Privacy Policy

SpeakWith is operated by SpeakWith ("we", "us", "our"). We are the data controller responsible for your personal data. For any questions regarding the processing of your personal data, you can reach us at [email protected].

Contractual Necessity (Article 6(1)(b) GDPR)

We process your account information, chat data, and usage data as necessary to provide you with our AI chat services. This includes account creation, message delivery, conversation management, and virtual currency transactions.

Consent (Article 6(1)(a) GDPR)

We rely on your explicit consent for: sending marketing communications, using cookies for analytics and personalization, processing AI interaction data for model improvement, and push notifications. You may withdraw consent at any time through your account settings or by contacting us.

Legitimate Interest (Article 6(1)(f) GDPR)

We process certain data based on our legitimate interests in: ensuring platform security and preventing fraud, improving our services and fixing technical issues, enforcing our Terms of Service and content moderation. We balance these interests against your rights and freedoms.

Legal Obligation (Article 6(1)(c) GDPR)

We retain certain data as required by applicable laws, including financial transaction records for tax and accounting purposes.

Account Information

When you create an account, we collect your email address and password (stored securely using bcrypt hashing). If you sign in with Google, we receive your Google profile ID and email.

Profile Information

You may optionally provide your display name, nickname, gender, language preference, and country.

Chat & AI Interaction Data

We store messages you send to AI characters to provide our services. This includes message content, timestamps, content type (text, image, video, voice), and the characters you interact with. AI-generated responses are also stored as part of your conversation history. Character memories (facts the AI remembers about you) are stored per character.

Usage Data

We collect information about how you use SpeakWith, including pages visited, features used, session duration, device type, browser type, IP address, and referrer URLs.

Payment Information

If you purchase a subscription or virtual currency (Stars), payment processing is handled by Stripe. We store your Stripe customer ID and transaction records (amounts, dates, status) but never store your full credit card details.

Device & Notification Data

If you enable push notifications, we store your device push token and platform information.

We use the collected information to: provide, maintain, and improve our AI chat services; personalize your experience and character recommendations; store character memories to enhance conversation quality; process transactions and manage your account; communicate with you about updates, security alerts, and support; analyze usage patterns to enhance platform performance; enforce our Terms of Service, moderate content, and prevent abuse.

Your conversations with AI characters are processed using self-hosted AI models (Ollama). Conversation data stays within our infrastructure and is not sent to third-party AI providers. Character memories are extracted from your conversations to personalize your experience. We do not use your private conversations for advertising purposes. You can request deletion of your conversation history and associated memories at any time through your account settings or by contacting us.

We use cookies and similar technologies for authentication, preferences, and analytics. For detailed information about the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

We do not sell, rent, or trade your personal information to third parties. We share data with the following categories of service providers who assist in operating our platform:

Payment Processing

Stripe, Inc. (USA) — processes payments for subscriptions and Stars purchases. Subject to Stripe's Data Processing Agreement and Privacy Policy.

Infrastructure & Hosting

Our servers and databases are hosted within our managed infrastructure. Data is stored on servers located in our hosting region.

AI Processing

We use self-hosted Ollama for language model inference and ComfyUI for image generation. These run on our own infrastructure and do not transmit data to external parties.

Legal Requirements

We may disclose data when required by law, court order, or to protect our legal rights. In the event of a merger, acquisition, or sale of assets, we will notify users with appropriate notice.

Your data may be processed on servers located outside your country of residence. Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on adequacy decisions. For transfers to the United States (e.g., Stripe), we rely on the EU-U.S. Data Privacy Framework where applicable.

Right of Access (Article 15)

You can request a copy of the personal data we hold about you. Use the "Export My Data" feature in your account settings or contact us.

Right to Rectification (Article 16)

You can update or correct your personal information through your account settings at any time.

Right to Erasure (Article 17)

You can request deletion of your account and all associated data through your account settings. Upon deletion, we will remove your profile, conversations, messages, character memories, collections, notifications, and push tokens. Anonymized audit logs and legally required financial records may be retained.

Right to Data Portability (Article 20)

You can request and download your data in a structured, machine-readable JSON format through the "Export My Data" feature in your account settings.

Right to Restrict Processing (Article 18)

You can request that we restrict processing of your data in certain circumstances, such as when you contest accuracy or object to processing.

Right to Object (Article 21)

You can object to processing based on legitimate interests. You can opt out of marketing communications at any time.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time through your account settings or the consent management panel. Withdrawal does not affect the lawfulness of processing before withdrawal.

Automated Decision-Making (Article 22)

Our AI characters generate responses automatically based on your messages. These are for entertainment purposes only and do not produce legal or similarly significant effects. Content moderation filters may automatically block certain messages based on safety rules.

We retain your personal data for as long as your account is active or as needed to provide services. Specific retention periods: Account data is retained until you request deletion. Chat history and character memories are retained until you request deletion. Usage analytics are retained for 12 months in identifiable form, then anonymized. Payment transaction records are retained for 7 years as required by tax regulations. Audit logs are anonymized upon account deletion but retained for security purposes for up to 24 months. After account deletion, all personally identifiable data is removed within 30 days, except where retention is required by law.

We implement industry-standard security measures to protect your data, including: encryption in transit (TLS/SSL) and at rest; secure password hashing with bcrypt; JWT-based authentication with token expiration; rate limiting and bot protection (Cloudflare Turnstile); content filtering on AI inputs and outputs; regular security audits and access controls. However, no method of transmission over the internet is 100% secure.

SpeakWith is not intended for users under 18 years of age. We implement an age verification gate at first visit. We do not knowingly collect personal information from minors. If we discover that a minor has created an account, we will promptly delete it and all associated data.

If you believe that our processing of your personal data infringes GDPR, you have the right to lodge a complaint with a supervisory authority. You may do so in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement. A list of supervisory authorities is available at the European Data Protection Board website (edpb.europa.eu).

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our platform at least 30 days before changes take effect. The "Last updated" date at the top of this policy indicates the most recent revision. Continued use of SpeakWith after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, wish to exercise your data rights, or want to contact our data protection team, please reach out to us at [email protected]. We aim to respond to all data subject requests within 30 days, as required by GDPR.