๐Ÿ’— Join Free

Core Policies

Privacy Policy

How we handle your personal information

Last modified April 30, 2026 Draft

This Privacy Policy describes the types of information collected and processed by Howdoicomputer, LLC, referred to here as "Loved AI," "we," "our," or "us."

We take the protection of your information seriously. All user and product data handled by Loved AI is encrypted both at rest and in transit using industry-standard AES encryption and TLS 1.3 protocols. Our databases are hosted on a SOC 2 Type 2-certified platform that provides encryption throughout its infrastructure, private database connectivity, audit and security logs, and compliance with PCI DSS 4.0 standards under a shared responsibility model.

Except as described in this Privacy Policy, the Policy applies to any and all websites, mobile applications, and any other electronic and/or digital products and/or other services that are made available by Loved AI and that link to this Policy, and our offline services (collectively, the "Services").

By using the Services, you are agreeing to the practices described in this Policy. If you do not agree to the practices described in this Policy, please do not access or use the Services.

Undefined capitalized terms used herein shall have the meaning set forth in the Loved AI Terms of Service.

1. Information We Collect

When you access or otherwise use our Services, we may collect information from you. The types of information we collect depend on how you use our Services. Please note that we need certain types of information to provide the Services to you. If you do not provide us with such information, or if you ask us to delete that information, you may no longer be able to access or use certain Services.

Information you provide directly to us. Information you provide directly may include, but is not limited to:

  • Email address;
  • User name;
  • Payment information (e.g. through our payment processing vendors);
  • Your User Content (as defined in the Terms of Service), such as chat communications, posted images, and shared Characters;
  • Age verification confirmation; and
  • Contents of communications with us.

You are not required to provide us with such information, but certain features of the Services may not be accessible absent the provision of the requested information.

Information we collect automatically. We and our third-party vendors, which include analytics companies such as Google Analytics, may use cookies, web beacons, and other tracking technologies to collect information about the computers or devices you use to access the Services. We may collect and analyze information including:

  • Browser type;
  • ISP or operating system;
  • Domain name;
  • Access time;
  • Referring or exit pages;
  • Page views;
  • IP address;
  • Unique device identifiers;
  • Version of our Services you're using; and
  • The type of device that you use.

We may also track when and how frequently you access or use the Services. We may use this information for analytics, to evaluate the success of any campaigns, and as otherwise described in this Policy.

Most web browsers automatically accept cookies, but your browser may allow you to modify your browser settings to decline cookies if you prefer. If you disable cookies, you may be prevented from taking full advantage of the Services.

When you use the Services, we may collect general location information (such as general location inferred from an IP address).

Information we collect from other sources. We may collect information about you from other parties, such as when you are referred to us by another user. We may also collect information when you connect to your account using an account maintained by a third party (a "Third-Party Account") such as Google. Connecting your account to a Third-Party Account is optional. You can revoke permission by logging into the Third-Party Account and disconnecting Loved AI from there.

2. How We Use the Information We Collect

We may use your information for any of the following purposes:

  • Provide and administer the Services;
  • Personalize the Services;
  • Communicate with you about features, changes to our terms, or marketing;
  • Respond to your inquiries, comments, feedback, or questions;
  • Analyze, maintain, improve, modify, customize, and measure the Services;
  • Develop new programs and services;
  • Detect and prevent fraud, criminal activity, or misuse of the Service, and ensure the security of our IT systems;
  • Comply with legal obligations and legal process and to protect our rights, privacy, safety, or property; and
  • Carry out any other purpose for which the information was collected.

We do not use your User Content (chats, generated images, characters) to train AI models. Magnum, Z-Image, and any other models we use are pre-trained by their authors; we do not perform additional training on conversations or generations from the Services.

We may combine information that we collect from you through the Services with information that we obtain from other sources. We may also aggregate and/or de-identify information collected through the Services for any purpose, including research.

