Privacy Policy

1. Information We Collect

Ami: AI Companion ("Ami", "the App", "the Service"), operated by Rizzma, Inc. ("we", "us", "our"), collects several categories of information to provide and improve our AI companion experience. We collect information you provide directly, information generated through your use of the Service, and information obtained from third-party sources.

• Account Data: When you create an account, we collect your email address, authentication credentials (via magic link or social sign-in providers such as Google or GitHub), display name, profile preferences, and subscription status.
• Conversation Data: Text messages you exchange with your AI companion, including message content, timestamps, character context, and conversation metadata. When cloud memory is enabled, we store conversation summaries and extracted facts to maintain continuity across sessions.
• Voice Data: When you use voice features, audio recordings are temporarily processed to generate AI speech responses. Voice input is transcribed in real time and discarded after processing. Voice preference settings (selected voice, language, speed) are stored with your profile.
• Usage Analytics: We collect anonymized data about how you interact with the App, including session duration, features used, button clicks, page views, character selections, error logs, and performance metrics.
• Device Information: Browser type and version, operating system, screen resolution, device type (mobile, desktop, tablet), IP address (anonymized for analytics), language and locale settings, and timezone.
• Blockchain Wallet Addresses: If you connect a Solana wallet (e.g., Phantom, Solflare) to purchase voice credits or interact with the AMI token, we collect your public wallet address. We never collect or store private keys or seed phrases.
• Character and Personality Data: Custom character configurations, personality settings, avatar selections, VRoid Hub model preferences, and any custom system prompts you create.
• Game and Visual Novel Data: Game statistics, choices made in visual novels, progress data, and preference patterns derived from interactive content.

We do not collect biometric data, government identification, or financial account details beyond what is necessary for cryptocurrency transactions.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: Delivering personalized AI companion interactions, generating contextually relevant responses, maintaining conversation memory, and enabling voice conversations in 32+ languages.
• Improving AI Quality: Analyzing aggregate usage patterns (not individual conversations) to improve response quality, reduce latency, optimize voice synthesis, and enhance the overall companion experience. Your conversations are never used to train AI models.
• Personalizing Your Experience: Remembering your preferences, adapting your companion's personality and emotional state over time, syncing your experience across devices, and tailoring content recommendations.
• Analytics and Performance: Using anonymized, aggregated data to understand feature adoption, identify bugs, monitor system health, and prioritize our product roadmap.
• Customer Support: Responding to your support requests, troubleshooting technical issues, and communicating important service updates.
• Security and Fraud Prevention: Detecting and preventing unauthorized access, abuse, spam, and other malicious activity that could harm our users or infrastructure.
• Legal Compliance: Complying with applicable laws, regulations, and legal processes, including responding to lawful requests from authorities.

3. Data Storage and Security

We take the security of your data seriously and implement multiple layers of protection to safeguard your information.

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols. This applies to text messages, voice data, API calls, and all other communications.
• Cloud Storage with Supabase: Account data, subscription information, and optional cloud memory are stored in Supabase, a secure, SOC 2 Type II compliant cloud database platform. Supabase provides row-level security, encrypted storage at rest, and regular automated backups.
• Local-First Architecture: By default, conversation data and AI memory are stored locally on your device using secure browser storage (IndexedDB with encryption). This means your most sensitive data never leaves your device unless you explicitly enable cloud memory sync.
• Data Retention Periods: Conversation messages are processed in real time and not stored on our servers by default. Cloud memory summaries are retained as long as your account is active or until you request deletion. Analytics data is retained in anonymized form for up to 12 months. Account data is retained for the duration of your active account plus 30 days after deletion to allow for account recovery.
• Access Controls: Access to user data within our organization is restricted to authorized personnel on a need-to-know basis. All access is logged and audited.
• Regular Security Audits: We conduct periodic security assessments, penetration testing, and code reviews to identify and address potential vulnerabilities.
• Incident Response: In the event of a data breach, we will notify affected users within 72 hours as required by applicable data protection laws, and take immediate remedial action.

4. Third-Party Services

To deliver the Ami experience, we integrate with several third-party service providers. Each provider processes data in accordance with their own privacy policies, which we encourage you to review.

