10 things your AI girlfriend platform isn't telling you about your data

Every AI companion platform has a privacy policy. Most of them are written to satisfy a legal requirement, not to inform you. The interesting information lives in the gaps between what they say, what they don't say, and what independent auditors have found when they looked closely.

These are ten specific things about your data that the platforms generally don't volunteer, sourced from privacy policy analysis, independent security audits, and the breach disclosures that have accumulated across the category.

1. Your prompts are probably training future models

Most platforms use conversation data to improve their AI models unless you specifically opt out. The default on Candy AI and OurDream AI is opt-in to training data collection. The opt-out mechanism exists but it's buried in account settings rather than presented during signup.

What this means practically: the specific scenarios you describe, the character traits you request, the conversation patterns you develop are feeding into the next iteration of the model. Your individual conversations aren't retrievable from the trained model (that's not how model training works), but the aggregate patterns of what users want absolutely shape future model behavior.

Kindroid and Nomi AI are the most transparent about this. Both publish clear statements about whether and how conversation data feeds into model training. Kindroid's Codex system stores your long-term memory locally on their servers but separates it architecturally from the training pipeline.

2. "Encrypted" doesn't mean what you think it means

Several platforms advertise "encrypted conversations." This typically means encryption in transit (your messages are encrypted between your browser and their server) and sometimes encryption at rest (messages are encrypted on their storage servers). Both are standard web security practices that every e-commerce site uses.

What "encrypted" almost never means in this context: end-to-end encryption where the platform itself cannot read your conversations. Every platform in the NSFW AI chat category can read your messages. They need to, because the AI model running on their servers has to process the plain text of your conversation to generate responses. The encryption protects against external interception, not against the platform itself.

CrushOn AI advertises "advanced encryption" but their privacy policy is a single page with no specifics about what encryption standard they use, where keys are stored, or who has access to decrypted data.

3. The breach track record is genuinely alarming

Three major breaches have hit AI companion platforms in the past eighteen months:

The MyLovelyAI breach in April 2026 exposed over 70,000 explicit prompts, AI-generated images, and personal data for more than 100,000 users through an unsecured database.

The Aura breach in March 2026 compromised approximately 900,000 records after a targeted phone phishing attack on an employee. A concurrent report found 17 popular Android companion apps with 311 high-severity security vulnerabilities.

The Chattee Chat / GiMe Chat breach in October 2025 exposed 400,000+ user records including conversation logs and payment data.

The pattern is consistent: platforms handling intimate data are running on infrastructure that wouldn't pass a basic security audit. The operational security guide covers protective measures in detail.

4. Deleting your account may not delete your data

"Delete my account" and "delete my data" are two different operations on most platforms. Account deletion removes your login credentials and profile information. Data deletion removes your conversation history, generated images, character definitions, and behavioral data.

Some platforms conflate the two. Others draw a clear distinction. The ambiguity is intentional because conversation data has commercial value for model training, and permanently deleting it reduces the training dataset.

When testing account deletion across platforms, one independent reviewer found that SpicyChat's "delete account" button doesn't confirm whether conversation data is actually purged. CrushOn's support team took three days to respond to a data deletion request and pointed to a generic delete-account flow.

California's CCPA and the EU's GDPR both give users the right to request complete data deletion. If your platform doesn't have a clear, documented data deletion process, that's a signal worth paying attention to.

5. Your conversation metadata tells its own story

Even if a platform never reads your actual messages, the metadata around your conversations reveals substantial information: when you log in, how long your sessions last, how many messages you send, which character types you interact with, what features you use, when you make purchases. Metadata analysis can construct a detailed behavioral profile without accessing message content.

Most privacy policies grant the platform broad rights to collect and analyze usage data. This data is commercially valuable for advertising, user segmentation, and partnership decisions. It's also the data most likely to be shared with third-party analytics services.

6. Screenshots and generated images live on CDN servers

When you generate an image on Candy AI, OurDream, DreamGF, or any image-capable platform, that image is rendered on a server and delivered to your browser via a content delivery network. The image exists on their servers, cached on CDN edge nodes, potentially backed up to redundant storage.