3. When We Disclose the Information We Collect

We may disclose your information in any of the following circumstances:

  • Affiliates. Entities that control, are controlled by, or are under common control with Loved AI. Affiliates may use the information we disclose in a manner consistent with this Policy.
  • Vendors. Employees, consultants, and other vendors who need access to such information to carry out work or perform services on our behalf, such as data storage (Hetzner, Cloudflare R2), payment processing (Stripe), analytics, customer service, and legal services.
  • Inference vendors. Where we use a third-party inference provider (e.g. OpenRouter, Together.ai) to generate AI responses or images, your prompts and the resulting generations are sent to that vendor. We select vendors that contractually agree not to retain or train on your data.
  • Safety and Protection of Loved AI and Others. Where we believe in good faith that doing so is necessary to protect or defend us or other parties.
  • Advertising and Analytics. We do not currently engage in advertising. If we do in the future, we will update this Policy and the disclosures below.
  • Legal Requirements. To comply with any law enforcement, legal, or regulatory process, such as a warrant, subpoena, or court order.
  • CSAM Reporting. Required reports to the National Center for Missing & Exploited Children (NCMEC) under federal law if we discover sexual content depicting minors.
  • Business Transfers. In connection with negotiations or closing of any merger, sale of company assets, financing, or acquisition.
  • Your User Content. Certain actions you take may be visible to other users of the Services. For example, if you publish a Character to the curated gallery, that Character becomes visible to other users.
  • With Your Consent. Where you have consented or directed us to disclose information.

4. Online Analytics and Tailored Advertising

Analytics. We may use third-party web analytics services on the Services, such as Google Analytics. To prevent Google Analytics from using your information for web analytics, you may install the Google Analytics Opt-Out Browser Add-on.

Tailored Advertising. Though we do not engage in tailored advertising as of the date of this Policy, we may in the future. If we do, we will update this Policy first.

5. Your Choices

We offer you certain choices regarding the collection, use, and disclosure of information about you.

Profile information. You may deactivate your account through your Profile page. You may also verify, correct, update, or delete certain of your information through your Profile page.

Marketing communications. You can unsubscribe from marketing emails by following the directions in those emails. We may still send you administrative emails regarding the Services, including notices of updates to our Terms of Service or this Policy.

Cookies and analytics. You can opt out of certain cookie-related and analytics processing by following the instructions in this Policy.

Rights to information about you. Depending on your jurisdiction, you may request that we:

  • Provide you with information about the categories of personal information we collect or disclose;
  • Provide access to and/or a copy of certain information we hold about you;
  • Prevent the processing of your information for direct-marketing purposes;
  • Update information which is out of date or incorrect;
  • Delete certain information that we are holding about you;
  • Restrict the way that we process and disclose certain information about you;
  • Transfer your information to a third-party provider of services;
  • Opt you out of profiling that produces legal or similarly significant effects; and
  • Revoke your consent for the processing of your information.

You may designate an authorized agent to make requests on your behalf.

Please note that certain information may be exempt from such requests under applicable law. We may need certain information in order to provide the Services to you; if you ask us to delete it, you may no longer be able to use the Services.

You also have the right to not be discriminated against for exercising your rights.

To exercise any of these rights, contact us at [email protected].

6. Regional Privacy Disclosures

Residents of the European Economic Area and United Kingdom. Loved AI is currently US-only and does not offer the Services to residents of the EEA or UK. If we expand to those regions in the future, this Policy will be updated to reflect data-controller obligations under the GDPR and UK GDPR, including legal grounds for processing (contractual commitments, consent, legitimate interests, legal compliance) and the right to lodge a complaint with the relevant supervisory authority.

Residents of Nevada. Nevada residents have the right to opt-out of the sale of certain personal information. Contact us at [email protected] with the subject line "Nevada Do Not Sell Request" and your name and email. We do not currently sell your personal information as defined in Nevada Revised Statutes Chapter 603A.

Residents of California. Under the California Consumer Privacy Act ("CCPA"), the categories of personal information we collect are: identifiers, financial information (such as payment information), commercial or transactional information, internet or other electronic network activity information, general geolocation data, audio or video information (pictures and chats you submit), and inferences drawn from the information we collect.

