Privacy Policy

Last updated: February 26, 2026

1. Information We Collect

We collect information you provide directly:

• Account Information: Email address, display name, and password (securely hashed)
• Conversation Data: Messages you exchange with your companions
• Uploaded Images: Images you share in chat (vision input) or upload as companion avatars
• Memory Data: Facts, preferences, and information stored in your companion's memory
• Companion Data: Custom companion names, descriptions, personality settings, and custom instructions
• Payment Information: Processed securely through Stripe; we don't store card numbers
• Age Confirmation: For adult and romantic content access, processed through self-declared date of birth and age acknowledgment
• Content Acknowledgments: Records of policy acknowledgments (e.g., image upload content policy)

2. How We Use Your Information

We use your information to:

• Provide and improve our AI companion services
• Maintain conversation continuity and memory features
• Process payments and manage subscriptions
• Send important account-related communications
• Ensure platform safety and prevent abuse

3. What We Don't Do

4. Data Retention

• Messages: Retained until you delete them (max 1 year of inactivity)
• Uploaded Images: Chat images are retained while the associated conversation exists. Companion avatars are retained while the companion exists. Deleting the conversation or companion removes the associated images.
• Long-term Memories: Retained until you delete them
• Session Memory: Auto-expires after 7 days
• Voice Audio: TTS audio is generated on-demand and delivered to your device. We do not store generated audio on our servers after delivery. Your browser may cache audio locally for up to 7 days.
• Purchased Packs: Message packs and voice minute packs expire 12 months from the date of purchase
• Account Data: Retained while your account is active

Deleted data is removed from active systems and user access. Encrypted backup systems may retain limited copies for a short period as part of standard disaster recovery procedures.

5. Your Rights and Controls

You have the right to:

• View all memories your companions have stored
• Edit or delete any memory at any time
• Request a copy of your data in a machine-readable format
• Delete your account and all associated data

6. Third-Party Services

We use the following third-party services:

• Google Ads: We use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. For visitors in the EU, EEA, UK, and Switzerland, this script only loads after you accept the consent banner. For other regions, it loads automatically. Google may collect device identifiers, IP address, and browsing data in connection with this tracking. For details on what is stored in your browser, see our Cookie Policy.
• AI Chat Providers (OpenRouter): Process your messages to generate companion responses. When you share images in chat, those images are sent to the AI provider for visual understanding. We select providers whose API policies are designed to prevent customer conversation data from being used for model training. Providers may retain limited data temporarily for security, abuse prevention, or operational purposes in accordance with their own policies.
• Voice Provider (ElevenLabs): Generates text-to-speech audio from companion messages. Message text is sent to ElevenLabs for audio generation. Generated audio is streamed to your device. ElevenLabs may process this data in accordance with their own privacy policy.
• Stripe: Payment processing
• Hostinger: Server hosting

7. First-Party Product Analytics

InnerHaven collects limited product interaction events (such as companion selection, preview usage, and feature activation) to understand how the service is used and improve reliability and user experience. These analytics are processed internally and are not shared with advertisers or third parties. No message content, conversation text, or personal details are collected through this system.

For visitors in the EU, EEA, UK, and Switzerland, this data is only collected after you accept the consent banner. A random anonymous identifier is stored in your browser's local storage for session continuity; it is not derived from device characteristics or fingerprinting. For details on what is stored, see our Cookie Policy.

8. Data Security

We protect your data with:

• Encryption in transit (TLS 1.3)
• Secure password hashing (Argon2id)
• Regular security audits
• Access controls and monitoring

9. Children's Privacy and Safety

InnerHaven is not intended for users under 18. We do not knowingly collect information from children. Adult content features require age confirmation.

We maintain a zero-tolerance policy regarding child sexual abuse material (CSAM). If we become aware of any content involving the sexual exploitation of minors, we will immediately terminate the associated account and report the content and account information to the National Center for Missing & Exploited Children (NCMEC) and applicable law enforcement agencies, as required by law.

10. Changes to This Policy

We may update this policy periodically. We'll notify you of significant changes via email or in-app notification.

11. California Consumer Privacy Act (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with certain rights regarding your personal information. The following is intended to describe these rights and how to exercise them.

Right to Know. You have the right to request that we disclose what personal information we collect, use, disclose, and sell. You may request that we provide:

• The categories of personal information we have collected about you
• The categories of sources from which the personal information was collected
• The business or commercial purpose for collecting the personal information
• The categories of third parties with whom we share personal information
• The specific pieces of personal information we have collected about you

Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions permitted by law.

Right to Opt-Out of Sale. You have the right to opt-out of the sale of your personal information. InnerHaven does not sell your personal information. We do not sell, rent, or share your personal data to third parties for monetary or other valuable consideration for their own marketing or commercial purposes.

Do Not Sell My Personal Information. Because we do not sell personal information, we do not offer a "Do Not Sell" link. If our practices change in the future, we will update this policy and provide appropriate mechanisms for you to opt out of the sale of your personal information.

Right to Non-Discrimination. You have the right to not receive discriminatory treatment for exercising any of your CCPA rights. We will not deny you services, charge different prices, or provide a different level or quality of services because you have exercised your privacy rights.

How to Exercise Your Rights. To submit a request under the CCPA, contact us at support@innerhavenai.com. Please include "CCPA Request" in the subject line and specify which right(s) you wish to exercise. We will respond within 45 days of receiving a verifiable request.

Verification. To protect your privacy, we will verify your identity before processing requests to know or delete. We may ask you to confirm your email address, provide information that matches our records, or log into your account. For requests to know or delete specific pieces of personal information, we may require additional verification. Our verification process is designed to use the minimum information necessary to verify your identity.

12. European Data Protection (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and applicable national laws provide you with certain rights regarding your personal data. The following is intended to describe our approach to processing your data and how to exercise your rights.

Legal Basis for Processing. We process your personal data on the following legal bases:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., optional features, marketing communications)
• Contract Performance: Where processing is necessary to perform our contract with you or to take steps at your request before entering into a contract (e.g., providing our services, processing payments)
• Legitimate Interest: Where processing is necessary for our legitimate interests or those of a third party, provided your interests or fundamental rights do not override those interests (e.g., fraud prevention, platform safety, improving our services)
• Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject

Data Subject Rights. You have the right to:

• Access: Request access to your personal data and receive a copy of the data we hold about you
• Rectification: Request correction of inaccurate or incomplete personal data
• Erasure: Request deletion of your personal data where there is no compelling reason for continued processing
• Restriction: Request restriction of processing in certain circumstances
• Data Portability: Request a copy of your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests or for direct marketing purposes

International Data Transfers. Your data may be transferred to and processed in the United States, where our servers are located. The United States has not been found to provide an adequacy decision equivalent to that of the EEA. When we transfer data from the EEA to the U.S., we rely on appropriate safeguards intended to protect your personal data, which may include Standard Contractual Clauses approved by the European Commission or other transfer mechanisms in accordance with applicable law.

How to Exercise Your Rights. To submit a request under the GDPR, contact us at support@innerhavenai.com. For data protection inquiries, you may also contact our Data Protection contact at privacy@innerhavenai.com. We will respond within one month of receiving your request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests.

Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe that our processing of your personal data infringes applicable data protection law. A list of EU Data Protection Authorities is available at edpb.europa.eu.

13. Contact Us

For privacy-related questions or data requests:

• Email: privacy@innerhavenai.com
• Data requests are processed within 30 days