You are talking to an AI companion. Characters are fictional and AI-generated.

Lunentia18+

Draft pending legal review

Privacy Policy

# Privacy Policy

> DRAFT - not legal advice; review by qualified counsel before publication.
> Bracketed tokens such as [OPERATOR LEGAL NAME], [OPERATOR RECORDS ADDRESS],
> [JURISDICTION], [EFFECTIVE DATE], and [OPERATOR ABUSE EMAIL] are placeholders
> to be completed by the operator and its counsel.

Effective date: [EFFECTIVE DATE]

This Privacy Policy explains how [OPERATOR LEGAL NAME] ("we", "us", "our") collects,
uses, and shares information in connection with the AI companion platform (the
"Service"). The Service is for adults only and all companions are synthetic, fictional
AI characters (see Section 2).

## 1. Summary of our privacy posture

- We do not store your government identification document. Age verification is
  performed by a third-party vendor, and we keep only an opaque verification reference.
- We do not store raw IP addresses for compliance logging. Where an IP is needed for
  records or abuse prevention, we store a salted one-way hash (an "ip_hash"), not the
  address itself.
- The Service has no upload path: there is no feature to upload a photo, audio, or
  video of any real person. This is enforced at the data layer.
- Generated media and compliance records are written only by our server after passing
  automated safety checks; they are not user-writable.

## 2. Companions are AI / synthetic

Companions are computer-generated fictional characters. They are not real people and
do not depict any actual person. Companion appearance is generated from text
descriptors you select, and any companion voice is synthetic. The Service provides no
mechanism to introduce a real person's likeness or voice.

## 3. Information we collect

3.1 Account information. When you register we collect your account identifier (for
example, an email address) and authentication data managed by our authentication
provider. We may store a display name you choose.

3.2 Age-verification data (opaque references only). To use age-restricted features you
must complete verification with a third-party age-verification vendor. The vendor
performs the identity/age check on its own systems. We receive and store only:
- an opaque provider reference token (a "provider_ref" / "age_verification_ref");
- the verification status (pending, verified, or failed);
- the method category (for example, document scan, credit card, or reusable digital
  ID), without underlying document contents;
- the timestamp of verification; and
- a salted hash of the IP address used at verification (ip_hash).
We do not receive or retain your identification document image, document number, or
other raw identity attributes. We cannot reconstruct your identity document from the
data we hold.

3.3 Companion and usage data. We collect the personas you create (names and structured
text appearance descriptors), your messages and prompts ("User Input"), companion
output generated for you, relationship-progression state, and consent records (for
example, acceptance of the Terms, Privacy Policy, Acceptable Use Policy, and any
opt-in to age-restricted features).

3.4 Compliance and safety records. For generated images and any age-restricted media,
we maintain generation records and per-generation attestations (see Section 6), along
with content-moderation event logs and an internal audit log. These support our legal
recordkeeping and abuse-prevention obligations.

3.5 Technical data. We process limited technical information needed to operate and
secure the Service (for example, device/browser data and request metadata). For
compliance and security logging that involves an IP address, we store the salted
ip_hash rather than the raw address.

3.6 Payment data. If you make a purchase, payment is processed by a third-party
payment processor. We do not store full payment-card numbers.

## 4. How we use information

We use information to: (a) provide, maintain, and secure the Service; (b) verify
eligibility and enforce age restrictions; (c) generate and moderate companion content
through our guarded generation pipeline; (d) maintain the compliance records described
in this Policy and the 2257 Compliance Statement; (e) prevent, detect, and respond to
fraud, abuse, and prohibited content; (f) comply with legal obligations and respond to
lawful requests; and (g) communicate with you about the Service.

## 5. Legal bases (where applicable)

Where required (for example, under the GDPR), we rely on: performance of our contract
with you (providing the Service); compliance with legal obligations (including
age-verification and recordkeeping requirements); our legitimate interests (securing
the Service and preventing abuse); and your consent (for age-restricted features and
any optional processing). You may withdraw consent as described in Section 9, subject
to records we must retain by law.

## 6. Compliance recordkeeping (2257-style)

For each generated image and any age-restricted media, our systems create:
- a generation record (an entry in our generation_records set) capturing the
  generation type, a prompt hash, reference hashes, any content-provenance manifest
  reference, and whether the user attested; and
- where required, a generation attestation (an entry in our generation_attestations
  set) capturing the attestation text, the associated user, and a salted ip_hash.

Because all companions are synthetic, these records document the fictional, AI-
generated nature of the content rather than any real performer. These records are
maintained as described in our 2257 Compliance Statement. They are written only by our
server and are not user-editable.

## 7. How we share information

We do not sell your personal information. We share information only:
- with service providers who process data on our behalf (for example, hosting, our
  authentication provider, the age-verification vendor, content-moderation services,
  and payment processing), under contractual confidentiality and security obligations;
- to comply with law, regulation, legal process, or enforceable governmental request,
  and to report or respond to prohibited content as required;
- to enforce our Terms and protect the rights, safety, and security of users, the
  public, and [OPERATOR LEGAL NAME]; and
- in connection with a merger, acquisition, or asset sale, subject to this Policy.

## 8. Data retention and deletion

8.1 General retention. We retain account, persona, and usage data for as long as your
account is active or as needed to provide the Service, and thereafter only as needed
for legitimate business or legal purposes.

8.2 Account deletion. You may request deletion of your account. On deletion we remove
or de-identify your account profile, personas, messages, generated assets, and
relationship state, except for records we are required to retain by law or that are
necessary to establish, exercise, or defend legal claims or to prevent abuse.

8.3 Compliance records. Generation records, attestations, moderation events, and audit
logs may be retained for the period required by applicable recordkeeping law and our
2257 Compliance Statement, even after account deletion. These records reference
synthetic content and are stored separately from raw identity documents (which we
never hold). Salted ip_hash values are retained, not raw IP addresses.

8.4 Age-verification references. Opaque verification references and status are retained
as needed to evidence eligibility and to satisfy legal obligations, then deleted or
de-identified.

## 9. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, port, or
restrict processing of your personal information, and to object to certain processing.
You can exercise these rights, or withdraw a consent, by contacting us at
[OPERATOR ABUSE EMAIL]. We will respond as required by applicable law. We may need to
verify your request. Some compliance records (Section 8.3) may be exempt from deletion.

## 10. Security

We use technical and organizational measures designed to protect information,
including access controls that restrict compliance records and generated media to
server-side (service-role) processes and that limit each user's access to their own
data. No method of transmission or storage is completely secure.

## 11. International transfers

We may process and store information in countries other than where you reside. Where
required, we use appropriate safeguards for cross-border transfers.

## 12. Children

The Service is not directed to, and may not be used by, anyone under 18. We do not
knowingly collect personal information from minors. If we learn that we have collected
such information, we will delete it.

## 13. Changes to this Policy

We may update this Policy from time to time. We will post the updated Policy with a new
effective date and, where required, provide additional notice.

## 14. Contact

For privacy questions or requests, contact [OPERATOR LEGAL NAME] at
[OPERATOR ABUSE EMAIL] or [OPERATOR RECORDS ADDRESS].