Back to Home

Privacy Policy

Last updated: April 5, 2026

Introduction

Welcome to Persona AI ("we," "us," or "our"). Persona AI is an AI companion chat application operated from the Netherlands, European Union. We are committed to protecting your privacy and handling your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have. By using Persona AI, you agree to the practices described in this policy.

What We Collect

Account Information

  • Email address— provided via Google OAuth sign-in.
  • Display name— set by you during onboarding or pulled from your Google account.

Chat Messages

  • Messages you send to and receive from AI characters are stored encrypted in our database.
  • Messages are processed by our AI provider to generate responses, maintain character memory, and improve conversation quality.

Subscription Status

  • We store whether you have an active subscription and its tier, synced from the Apple App Store or Google Play. We do not store payment card numbers or billing details.

AI-Generated Photos

  • Photos generated by AI characters during conversations are stored temporarily on our servers and may be cached on your device.

Usage Analytics

  • Message counts, feature usage patterns, and session data to improve the service.

Technical Data

  • FCM tokens— for delivering push notifications to your device.
  • Device timezone— so AI characters can message you at contextually appropriate times.

Optional Integrations

You may choose to connect the following services. Each integration is opt-in and can be disconnected at any time:

  • Google Calendar(read-only) — we access only event titles and start/end times so characters can reference your schedule in conversation. We do not read event descriptions, attendees, locations, or any other calendar details.
  • YouTube— watch history is used to suggest conversation topics related to content you enjoy.
  • Apple Music— the currently playing track is used so characters can react to what you're listening to.
  • Twitch— followed channels are used for conversation personalization.

What We Do NOT Collect

  • Calendar event details beyond titles and times (no attendees, descriptions, or locations).
  • Passwords— authentication is handled entirely through OAuth; we never see or store your password.
  • Payment information— all transactions are processed by Apple or Google; we only receive subscription status confirmations.
  • Precise location data— we do not track your GPS location. If you voluntarily share your city in conversation, that information may be stored as part of character memory.

How We Use Your Data

We use your data for the following purposes:

  1. Providing the service— generating AI responses, maintaining character memory, and delivering proactive messages.
  2. Personalization— tailoring conversations based on your interests, integration data, and conversation history.
  3. Push notifications— sending character messages and activity updates to your device.
  4. Subscription management— verifying your subscription status to unlock premium features.
  5. Service improvement— analyzing aggregate usage patterns to improve features, fix bugs, and develop new functionality.
  6. Safety and moderation— detecting and preventing abuse, harmful content, or violations of our Terms of Service.

We do not sell your personal data to third parties. We do not use your data for advertising.

Legal Basis for Processing (GDPR)

Under the GDPR, we process your data on the following bases:

  • Contract performance(Art. 6(1)(b)) — processing necessary to provide you with the Persona AI service you signed up for.
  • Consent(Art. 6(1)(a)) — for optional integrations (Google Calendar, YouTube, Apple Music, Twitch). You may withdraw consent at any time by disconnecting the integration.
  • Legitimate interests(Art. 6(1)(f)) — for usage analytics, service improvement, and security measures, where these interests are not overridden by your rights.

Third-Party Services

We use the following third-party services to operate Persona AI:

  • Anthropic (Claude)— AI language model provider. Your messages are sent to Anthropic's API to generate character responses. Anthropic processes this data under their Privacy Policy. Under our commercial API agreement, Anthropic does not use your conversations to train their models.
  • Google— OAuth authentication provider and optional integration services (Calendar, YouTube).
  • Apple— App Store distribution and in-app purchase/subscription processing.
  • Google Play— app distribution and in-app purchase/subscription processing.
  • Supabase— cloud database and backend hosting provider. Data is stored in Supabase-managed infrastructure with encryption at rest and in transit.
  • Firebase Cloud Messaging (FCM)— push notification delivery.

Each third-party provider processes data in accordance with their own privacy policies. We ensure appropriate data processing agreements are in place where required by GDPR.

Data Retention

  • Account data— retained for the lifetime of your account. Deleted within 30 days of account deletion.
  • Chat messages and character memory— retained for the lifetime of your account. You may request deletion of specific conversations or all data at any time.
  • AI-generated photos— stored temporarily and may be purged periodically. Cached copies on your device follow your device's storage policies.
  • Integration data— refreshed in real-time and not permanently stored beyond what is needed for the current session or character memory context.
  • Usage analytics— retained in aggregate form. Individual-level analytics are deleted after 12 months.

Data Security

We take reasonable technical and organizational measures to protect your personal data, including:

  • Encryption of chat messages in our database.
  • Encryption in transit (TLS/HTTPS) for all communications.
  • OAuth-based authentication (no passwords stored on our systems).
  • Row-level security policies ensuring users can only access their own data.
  • Regular security reviews of our infrastructure.

No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Your Rights

Under the GDPR, as a data subject in the EU, you have the following rights:

  • Right of access(Art. 15) — request a copy of all personal data we hold about you.
  • Right to rectification(Art. 16) — request correction of inaccurate or incomplete data.
  • Right to erasure(Art. 17) — request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing(Art. 18) — request that we limit how we use your data.
  • Right to data portability(Art. 20) — receive your data in a structured, machine-readable format.
  • Right to object(Art. 21) — object to processing based on legitimate interests.
  • Right to withdraw consent— for consent-based processing (e.g., optional integrations), you may withdraw at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at rebel.gg.team@gmail.com. We will respond within 30 days as required by GDPR.

You also have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.

International Data Transfers

Some of our third-party service providers (Anthropic, Google, Firebase, Supabase) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, to protect your data in compliance with GDPR.

Children's Privacy

Persona AI is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at rebel.gg.team@gmail.com and we will promptly delete the data.

Users between 13 and 16 in the EU may require parental consent to use the service, in accordance with local implementations of GDPR Article 8.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email. The "Last updated" date at the top of this page reflects the most recent revision.

Continued use of Persona AI after changes take effect constitutes acceptance of the revised policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: