LovlaiLovlai

Privacy Policy

Version 1.0 | Last Modified: 14 May 2026

This Privacy Policy governs how we collect, use, and protect your personal information when you use "Lovlai: AI Boyfriend Chat", our mobile application available on the App Store and Google Play, as well as our website at https://www.lovlai.io (collectively, the "Services").

By using the Service, you consent to the data practices described in this Policy. If you do not agree, please do not use the Service.

1. Who We Are

For privacy inquiries, please contact us at: info@lovlai.io

2. Data We Collect

2.1. Registration Information

When you create an account, we collect:

  • Email address (if you sign in with email or social login)
  • Device identifier (UUID generated by your device)
  • Display name / nickname (if you set one)
  • Age confirmation (you must confirm you are 18+)
  • Preferred language

2.2. Profile and Preferences

You may optionally provide:

  • Gender
  • Preferred character attributes (ethnicity, eye color, hair, body type — used for character creation only)
  • Profile photo (if uploaded)

2.3. Chat Content

  • Messages you send to AI Companions
  • AI-generated responses
  • Images and videos generated through the Service
  • Voice recordings (if you use voice features)
  • Gifts sent to AI Companions

2.4. Payment Information

- We do not store full credit or debit card numbers.
- Payment processing is performed by third-party Merchants of Record (Apple, Google, Stripe), who may store payment details under their own privacy policies.
- We store transaction metadata: subscription status, plan type, purchase date, billing period, payment provider customer ID.

2.5. Device and Technical Data

  • IP address (used for geolocation, fraud prevention, and service rendering)
  • Mobile Advertising ID (if not disabled by you)
  • Device model, operating system, app version
  • Browser type and version (for web)
  • Screen resolution
  • Approximate geolocation (country / city — based on IP)

2.6. Usage Data

  • App / web events (screen views, button clicks, feature usage)
  • Session duration
  • Daily message count
  • Subscription and purchase events
  • Crash logs and performance metrics

2.7. Server Logs

Our hosting provider automatically logs browser type and version, operating system, referrer URL, host name, time of server request, and IP address. Logs are kept for 2 weeks for security and error analysis (GDPR Art. 6(1)(f)).

2.8. Cookies and Tracking

We use cookies and similar technologies on the website. See Section 6 for details.

2.9. Personal Data of Children

The Service is strictly for users aged 18 and over. We do not knowingly collect personal data from minors. If we learn that a minor has registered, we will delete the account immediately.

3. How We Use Your Data

We process personal data for the following purposes:

PurposeLegal basis (GDPR)
Providing and operating the ServiceContract (Art. 6(1)(b))
Processing payments and subscriptionsContract
AI Companion conversations and personalizationContract
Improving the Service and AI models (aggregated, anonymized)Legitimate interest (Art. 6(1)(f))
Sending product updates and important noticesContract / Consent
Marketing communications and promotional offersConsent (Art. 6(1)(a))
Advertising and audience targetingConsent
Fraud prevention and securityLegitimate interest
Compliance with legal obligationsLegal obligation (Art. 6(1)(c))

4. How We Share Your Data (Third Parties)

We work with the following categories of third-party service providers. Each provider has access only to data necessary to perform its function and is contractually obligated to protect your data.

4.1. AI Model Providers

  • OpenAI Inc. (USA) — AI text generation (chat conversations). Data shared: message content.
  • OpenRouter / X.AI (Grok) (USA) — alternative AI text generation.
  • ElevenLabs Inc. (USA) — Voice synthesis for voice call features.
  • fal.ai (USA) — AI image and video generation.
  • getimg.ai — Character image generation.

4.2. Payment Processors (Merchants of Record)

  • Apple Distribution International Ltd. (Ireland)
  • Google Commerce Limited (Ireland)
  • Stripe Payments Europe Ltd. (Ireland)
  • RevenueCat Inc. (USA)
  • FunnelFox — Funnel checkout processing.
  • Web2Wave — Web paywall processing.

4.3. Analytics and Attribution

  • Google Firebase Analytics (USA)
  • AppsFlyer Ltd. (Israel)
  • Sentry (USA)
  • Firebase Crashlytics (USA)
  • Microsoft Clarity (USA)

4.4. Advertising and Marketing

  • Meta / Facebook
  • Google Ads
  • TikTok Ads
  • Snapchat Ads

4.5. Push Notifications and Engagement

  • Firebase Cloud Messaging (Google LLC)
  • Pushwoosh
  • Resend

4.6. Infrastructure and Storage

  • Amazon Web Services (AWS)
  • PostgreSQL / Cloud SQL
  • Redis

4.7. Customer Support

Zendesk (USA)

4.8. Cookie Consent

Cookiebot

4.9. We Do NOT Sell Personal Data

We do not sell your personal data to third parties for monetary consideration. Sharing for advertising purposes does not constitute a sale under most jurisdictions.

5. International Data Transfers

Your personal data may be transferred to and processed in countries outside Cyprus and the EEA, including the United States, Israel, and other EU member states. For transfers from the EEA / UK / Cyprus to the United States or other countries without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent safeguards.

6. Cookies and Tracking Technologies

We use cookies on our website to enable basic functionality, remember preferences, analyze usage, and display relevant ads. You can manage cookies via the consent banner (Cookiebot) on first visit, or via your browser settings.

7. Your Rights

Under the EU General Data Protection Regulation (GDPR), the Cyprus Law 125(I)/2018, the California Consumer Privacy Act / CPRA, and other applicable laws, you have the right to:

  • Access: Request a copy of personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your account and personal data.
  • Restriction: Restrict processing in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Object: Object to processing for marketing or based on legitimate interest.
  • Withdraw consent: Withdraw consent for processing based on consent.
  • Complain: Lodge a complaint with your local data protection authority.

7.1. Account Deletion

You can delete your account directly in the app: Settings → Delete Account. Account deletion will mark your account as deleted, anonymize personal identifiers, and permanently remove account data within a reasonable period (typically within 90 days).

7.2. Marketing Opt-Out

Unsubscribe from marketing emails via the link at the bottom of each email, or in your account settings.

7.3. Advertising Opt-Out

Disable Mobile Advertising ID in your device settings, or use the cookie consent banner on the website.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy or as required by law.

General retention periods:

  • Active account data: retained while your account is active.
  • Deleted account data: anonymized following the deletion request, fully removed within a reasonable period (typically within 90 days).
  • Chat messages: retained while your account is active, removed in line with account deletion.
  • Server logs: 2 weeks.
  • Crash and error logs: 90 days.
  • Marketing consent records: retained for the duration of consent + 3 years for proof.

9. Security

We use industry-standard technical and organizational measures to protect your personal data: SSL / TLS encryption for data in transit, encryption at rest for sensitive data, access controls and authentication, regular security audits, and incident response procedures.

If we become aware of a personal data breach affecting your rights, we will notify the Cyprus Office of the Commissioner for Personal Data Protection and (where required) you, within 72 hours of becoming aware (GDPR Art. 33).

10. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights including the right to know what categories of personal information we collect, the right to delete personal information, the right to correct inaccurate personal information, the right to opt out of "sale" or "sharing" of personal information, and the right to limit use of sensitive personal information.

11. Complaints and Authority

If you believe that the processing of your personal data violates the GDPR or Cyprus data-protection law, you may submit a complaint to the Cyprus Office of the Commissioner for Personal Data Protection:

  • Website: https://www.dataprotection.gov.cy
  • Address: 1 Iasonos Street, 1082 Nicosia, Cyprus

We request that you first contact us at info@lovlai.io so that we may attempt to resolve the matter directly.

12. Changes to This Policy

We may update this Policy at any time. Material changes will be communicated via in-app notification, email, or website banner. Your continued use of the Service after a change constitutes acceptance.

13. Contact

For privacy questions or data subject requests:

Email: info@lovlai.io

Support: support.lovlai.io