Your local copy is just one copy. The server-side copies are governed by the platform's data retention policy, which may keep generated images for weeks, months, or indefinitely. Some platforms explicitly state that generated images remain on their servers until you delete them. Others don't address it at all.

7. Third-party model providers can see your conversations

Platforms that use third-party AI models (Janitor AI routing to OpenAI's API, Poe routing to various model providers, some platforms using Anthropic's Claude) are sending your conversation text to those providers' servers. The conversation passes through two sets of infrastructure: the platform's and the model provider's.

Each provider has its own data retention and training policies. OpenAI's API data policy, Anthropic's usage policy, and Google's Gemini terms each handle conversation data differently. Using a platform that routes through a third-party model means your data is subject to two privacy policies, not one.

8. Payment processors know what you're paying for

Your credit card statement shows a charge from whatever entity processes the platform's payments. The descriptor might be vague ("DGTL SVCS" or similar), but the payment processor's internal records link your identity to a specific NSFW AI platform.

This matters because payment processor records are subpoenable, and Visa/Mastercard's policies on adult content mean processors pay close attention to the merchants in this category. Some platforms offer alternative payment methods (crypto, prepaid cards) specifically to address this concern. The pricing playbook covers payment method options across platforms.

9. Voice data adds a biometric dimension

Platforms with voice features (Candy AI's Live Call, OurDream's 19 voice profiles, Kindroid's voice calls, Replika's voice mode) process your actual voice. Voice data is biometric data, which receives special protection under BIPA (Illinois), CCPA (California), and GDPR (EU).

Most platforms' privacy policies don't specifically address voice data collection, retention, or processing. Whether your voice recordings are stored, analyzed, or used for model training is typically covered under a broad "user data" umbrella rather than called out as the biometric data it legally is.

If voice privacy concerns you, the practical options are to use text-only mode on platforms with voice features, or to choose platforms without voice capabilities at all.

10. The platform might not exist next year

The AI companion space has significant churn. Smaller platforms launch, attract users, run through their initial funding, and either get acquired, pivot, or shut down. When a platform shuts down, the disposition of user data depends entirely on the shutdown circumstances.

An orderly shutdown by a responsible company includes data deletion and user notification. A funding failure or acqui-hire might result in user data being transferred to the acquiring entity under different terms than you originally agreed to. A sudden shutdown might leave data sitting on servers with nobody actively managing access.

Platforms that have been operating for two or more years (Replika since 2017, Character AI since 2022, Candy AI, CrushOn, and SpicyChat since 2023-2024) have demonstrated more durability than newer entrants. Choosing a platform partly on the basis of its longevity and business stability is a rational privacy decision.

What to actually do about all of this

The practical takeaways don't require paranoia, just awareness:

Use a dedicated email address for AI companion platforms. Not your primary email, not your work email. A free email account created specifically for this purpose.

Consider payment anonymization. Prepaid debit cards purchased with cash, privacy-focused virtual card services like Privacy.com, or cryptocurrency where supported. This isn't about shame; it's about limiting the data trail.

Don't share personally identifiable information in conversations. Your AI companion doesn't need your real name, workplace, address, or details about identifiable people in your life. The AI generates equally good responses whether you use your real name or a nickname.

Check whether the platform allows data export and deletion. Before investing months of conversation history into a platform, verify that you can request a full data export and a confirmed deletion if you decide to leave. Platforms that can't clearly answer this question don't deserve your trust with intimate data.

Read the privacy policy, but read it with the specific questions above in mind rather than trying to parse the legal language generally. The gaps and omissions tell you as much as the text itself. Age verification practices and jurisdictional legality are additional layers worth understanding.

The category is still young enough that privacy practices are improving under regulatory and competitive pressure. The platforms that treat user data carefully will increasingly differentiate themselves from those that don't, and users who choose platforms partly on privacy grounds are rewarding the right behavior.