Privacy Policy

FapperAI ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your personal information. By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your data as described herein.

Account Information

When you create an account, we collect your email address, display name, and authentication credentials. If you sign in through Google, we receive your name and email from your Google profile. Authentication is managed through Keycloak, a secure identity provider.

Profile Information

You may optionally provide additional profile information including your display name, gender, date of birth, timezone, and notification preferences. You may also set preferences related to conversation style, intimate preferences, and physical attributes. All profile fields are optional and can be updated or removed at any time.

Conversation Data

We store your conversations with AI characters, including text messages, voice recordings (and their transcriptions), images you share, and AI-generated responses (text, audio, video, and images). Conversation summaries are generated to maintain context across sessions.

Usage Data

We track daily usage counts for text messages, voice interactions, video content, and image generation per character. This data is used to enforce subscription tier limits and resets daily.

Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card numbers, bank account details, or other payment credentials on our servers. We store transaction records including purchase amounts, subscription status, and credit balances.

Location Data

We use IP-based geolocation to determine your approximate location (city and country level). This is used to provide contextual information to characters (such as local weather and time) and to set your default timezone. We do not collect precise GPS coordinates.

Device and Connection Data

If you connect a Handy device, we store your device connection key to maintain the integration. If you link Telegram, we store your Telegram chat ID. Both can be disconnected and removed from your profile at any time.

Anonymous Users

Anonymous users are identified by a hashed, non-reversible identifier derived from your IP address using HMAC-SHA256. We do not store raw IP addresses for anonymous users. Anonymous sessions have limited functionality and reduced data collection.

We process your information on the following legal bases: performance of our contract with you (Terms of Service), your explicit consent, our legitimate business interests, and compliance with legal obligations. Specifically, we use your data to:

• Provide and operate the Platform and its features
• Personalize your experience with AI characters (conversation context, preferences, memory)
• Process payments, manage subscriptions, and maintain your credit balance
• Enforce usage limits and prevent abuse
• Send transactional emails (purchase confirmations, payment failures, subscription renewals and cancellations)
• Send optional character digest notifications based on your preferences
• Deliver proactive character messages through your chosen channels (in-app, Telegram, email)
• Provide contextual information to AI characters (your timezone, local weather, time of day)
• Improve, develop, and optimize our AI models, algorithms, and platform functionality
• Detect and prevent fraud, abuse, unauthorized access, and violations of our Terms of Service
• Comply with applicable laws, regulations, legal processes, or governmental requests
• Enforce our Terms of Service and protect our rights, property, and safety

We use the following third-party services to operate the Platform. Each processes data only as necessary for its specific function:

We do not sell your personal data to any third party. Data is shared with third-party services only as described above and in accordance with their respective privacy policies. We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies independently. We may also disclose your data if required by law, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

We send the following types of emails:

• Welcome email - Sent once after you accept our terms and create your account
• Purchase confirmation - Sent when you complete a subscription or credit purchase
• Payment failed - Sent if a recurring payment fails
• Subscription renewed - Sent when a subscription is successfully renewed
• Subscription cancelled - Sent when a subscription is cancelled
• Character digest - Optional periodic summary of character activity (can be disabled in settings)

Transactional emails (purchase, payment, subscription) cannot be disabled as they contain important account information. Character digest emails can be controlled through your notification preferences.

We implement anti-spam protections with cooldown periods between emails of the same type to prevent excessive messaging.

Your data is stored on secure servers. Conversations, profile data, and usage records are stored in encrypted databases. Media files (audio, video, images) are stored on BunnyCDN with access-controlled URLs.

We implement industry-standard security measures including encrypted connections (HTTPS/TLS), secure authentication via Keycloak with token-based sessions, and payment processing through PCI-compliant Stripe infrastructure.

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security and shall not be liable for any unauthorized access, data breach, or security incident beyond our reasonable control. You are responsible for maintaining the security of your account credentials.

We retain your data for as long as your account is active and as reasonably necessary to provide our services. Conversation history is maintained to provide continuity in your character relationships. Usage data resets daily but historical records are kept for billing, abuse prevention, and legal compliance purposes.

If you request account deletion, we will make commercially reasonable efforts to remove your personal data within 30 days. However, we may retain certain data beyond this period where required or permitted by law, including but not limited to: (a) transaction and billing records as required by tax and financial regulations; (b) data necessary to resolve pending disputes, enforce our Terms, or prevent fraud; (c) anonymized, aggregated data that cannot be used to identify you; and (d) backup copies that are automatically purged on a standard schedule. Some data shared with third-party services prior to deletion may be subject to those services' own retention policies.

Depending on your jurisdiction, you may have certain rights regarding your personal data. We will honor requests to the extent required by applicable law:

• Access - You can view your profile, conversations, and usage data through the Platform. For formal data access requests, contact [email protected]
• Correction - You can update your profile information at any time through your account settings
• Notification control - You can choose your notification channels (in-app, Telegram, email), set quiet hours, set daily message caps, and toggle follow-up messages on or off
• Integration control - You can connect and disconnect Telegram and Handy integrations at any time
• Deletion - You can delete your account and all associated data directly from your account settings. Deletion is immediate and subject to the retention exceptions described in Section 7. You may also contact [email protected]
• Data export - You can export a portable copy of your data directly from your account settings. The export includes your profile, conversations, purchases, and all associated records. You may also contact [email protected]

We may require identity verification before processing data requests to protect your account security. We reserve the right to decline requests that are unreasonable, repetitive, or technically impractical, or where the rights of others would be compromised.

We use browser local storage to maintain your session, remember your preferences, and track onboarding status. We use essential cookies for authentication. We do not use third-party tracking cookies or advertising cookies.

This Platform is strictly for adults aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will take immediate steps to delete the account and all associated data. If you believe a minor has accessed the Platform, please contact us immediately at [email protected].

Your data may be processed and stored in countries other than your own, including countries that may have different data protection laws. By using the Platform, you explicitly consent to the transfer, processing, and storage of your data in any jurisdiction where we or our third-party service providers operate. We take reasonable steps to ensure that data transfers are conducted with appropriate safeguards, but we cannot guarantee that the data protection standards of every jurisdiction will be equivalent to those in your home country.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, FAPPERAI SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM THE COLLECTION, USE, OR PROCESSING OF YOUR DATA AS DESCRIBED IN THIS PRIVACY POLICY, INCLUDING BUT NOT LIMITED TO UNAUTHORIZED ACCESS BY THIRD PARTIES, DATA BREACHES BEYOND OUR REASONABLE CONTROL, OR THE PRIVACY PRACTICES OF THIRD-PARTY SERVICES. YOUR SOLE REMEDY FOR DISSATISFACTION WITH OUR DATA PRACTICES IS TO DISCONTINUE USE OF THE PLATFORM AND REQUEST ACCOUNT DELETION.

We reserve the right to update this Privacy Policy at any time at our sole discretion. Material changes will be communicated via email or an in-app notification at least 14 days before they take effect. Your continued use of the Platform after the effective date of any modifications constitutes your acceptance of the updated policy. If you do not agree with the revised policy, you must stop using the Platform and may request account deletion.

For privacy-related questions, data requests, or concerns, contact us at [email protected]. We will make reasonable efforts to respond to your inquiry within 30 days.