We also collect the following categories of "sensitive personal information": (i) account log-in and password or other credentials that allow access to your account; and (ii) other sensitive personal information you may voluntarily provide to us in your capacity as an individual user of the Services (e.g. if you voluntarily post User Content revealing your sexual orientation or sexual preferences).

We collect the categories of personal information identified above from the following sources: (1) directly from you; (2) through your use of the Services; and (3) other parties such as other users and through unaffiliated parties.

"Sale" and "sharing" of personal information. We do not "sell" your personal information as defined under the CCPA. We may "share" online identifiers (e.g., cookie data, IP addresses) with analytics partners. If you would like to opt out of our "sharing" of your information for such purposes, contact us at [email protected].

We do not knowingly "sell" or "share" the personal information of children under 16.

Do-Not-Track disclosure. We do not respond to browser-initiated Do Not Track signals.

7. Children's Privacy

The Services are not designed for minors under 18, and our Terms of Service prohibit use by anyone under 18. We require self-attested age verification at the entry to the Services, and we will implement hardened identity verification (e.g. document-based KYC) before any public marketing spend.

If we discover that an individual under 18 has provided us with "personal information" as defined in the Children's Online Privacy Protection Act ("COPPA"), we will close the account and delete the personal information to the extent required by COPPA. We may, where permitted by law, retain certain information internally for moderation, audit, and legal-compliance purposes.

8. Security

Loved AI implements technical, administrative, and physical safeguards to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Specific measures include:

  • Bcrypt-hashed passwords (no plaintext storage);
  • Per-session rotating session tokens (defends against cookie-based session fixation);
  • Per-user PubSub topic scoping (chat events are owner-scoped, not character-scoped);
  • Schema-level allow-listed changesets (defends against mass-assignment);
  • Rate limiting on chat send, image generation, retries, login attempts, and confirmation-code resends;
  • TLS 1.3 in transit, AES at rest;
  • Network-layer access control on admin surfaces (Tailscale-only routing in production).

However, no Internet or email transmission is ever fully secure or error-free. Therefore, we do not promise and cannot guarantee the security of your information or communications.

9. Data Retention

We keep your information for the time necessary for the purposes for which it is processed. The length of time depends on the purposes for which we collected and use it and your choices, after which time we may delete and/or aggregate it. We may also retain and use this information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Specific retention windows:

  • Chat messages: until you delete the character or your account, whichever comes first.
  • Generated images: same as chat messages.
  • Moderation audit logs: 1 year minimum, longer if required by law.
  • Confirmation codes: invalidated after first use or after 5 failed attempts.
  • Anonymous accounts: archived after 90 days of inactivity unless claimed via signup.

10. International Data Transfers

Our Services are hosted in Europe (Hetzner, Germany) and the United States (sidearm GPU box, Cloudflare R2). Your information may be stored and processed in countries outside the country in which you reside. These countries may have data protection laws that differ from the laws in your country.

Where we transfer personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we will rely on appropriate safeguards including Standard Contractual Clauses ("SCCs") approved by the European Commission, the UK International Data Transfer Addendum where applicable, and technical and organizational measures including encryption of data in transit and at rest.

You may request a copy of the safeguards we use for international data transfers by contacting us at [email protected].

11. Links to Third Party Websites

The Services may contain links to third-party websites or services. We are not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information by third parties will be subject to the privacy policies of the third-party websites or services, and not this Policy.

12. Changes to this Policy

We may change this Policy to reflect changes in the law, our information practices, or the features of the Services. We will indicate the date of the most recent update in this Policy. If we make a material change to the Policy, you will be provided with appropriate notice. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Policy.

13. Right to Be Forgotten

You have the right to obtain from us the erasure of Personal Data concerning you without undue delay, and we undertake to erase Personal Data without undue delay where there is no good reason for us to continue processing it. Note, however, that we may not always be able to comply with a request of erasure for specific legal reasons (such as moderation audit retention requirements).

14. Time Limit to Respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Contact Us

If you have any questions about our Privacy Policy or information practices, please contact us at [email protected].

Howdoicomputer, LLC [Registered agent address โ€” TBD]