Privacy
Policy
Your privacy is important to us. Learn how we protect your data.
1. Data Controller
Viktor Kerner
Sole Proprietorship (Jednoosobowa działalność gospodarcza)
Polna 7, 64-000 Kiełczewo, Poland
Email: legal@ailina.chat
Responsible data protection supervisory authority: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, Poland. As an EU citizen, you can also contact the data protection authority of your country.
2. Data Collection and Processing
Account and Authentication Data:
Your Google account is used once for authentication. We store your email address and user ID.
Chat Content:
Your messages are stored on our servers (Supabase) to show you your chat history. This data is encrypted and only visible to you.
Voice Messages:
When you record a voice message, the audio file is stored encrypted on our servers (Supabase Storage, EU) so you can listen to it again later. Voice messages are automatically and irrevocably deleted after 3 days. Deletion is automated via a daily cleanup process. Audio files are not shared with third parties and not used for AI training. AI-generated voice responses (text-to-speech) are deleted after 14 days.
Metadata:
We store timestamps, characters used, and usage statistics to improve our service.
Payment Data:
All payments are processed through our payment service provider Centrobill (Centrobill Ltd., EU, PCI-DSS certified). Card and bank details are entered exclusively on the encrypted Centrobill payment page — we never store card or bank data. We only receive: transaction ID, status, amount, product identifier and timestamp. This data is used for activating your subscription/coin balance, invoicing, and statutory retention (e.g. § 147 AO, § 257 HGB — typically 10 years for tax and commercial law purposes). Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (statutory retention obligation).
Email Marketing & Newsletter
Existing customers: If you make a purchase, we use your email address to occasionally inform you about our own similar offers (e.g. your remaining diamond balance or new features). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in direct marketing, Recital 47) in conjunction with § 7(3) UWG. You can object to this use at any time, free of charge — via the unsubscribe link in every email or in your profile settings. After an objection you will receive no further advertising.
Newsletter: We send promotional newsletters without a prior purchase exclusively with your explicit consent (Art. 6(1)(a) GDPR), given when you check the newsletter box. You can withdraw this consent at any time with effect for the future — withdrawal is as easy as giving consent (unsubscribe link / profile).
3. Purpose of Data Processing
✓ Authentication and account management
✓ Storage and display of your chat content
✓ Improvement of our AI models (anonymized)
✓ Sending important service notifications
✓ Security and abuse prevention
4. Your Rights
Right of Access: You can find out at any time what data we have about you.
Right to Deletion: You can delete your account and all associated data at any time.
Right to Data Portability: You can export your data in a standard format.
Right to Rectification: You can correct inaccurate data.
5. Data Sharing
We only share your data when:
✗ You explicitly consent
✗ It is legally required (e.g. law enforcement)
✗ It is necessary for the provision of essential services
We work with the following service providers:
✓ Supabase — Authentication and database (EU servers)
✓ Google — OAuth login
✓ OpenRouter — AI chat and content moderation (USA, SCCs in place): DeepSeek V3.2 (primary chat model), Meta Llama Guard 4 12B (content moderation), Google Gemini 2.0 Flash (policy moderation layer 2)
✓ Novita.ai — AI chat (Microsoft WizardLM-2 8x22B, Sao10K Euryale v2.2, Stheno), image generation (EpicRealism XL, JuggernautXL, RealisticVision v6, Hassaku, Seedream 5.0 Lite), video generation (WAN 2.2), face merge (USA, SCCs in place)
✓ Replicate — Image generation (FLUX Dev-LoRA by Black Forest Labs, FLUX 1.1 Pro Ultra for pet images), face identity (FLUX PuLID, codeplugtech Face-Swap) (USA, SCCs in place)
✓ CivitAI — Open-source LoRA model weights for image generation (downloaded and processed via Replicate; NO user data is transmitted to CivitAI)
✓ Pollinations.ai — Image generation (FLUX, as fallback) and chat fallback (OpenAI-compatible endpoint, USA, SCCs in place)
✓ fal.ai — Image generation for character avatars (USA, SCCs in place)
✓ ElevenLabs — Speech synthesis / text-to-speech (USA, SCCs in place)
✓ Cartesia — Speech synthesis / text-to-speech (USA, SCCs in place)
✓ Mem0 — AI memory system for conversation context (USA, SCCs in place)
✓ Sentry — Error monitoring and performance monitoring (EU servers)
✓ Centrobill — Credit card processing (EU data processor, PCI-DSS certified; card entry happens exclusively on the Centrobill page, we only receive transaction IDs and status)
✓ Hotmate AI — Content moderation for card-network compliance (USA, SCCs in place); every chat message (user input and AI response) is submitted for compliance review; repeat violations trigger automatic account suspension
✓ Amplitude — Usage analytics (EU servers, consent only)
Personal chat content is never shared with third parties for their own purposes (e.g. marketing or sales). Transmission to the above-mentioned technical service providers is exclusively for the purpose of providing the service (generating responses/images). We have concluded data processing agreements with these providers that prohibit the use of your data for their own purposes (e.g. AI training).
