonymize personal data once its purpose of collection or use is fulfilled.
    2. Legally Required Storage
      • Certain records (transaction logs, access logs) may be retained for a mandated period under applicable laws (e.g., e-commerce, tax, or communications laws). After that period, they are securely deleted.
    3. AI Conversation Logs and Images
      • We may keep conversation data or generated images for a set duration to improve service quality and reduce disputes, after which we anonymize or delete them.
      • If you include personal or sensitive data in your text or images, we will use such information only for limited analysis (e.g., model operation) and then promptly dispose of or anonymize it. We encourage users to refrain from inputting unnecessary personal identifiers.
    4. Upon Account Deletion or Service Termination
      • If you request account closure or the Service ends, we retain relevant data as required by law and our internal policies for a defined period, then securely destroy or anonymize it.

4. Third-Party Sharing & Outsourcing

  1. Provision to Third Parties
    1. General Principle:
      • We do not disclose your personal data to external parties without your prior consent.
      • However, if required by law or legitimate legal process (e.g., a court or law enforcement request), or if you explicitly agree (e.g., partner offers), we may share data within the minimal scope necessary.
    2. Exceptions & Legal Requests:
      • (a) You explicitly agree (e.g., when you opt in for a partner service or promotional event).
      • (b) A competent public authority (court, police) requests it under valid legal procedures.
      • (c) It is otherwise permissible or mandated by relevant laws (e.g., for consumer protection, investigating fraud).
  2. Outsourcing of Processing
    1. Purpose
      • For certain tasks—such as payment processing, data hosting, analytics, AI model operations, or customer support—we may enlist specialized third-party service providers. This allows us to deliver better, more secure, and more reliable Services.
    2. Transparency and Compliance
      • Where required by law, we disclose or notify users about the scope of personal data handled by each provider. We also sign data processing agreements or equivalent legal documents (as per the Personal Information Protection Act or other applicable regulations) to ensure these providers adhere to strict privacy standards.
      • We regularly supervise and audit these providers to prevent any unauthorized handling or further disclosure of user data.
  3. Overseas Transfers (If Applicable)
    1. General Notice
      • If a third-party provider or cloud server is located outside our primary jurisdiction, personal data may be transferred abroad.
      • We adopt appropriate safeguards (e.g., Standard Contractual Clauses under GDPR, encryption) and inform users of the transfer details where mandated by law.
    2. Legal Basis
      • Any international data transfer complies with relevant data protection regulations (e.g., GDPR for EU residents, CCPA for California users).
      • Additional consent may be requested if your local regulations require it.
  4. No Unnecessary Disclosure
    • We do not provide personal data to other external parties for marketing or unrelated operations unless we have your explicit consent or a valid legal basis.
      • If you have concerns about specific outsourced operations or wish to learn more, you may contact us through the channels listed in the “Contact Information” section.

5. Use of Cookies and Similar Technologies

  1. Definition and Purpose of Cookies
    • Cookies are small text files sent by a website to a user’s device or browser to identify the browser and store certain information. We use cookies and similar tracking technologies (e.g., pixels, web beacons) to provide seamless access, personalize content, analyze traffic, and improve the quality of our services.
  2. Scope of Collected Information
    • Information about your visits, such as the date/time of access, user settings (language, display preferences), and advertising or content click metrics, may be collected.
    • These cookie values can be used to limit repeated exposures to the same ad or to measure promotional campaign performance.
  3. How to Reject or Manage Cookies
    • You may enable, disable, or delete cookies through your browser settings (e.g., Chrome, Firefox, Safari).
    • If you refuse to accept cookies, certain features of the Service (e.g., auto-login, personalized recommendations) may be limited or unavailable.
  4. Retention of Cookies
    • Cookies may expire when you close the browser or after a specified time, depending on your settings.
    • We do not keep cookies longer than necessary; once they fulfill their purpose, they automatically expire.
  5. Regional Compliance (GDPR, ePrivacy, CCPA, etc.)
    • If you reside in the EU/EEA, you may be prompted for consent before certain cookies or tracking technologies are placed on your device, in compliance with GDPR and ePrivacy directives.
    • If you are in California (U.S.), you have rights under CCPA/CPRA to opt out of certain tracking for personalized advertising. Please see Section 7 (User Rights) for more details on exercising your rights.