• OpenAI / xAI (Grok): When using our default AI mode, your conversation messages are sent to OpenAI or xAI's Grok API for response generation. These providers process your messages in real time and, per their API data usage policies, do not use API inputs to train their models. Messages are transmitted over encrypted connections and are not retained by these providers beyond the processing window.
• ElevenLabs: Voice synthesis is powered by ElevenLabs. When you use voice features, text is sent to ElevenLabs' API to generate speech audio. ElevenLabs processes this data under their API terms and does not use it for model training. No raw audio of your voice input is sent to ElevenLabs — only the text to be spoken.
• Supabase: Our backend infrastructure, authentication, and optional cloud storage are powered by Supabase. Supabase stores account data, authentication tokens, subscription status, and cloud memory data (when enabled). Supabase is SOC 2 Type II compliant and encrypts data at rest and in transit.
• Zep AI: For users who enable advanced cloud memory, Zep AI provides long-term memory extraction and retrieval. Zep processes conversation summaries to extract facts, preferences, and relationship context. Zep does not store raw conversation messages — only structured memory artifacts.
• PostHog: We use PostHog for product analytics. PostHog collects anonymized usage data including page views, feature interactions, session recordings (with sensitive fields redacted), and funnel metrics. PostHog data is used exclusively for product improvement and is not shared with advertisers.
• Google Analytics: We use Google Analytics to understand website traffic patterns, user acquisition channels, and geographic distribution of our user base. Google Analytics collects anonymized data including page views, referral sources, and device information.
• Facebook Pixel: We use Facebook Pixel on our marketing pages to measure the effectiveness of our advertising campaigns. The pixel collects data about page visits and conversions. You can opt out of Facebook tracking through your browser settings or Facebook's ad preferences.
• Payment Processors: Subscription payments are processed by Stripe. Cryptocurrency transactions occur directly on the Solana blockchain. We do not store credit card numbers or payment account details on our servers.

We regularly review our third-party providers to ensure they maintain appropriate data protection standards. We only share the minimum data necessary for each service to function.

5. Custom AI Mode and BYOM (Bring Your Own Model)

Ami offers a Custom AI mode that allows you to connect your own AI model endpoint, including providers like HuggingFace, Featherless AI, or any OpenAI-compatible API. When using Custom AI mode, the data handling changes significantly.

• Direct Data Flow: Your conversation messages are sent directly from your device to your chosen API endpoint. They do not pass through Ami's servers or any third-party AI platforms we partner with.
• No Server-Side Storage: In Custom AI mode, Ami does not store, log, or process your conversation content on our servers. Messages are routed directly to your endpoint and responses are streamed back to your device.
• Local API Key Storage: Your API keys and endpoint URLs are stored locally on your device and are never transmitted to our servers. They remain entirely under your control.
• User Responsibility: When using Custom AI mode, you are responsible for understanding and accepting the privacy policies and data handling practices of your chosen AI provider. Ami cannot control how third-party endpoints process, store, or use your data.
• Voice Still Routes Through Our Systems: Even in Custom AI mode, voice synthesis (if used) is processed through our voice pipeline (ElevenLabs). Only the text-to-be-spoken is sent to the voice service — not your full conversation history.

Custom AI mode provides the highest level of conversational privacy within Ami, as your messages never touch our infrastructure. However, the privacy guarantees of your chosen endpoint are governed by that provider's policies.

6. Blockchain and Token Data

Ami integrates with the Solana blockchain through the AMI utility token. Blockchain interactions involve unique privacy considerations.

• Public Wallet Addresses: When you connect a Solana wallet, your public wallet address is visible on the blockchain. We store your wallet address in association with your account to facilitate token-based features such as voice credit purchases.
• On-Chain Transaction Data: All AMI token transactions (purchases, transfers, and usage) are recorded on the Solana blockchain and are publicly visible. This is an inherent property of blockchain technology and cannot be altered or deleted.
• No Private Key Storage: We never collect, store, or have access to your wallet's private keys or seed phrases. All transaction signing occurs within your wallet application (e.g., Phantom, Solflare).
• Token Balance Queries: We may query the blockchain to verify your AMI token balance for feature gating and voice credit calculations. These queries read only public on-chain data.

Blockchain transactions are immutable and public by design. Please be aware that your wallet address and transaction history are permanently recorded on the Solana blockchain.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data. We honor these rights for all users regardless of location.

• Right to Access: You may request a copy of all personal data we hold about you, including account information, stored memories, and analytics data associated with your account.
• Right to Deletion: You may request the deletion of your account and all associated data. Upon receiving a deletion request, we will remove your data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention).
• Right to Data Portability: You may request an export of your data in a machine-readable format (JSON). This includes your conversation history (if cloud memory is enabled), character configurations, and account settings.
• Right to Opt-Out of Analytics: You may disable analytics tracking at any time through the App's privacy settings. This will stop PostHog and Google Analytics from collecting data about your usage. Note that some basic operational logging may still occur for security and error monitoring.
• Right to Withdraw Consent: Where we rely on consent as the legal basis for processing your data, you may withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing conducted before withdrawal.
• Right to Rectification: You may update or correct inaccurate personal data at any time through your account settings or by contacting us.
• Right to Restrict Processing: You may request that we limit the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data.