Data transfer to third countries: Some of our service providers are based in the USA. Data transfer is based on Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. Where possible, we use EU servers (Supabase, Amplitude, Sentry).
6. AI-Generated Content & Transparency (EU AI Act)
All characters, profile pictures, chat responses, generated images, videos and voice messages displayed on ailina.chat are fully AI-generated and do not depict real persons.
What data is sent to AI services:
- Chat (OpenRouter — DeepSeek V3.2, Llama 3.3 70B / Novita.ai — WizardLM-2 8x22B, Euryale / Pollinations.ai): The last ~20 messages of your conversation are sent as context to generate a response. Chat content is not used by these providers for training (zero data retention / no storage).
- Content Moderation (OpenRouter — Meta Llama Guard 4 12B, Google Gemini 2.0 Flash): Each user message is checked by a two-layer moderation system before being forwarded to the chat model. Only the text content of the message is transmitted — no account data or personal information.
- Compliance Moderation (Hotmate AI): Required by our payment provider Centrobill for card-network compliance (Visa/Mastercard). Every chat message (user input + AI response) is asynchronously submitted to Hotmate. Transmitted data: message text, user ID, email address and the character you're chatting with. Three or more flagged messages within 30 days result in automatic account suspension.
- Image Generation (Replicate, Novita.ai, Pollinations.ai): Only text prompts (image descriptions) and possibly a character reference image are sent. Your personal messages are NOT used for image generation.
- LoRA Weights (CivitAI): These are downloaded from our server and processed via Replicate. No user data is transmitted to CivitAI.
- Speech Synthesis (ElevenLabs, Cartesia): Only the text of the bot response is sent to the provider to generate the speech output.
- Memory (Mem0): Anonymized conversation summaries are stored to maintain context across multiple sessions. No real names or personal data are transmitted to Mem0.
The LoRA models used are freely available open-source weights and do not contain biometric data of real persons.
7. Security
Your data is transmitted using modern encryption technologies (TLS/SSL). Chat content is encrypted on our servers.
However: No method is 100% secure. We cannot guarantee absolute security.
8. Cookies and Tracking
We use cookies and similar technologies. On your first visit, you will be asked for consent via a cookie banner. Both options (“Only Necessary” and “Accept All”) are presented equally.
Legal Basis: Art. 6(1)(a) GDPR (consent) for analytics cookies, Art. 6(1)(f) GDPR (legitimate interest) for necessary cookies.
Necessary Cookies (always active, no consent required):
✓ sb-*-auth-token — Supabase session (authentication, validity: session)
✓ ailina_age_verified — Age verification (30 days)
✓ ailina_cookie_consent — Your cookie settings (unlimited until revocation)
Analytics Cookies (only with your explicit consent):
Provider: Amplitude, Inc. — Usage analytics
Server location: EU (Frankfurt, GDPR-compliant)
Storage duration: Amplitude cookies are stored for a maximum of 12 months
Data processing: Agreement pursuant to Art. 28 GDPR with Amplitude
What is collected (only with consent):
✓ Page views and navigation behavior
✓ Clicks on buttons and interactive elements (e.g. “message sent”, “character selected”)
✓ Wizard progress during character creation (step numbers)
✓ Technical information: browser type, device type, screen size, operating system
✓ Anonymized session recordings (Amplitude Session Replay) for error detection
What is NOT collected:
✗ Chat content or personal messages
✗ Passwords or payment data
✗ Email addresses (except as pseudonymized user ID)
✗ IP addresses are not stored by Amplitude
Purpose: Improving user-friendliness, detecting errors and non-functioning elements, optimizing user flow during the beta phase.
Revocation: You can revoke your consent at any time via the “Cookie Settings” link in the page footer. From the point of revocation, no further analytics data will be collected.
We do NOT use Google Analytics and do NOT share tracking data with third parties.
9. Data Retention
Your chat content is stored as long as your account is active. After account deletion, all data is deleted within 30 days. Accounts that remain fully inactive for more than 12 months (no login and no messages) are automatically deleted after a prior email reminder (storage-limitation principle, Art. 5(1)(e) GDPR).
10. Changes to this Policy
If we change this privacy policy, we will notify you by email.
11. Contact
Questions about data protection? Contact us: legal@ailina.chat
You have the right to file a complaint with the competent data protection supervisory authority. For our registered office in Poland, the UODO (Urząd Ochrony Danych Osobowych) is responsible. You can also contact the authority in your EU country.