6. Overseas Transfer of Personal Data

(Note: This applies if the Company uses cloud servers, AI platforms, or payment services based in countries outside your main jurisdiction.)

  1. Reasons for Overseas Transfer
    • The Company may store or process personal data on servers located outside your country (e.g., the United States, EU member states) to provide a global service and leverage external AI or analytics platforms.
  2. Data Categories and Destination
    • Possible data transferred overseas includes user identifiers (e.g., email, user ID), partial chat logs for AI analytics, payment details, etc.
    • We will notify users of the destination country, the date and method of transfer, and the receiving entity, typically via our official notices or a dedicated page, in accordance with local law.
  3. Safeguards Under GDPR/Other Laws
    • If we transfer personal data from the EU/EEA to a country without an adequacy decision, we implement measures such as Standard Contractual Clauses (SCCs), robust encryption, and restricted access to protect your data.
    • We comply with the GDPR when transferring data outside the EEA, and with CCPA/CPRA if you are in California, or any other applicable regulations, to ensure equivalent protection of your personal information.
  4. Retention and Processing Period
    • Personal data stored abroad is retained only for as long as necessary for the purposes set out in this Policy or required by law. Afterward, it is securely deleted or anonymized.

7. User Rights and How to Exercise Them

  1. Right to Access, Rectify, and Delete
    • You have the right to request access to, correction of, or deletion of the personal data we hold about you (e.g., registration info, chat logs).
    • We will respond promptly within the limits of applicable laws. If we must deny or limit the request, we will inform you of the reason.
  2. Opt-Out of Certain Uses
    • You may opt out of marketing communications or any additional data collection that requires your consent.
    • Opting out of certain data uses may restrict some functionalities (e.g., promotional offers). However, legally mandated data (for compliance or transaction records) may still be retained for the period required by law.
  3. Request to Restrict or Suspend Processing
    • If you believe a specific processing activity is unnecessary or excessive, you can ask us to restrict or temporarily suspend that processing. We will assess such requests in line with our legal and operational obligations.
  4. Handling Sensitive/Private Data
    • We generally do not request or collect sensitive data (e.g., health, religion, politics). Please avoid submitting such information in your AI chats or images.
    • If you do provide such data, we will limit its processing to only the essential service scope (e.g., AI analysis) and anonymize or delete it if not required.
  5. Exercising Rights Under GDPR, CCPA, etc.
    • EU/EEA residents: Under GDPR, you have additional rights such as data portability and the right to object to certain processing. You may contact us to exercise these rights.
    • California residents: Under CCPA/CPRA, you can opt out of “sale” or “sharing” of personal data, request access or deletion. We will provide a Do Not Sell My Personal Information link or similar mechanism if applicable.
    • To submit a request, please contact our support channels (email, in-app form). We may verify your identity before proceeding.

8. AI Conversation/Image Data Processing & Automated Decision-Making

  1. Storage and Analysis of AI Logs
    • The Company may store and analyze your AI conversation logs, uploaded images, and generated results for purposes like model improvement, error debugging, policy compliance checks, or dispute resolution.
    • If these logs contain personal identifiers (e.g., names, face photos), we handle them in accordance with the law and this Policy, and promptly anonymize or delete them once they are no longer needed.
  2. Automated Decision-Making
    • Responses or images generated by the Service are fully automated, powered by AI algorithms without immediate human review.
    • Users should treat AI outputs as reference only, especially for professional matters (medical, legal, etc.), and seek qualified advice where appropriate.
  3. Limitations on Sensitive or Third-Party Data
    • We discourage users from inputting highly sensitive or personal details in their AI chats or images. Any attempt to upload or generate content that includes third parties’ private data may be subject to removal under our Service policies.
    • Where sensitive data is inadvertently provided, we process it solely for essential AI operations (like compliance checks), then anonymize or delete it.
  4. Scope of Data Usage
    • Generally, user chat logs are aggregated and analyzed for performance enhancements (e.g., improving answer accuracy) and moderation. If specific personal data is identified, we apply partial redaction or anonymization.
    • We do not disclose or sell such data to external entities without your explicit consent.

9. Security Measures

We take comprehensive measures to protect personal data, including AI conversation logs and generated images, from unauthorized access or disclosure.

