Privacy Policy

Last updated: May 2026

Anjo is an AI companion. We collect and use data to make the companion work. This policy explains exactly what we collect, why, and what control you have over it.

What we collect

• Account data — username, email address, hashed password. We never store your plain-text password.
• Conversation data — the messages you send are processed in real-time to generate a response. Your conversation history is stored encrypted on our servers to provide continuity across sessions; you can delete it at any time using the "forget me" or "delete account" features. We also store personality embeddings and conversation summaries derived from your messages to give Anjo long-term memory.
• Usage data — monthly API usage and subscription status, used to enforce tier limits.
• Personality profile — Anjo builds a profile of your personality traits, emotional patterns, and recurring themes from your conversations. This is used to personalise responses and deepen memory over time. You can erase this at any time using the "forget me" feature.
• Billing data — on iOS, payments are processed by Apple's in-app purchase system. We store only your subscription tier and status. We never see or store your payment card details.
• Device data — IP address, browser type, and device identifiers for security and fraud prevention.

What we do not collect

• We do not sell your personal data to third parties.
• We never use your conversations for advertising or to train third-party AI models.
• We do not run ads or share conversation data with advertisers.
• By default, no human reads your conversation history — it is accessed by automated systems for memory retrieval, continuity, and response generation.
• In rare cases (for example, technical troubleshooting with your explicit permission), authorized staff may access limited conversation data to resolve issues. This access is logged and limited to senior engineers.

How we use your data

• To generate responses through our AI provider (Anthropic). Your messages are sent to Anthropic's API to produce replies. Anthropic's privacy policy governs their handling of API data.
• To build a personality profile — Anjo derives OCEAN personality traits, emotional patterns, and topic clusters from your conversations to personalise how it responds and what it remembers. This profiling is core to how Anjo works; you can reset it at any time.
• To build persistent memory — summaries and embeddings of your conversations are stored and retrieved to give Anjo context in future sessions.
• To maintain your account and subscription.
• To send transactional emails (email verification, password reset). We use Resend for email delivery.

Research use

To provide the service, Anjo derives and stores structural signals about every user's sessions — such as personality trait scores, emotional tone summaries, and session statistics. These are internal operational data used to make Anjo better over time. They are never shared externally and never include your name, email address, or raw conversation content.

You can separately opt in to contribute your anonymized data to non-commercial research on human-AI interaction (off by default). When you opt in, a privacy-preserving, pseudonymized export of your structural signals may be shared with academic partners for research purposes. You can withdraw consent through the available research controls at any time, and no further data will be shared.

Data storage

Your data is stored on servers in the US. Conversation messages are encrypted and stored in a database on our servers so they can remain visible to you in the chat. Memory embeddings and session summaries are also stored in a vector database (ChromaDB) per user. Account data, subscription status, and usage metrics are stored in a database on our servers.

Your rights

• Forget me — from inside the app, you can ask Anjo to erase your conversation history and memory at any time. This is negotiated with Anjo and processed immediately.
• Delete account — you can permanently delete your account and all associated data from the app settings. This is irreversible.
• Data export — to request a copy of your data, email us at kevin@anjo.love.

Your rights (GDPR & CCPA)

If you are in the EU, UK, or California, you have additional legal rights:

• Right to access — request a copy of all personal data we hold about you
• Right to correction — request correction of inaccurate personal data
• Right to deletion — request erasure of your personal data ("right to be forgotten")
• Right to data portability — request your data in a machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to restrict processing — request limitation on how we process your data
• CCPA (California) — request disclosure of categories of data collected, request deletion, and opt-out of "sale" of personal data

To exercise any of these rights, email kevin@anjo.love. We will respond within 30 days.

Cookies

We use a single authentication cookie (anjo_auth) to keep you signed in. This is a strictly necessary cookie for the service to function. We do not use tracking cookies, advertising cookies, or analytics cookies.

By using Anjo, you consent to this essential cookie. You can delete it by logging out, which will clear your session.

Data retention

• Active accounts — your data is retained as long as your account is active
• Deleted accounts — all personal data is permanently deleted within 30 days of account deletion
• Conversation history — stored until you delete it or request "forget me"
• Financial records — retained for minimum 7 years for tax and legal compliance

Data security

We implement industry-standard security measures including encryption, access controls, and regular security reviews. Passwords are hashed using bcrypt. Session tokens are HMAC-signed with secure secrets.

Third-party services

Anjo uses the following third-party services to operate:

• Anthropic — AI language model for generating responses. Your messages are sent to Anthropic's API for processing. Anthropic Privacy Policy
• OpenAI / Azure OpenAI — voice feature only. When you use voice, your audio is sent to OpenAI's Whisper API for transcription (speech-to-text), and text is sent to OpenAI's TTS API to generate spoken replies. Audio is not retained after transcription. OpenAI Privacy Policy
• Apple — in-app purchase processing on iOS. Apple Privacy Policy
• RevenueCat — subscription management and purchase validation. RevenueCat Privacy Policy
• Resend — email delivery for transactional emails. Resend Privacy Policy
• AWS — hosting and infrastructure. Data is stored in US-based data centers.

Age requirements

Anjo requires users to be at least 17 years old. We do not knowingly collect personal data from children under 17. If you believe a child under 17 has created an account, contact us at kevin@anjo.love and we will delete the account and all associated data promptly.

Changes to this policy

We may update this policy. Material changes will be communicated by email if you have one on file. Continued use of Anjo after changes constitutes acceptance.

Contact

Questions? Email us at kevin@anjo.love.