intichat
← Back home

Privacy Policy

Last updated: June 19, 2026

This Privacy Policy explains how IntiChat ("IntiChat", "we", "us") collects, uses, stores, and shares personal data when you use our website and services (the "Service"). It is written to comply with the EU/UK GDPR and applicable US state privacy laws (including CCPA/CPRA). By using the Service you confirm that you are at least 18 years old and that you have read this policy.

1. Who we are (controller)

IntiChat is operated by Skiftanu (sole proprietorship, Sweden) and is the data controller for personal data processed through the Service. You can reach us at info@skiftanu.se. We do not have a designated DPO; privacy requests are handled by the operator at the same address.

2. Data we collect

  • Account data — email address, authentication identifiers, login provider (e.g. Google), and display name.
  • Chat & intimate content — the messages you send to AI companions, AI replies, scene choices, companion memory entries, bond progression, and voice transcripts. Because of the nature of the Service, this content is often sexual or otherwise intimate. We treat it as highly sensitive even though it is not "special category data" under GDPR Art. 9 (it concerns fictional AI characters, not your health, sex life with real persons, or sexual orientation as defined in Art. 9).
  • Voice data — audio you send for transcription and audio we synthesize for replies, processed via our voice provider (ElevenLabs). Raw audio is not retained by us beyond the request.
  • Device sync data — pairing identifiers and sync events for connected devices (e.g. Handy, Lovense) when you choose to connect them. Pairing tokens are short-lived.
  • Billing data — handled by Stripe. We receive subscription status, plan, country, and the last 4 digits of your card. We never receive full card numbers.
  • Technical data — IP address, browser/user-agent, basic analytics, and error logs needed to operate the Service and prevent abuse.

3. How we use your data

  • To provide the Service (chat, voice, memory, bond progression, device sync).
  • To send your messages to AI model providers so they can generate a reply (see §5).
  • To process payments and manage your subscription.
  • To debug issues, fix bugs, prevent abuse, and enforce our Acceptable Use Policy.
  • To communicate with you about your account and material changes.
  • To comply with legal obligations (e.g. tax records, lawful requests).

We do not use your chat content to train AI models, and we do not allow our processors to train their public models on your content (see §5).

4. Legal basis (GDPR)

We rely on (a) performance of a contract to deliver the Service you signed up for (chat, voice, billing); (b) legitimate interest in keeping the Service safe, debugging, preventing fraud and abuse; (c) your consent for optional features such as voice, device pairing, and non-essential cookies, which you can withdraw at any time; and (d)legal obligation for tax and accounting records.

5. Who can access your data (sub-processors & operator access)

We share data only with the sub-processors needed to run the Service. We do not sell your personal data, we do not share it with advertisers, and we do not use it for cross-context behavioural advertising.

  • Lovable Cloud (hosting, database, auth) — stores your account, chat history, and subscription data. Data is processed in the EU and/or the US under Standard Contractual Clauses.
  • AI model providers (e.g. via the Lovable AI Gateway, with models from Google and others) — receive your messages, companion configuration, and recent chat context in order to generate a reply. Inputs and outputs are not used to train their public models. Inference may occur on EU and US infrastructure.
  • ElevenLabs — voice transcription (Scribe) and text-to-speech. Audio and text are processed solely to return a transcript or generated voice.
  • Stripe — payments, tax compliance, and fraud prevention.
  • Device APIs — Handy and Lovense developer APIs, only when you actively pair a device. Pairing identifiers are sent to those providers as required to control the device.
  • Error and uptime monitoring — technical logs that may incidentally include IDs or request metadata, used to keep the Service running.

Operator access (transparency)

You should know that, like every hosted online service, your data is not end-to-end encrypted from us. The operator of IntiChat has technical administrative access to the database that stores chats, profiles, and subscription records, and uses that access to debug issues, respond to support requests, investigate abuse, and comply with legal obligations. Staff of our hosting and AI sub-processors may, under contract and on a need-to-know basis, also have technical access to the systems where your data is stored or processed. We do not read chats for entertainment, do not share them with third parties outside the sub-processors listed above, and do not sell them.

6. Retention

Account, chat, and companion-memory data are retained while your account is active so the companion can remember you. You can delete individual memories from the in-app Memory panel, and you can delete your account at any time from Settings. Once you delete your account we erase your personal data within 30 days, except (a) billing and tax records we are legally required to keep (typically 7 years in Sweden), and (b) abuse-prevention records where we have a legitimate interest to keep them.

7. Your rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA/CPRA, and similar US state laws), you have the right to access, correct, delete, export, or restrict processing of your data, to object to processing based on legitimate interest, to withdraw consent, and to opt out of any "sale" or "sharing" of personal information (we do neither). EU/UK residents may also lodge a complaint with their supervisory authority — in Sweden, the Integritetsskyddsmyndigheten (IMY). Contact info@skiftanu.se and we will respond within 30 days.

8. Security

We use TLS in transit, encryption at rest provided by our hosting platform, scoped access controls, row-level security on user data, and authenticated server endpoints for sensitive operations. No system is perfectly secure — please use a strong, unique password and enable any additional account protections offered by your login provider.

9. Age restriction

IntiChat contains adult content and is strictly for adults aged 18 or older (or the age of majority in your jurisdiction, whichever is higher). We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us and we will delete it immediately.

10. International transfers

Our infrastructure and sub-processors may process data in the EU and the United States. Where personal data leaves the EEA/UK we rely on the EU Standard Contractual Clauses (and the UK Addendum where applicable) as the transfer mechanism.

11. Cookies

See our Cookie Policy for details on the strictly necessary cookies we use for login and session management, and the optional analytics cookies which require your consent.

12. Changes

We may update this policy. Material changes will be announced in-app or by email. Continued use after the effective date constitutes acceptance.

PrivacyTermsRefundsCookiesAcceptable UseContact