  1. Technical Safeguards
    1. Encryption
      • Personal data, such as login credentials or payment details, is encrypted both at rest and in transit.
      • AI conversation logs or uploaded images may be stored in an encrypted environment to reduce the risk of unauthorized retrieval.
    2. Firewall and Intrusion Prevention
      • We deploy firewalls, IDS/IPS (Intrusion Detection/Prevention Systems), and other security tools to block malicious traffic and detect abnormal patterns in real time.
      • Automated alerts are generated if suspicious access or data exfiltration attempts are detected.
    3. Access Control and Account Management
      • Access to our systems that store personal data (including AI logs) is strictly limited to authorized personnel.
      • We regularly review and update account privileges and monitor audit logs to prevent internal misuse.
  2. Administrative Safeguards
    1. Internal Management Plans
      • We have internal policies and procedures in place to manage privacy risks, including how we handle, store, and dispose of user data.
      • Responsibilities and roles are clearly defined, and updates to our privacy protocols are communicated regularly within the Company.
    2. Employee Training and Accountability
      • Employees who handle personal data receive periodic security and privacy training.
      • They sign confidentiality agreements and acknowledge that any mishandling of data could result in disciplinary or legal actions.
  3. Physical Safeguards
    1. Restricted Server Rooms
      • Server rooms and backup storage facilities are designated as restricted areas, accessible only to authorized personnel with prior clearance.
      • Physical access is monitored, and logs of entry/exit are maintained.
    2. CCTV Monitoring
      • CCTV cameras may be installed in critical zones (data centers, backup rooms) to monitor access and prevent unauthorized entry or tampering.
  4. Incident Response
    • In the event of a security breach (e.g., hacking, data leakage) involving AI logs or other personal data, we will promptly notify affected users and relevant authorities as required by applicable laws (e.g., GDPR, CCPA).
    • We will take immediate measures to contain and investigate the incident, coordinating with security professionals to minimize further risk.

10. Destruction of Personal Data

We destroy or irreversibly anonymize personal data, including AI conversation records and images, once its purpose has been achieved or any legally required retention period has expired.

  1. Principle of Timely Destruction
    • Personal data is either securely deleted or anonymized as soon as it is no longer needed for the original purpose (or upon the expiration of a mandated retention period).
    • If other laws require extended storage, we will store such data separately from active records and limit access to authorized personnel only.
  2. Destruction Procedure
    • Identification of Data for Destruction
    1. We periodically review data (including AI chat logs, generated images, transaction records) to determine which records are eligible for destruction or anonymization.
    • Approval and Execution
      1. A designated manager reviews the destruction list to confirm that the data is indeed ready to be removed. Upon approval, the data is promptly deleted or anonymized.
  3. Methods of Destruction
    1. Electronic Files
      1. We permanently erase data using secure deletion tools (e.g., degaussing, specialized wiping software) so it cannot be recovered.
    2. Physical Documents
      1. Printed materials (e.g., backup logs, user support records) are shredded or incinerated.
    3. AI Chat Logs and Images
      1. Databases or storage systems containing conversation histories or generated images are purged or anonymized to prevent any future identification or reconstruction
    4. Exceptions
      1. If it is necessary to retain certain records for dispute resolution, fraud prevention, or legal compliance, we keep only the minimal data required for that specific purpose and dispose of it once the matter is resolved.

11. Changes to This Privacy Policy

  1. Reasons for Revision
    • We may update or amend this Policy in response to changes in legislation, security or operational needs, or shifts in our Service features (e.g., adding new AI functionalities).
  2. Notification Method
    • For significant changes (e.g., expansion of collected data categories, new sharing practices), we will provide notice at least 7 days in advance (30 days for major changes) via our official website, in-app alerts, or email.
    • Minor edits (typographical corrections, organizational name changes) may be posted without prior notice, but the updated version will be clearly indicated with a revision date.
  3. Effective Date
    • The revised Policy takes effect on the date stated in the notice. If you continue using the Service after that date, it constitutes your acceptance of the revised terms.
    • If you do not agree with the updated Policy, you may discontinue the Service and delete your account accordingly.
  4. Access to Previous Versions
    • We retain and may publish historical versions of this Policy (with revision dates and a summary of changes), so users can review earlier terms if needed.

12. Contact Information

If you have any questions, complaints, or requests regarding this Privacy Policy or the handling of personal data, please reach out to below:

  • Email: contact@lovech.at