To exercise any of these rights, contact us at vibe@withami.ai. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

8. International Data Transfers

Ami operates globally and is available in 13 languages. As a result, your data may be transferred to and processed in countries other than your country of residence.

• Our servers and third-party service providers may be located in the United States, the European Union, and other jurisdictions.
• When transferring data across borders, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.
• We ensure that all third-party processors handling data from the European Economic Area (EEA), United Kingdom, or Switzerland maintain adequate data protection standards.
• By using the Service, you acknowledge that your data may be transferred to and processed in jurisdictions with data protection laws that may differ from those in your country.

9. Children's Privacy

Ami is strictly intended for users aged 18 and over. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 18.

• Age verification is required during account creation. Users must confirm they are at least 18 years old.
• If we discover that we have inadvertently collected data from a user under 18, we will promptly delete that data and terminate the associated account.
• If you believe a minor has provided us with personal information, please contact us immediately at vibe@withami.ai so we can take appropriate action.
• We do not target or market our services to individuals under the age of 18.

10. Cookie and Tracking Policy

Ami uses cookies and similar tracking technologies to enhance your experience, analyze usage, and support our marketing efforts.

• PostHog Analytics: PostHog uses first-party cookies to track anonymized user interactions within the App. This includes session identifiers, feature usage events, and performance metrics. PostHog data is hosted on our infrastructure and is not shared with third parties.
• Google Analytics: Google Analytics uses cookies to collect information about website traffic and user behavior. Data collected includes pages visited, time on site, referral source, and device type. This data is processed by Google in accordance with their privacy policy. You can opt out using the Google Analytics Opt-out Browser Add-on.
• Facebook Pixel: Facebook Pixel uses cookies to track conversions from Facebook ads and build targeted audiences for future advertising. Data collected includes page views and specific conversion events. You can control Facebook tracking through your Facebook ad settings or browser privacy controls.
• Essential Cookies: We use essential cookies for authentication, session management, and security. These cookies are necessary for the Service to function and cannot be disabled.
• Local Storage: We use browser local storage and IndexedDB to store conversation data, AI memory, API keys, and user preferences on your device. This data is not transmitted to our servers unless cloud sync is explicitly enabled.

You can manage cookie preferences through your browser settings. Disabling non-essential cookies may limit some analytics and marketing functionality but will not affect the core Ami experience.

11. Data Retention

We retain different types of data for different periods, based on the purpose of collection and legal requirements.

• Conversation Data: Real-time conversation messages are not stored on our servers by default. If cloud memory is enabled, conversation summaries and extracted facts are retained until you request deletion or disable cloud memory.
• Analytics Data: Anonymized usage analytics are retained for up to 12 months from the date of collection. After this period, data is permanently deleted or further aggregated to the point where individual identification is impossible.
• Account Data: Your account information (email, preferences, subscription status) is retained for as long as your account is active. Upon account deletion, we remove your data within 30 days, except where legally required to retain certain records.
• Voice Data: Audio data from voice conversations is processed in real time and discarded immediately after generating the response. We do not retain voice recordings.
• Blockchain Data: On-chain transaction data is permanently stored on the Solana blockchain and cannot be deleted. This is an inherent property of blockchain technology.
• Support Communications: If you contact our support team, we retain those communications for up to 24 months to provide consistent support and improve our processes.

You may request deletion of your data at any time by contacting vibe@withami.ai or through the account settings in the App.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

• We will notify you of material changes via email (sent to the address associated with your account) and/or through a prominent notice within the App.
• Minor changes (such as clarifications or formatting updates) may be made without direct notification but will be reflected in the "Last updated" date at the top of this policy.
• Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
• If you do not agree with the changes, you should stop using the Service and may request deletion of your account and data.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us.

• Email: vibe@withami.ai
• Company: Rizzma, Inc., a Delaware corporation
• For data protection inquiries, please include "Privacy" in the subject line of your email so we can route your request appropriately.

We aim to respond to all privacy-related inquiries within 30 days of receipt.

14. YouTube API Services

Ami uses YouTube API Services to provide video-related features within the App. By using these features you agree to the YouTube Terms of Service, and you acknowledge the Google Privacy Policy.

• Ami uses YouTube API Services to deliver video search, playback, and related functionality within the App.
• Information that we and YouTube API Services collect, store, and process in connection with these features is handled in accordance with the Google Privacy Policy at https://policies.google.com/privacy.
• Ami and the third-party services it integrates with (including Google and YouTube) place cookies and similar device-storage technologies (such as local storage and IndexedDB) on your device to support authentication, preferences, analytics, and core functionality.
• You can revoke Ami's access to your Google account at any time via the Google security settings page at https://security.google.com/settings/security/permissions.

Use of YouTube API Services is subject to the YouTube Terms of Service. We process the minimum data necessary to provide the requested features and do not retain YouTube user data beyond what is required for the Service to function.