Privacy Policy
Last updated: May 2026
Anjo is an AI companion. We collect and use data to make the companion work. This policy explains exactly what we collect, why, and what control you have over it.
What we collect
- Account data — username, email address, hashed password. We never store your plain-text password.
- Conversation data — the messages you send are processed in real-time to generate a response. Your conversation history is stored encrypted on our servers to provide continuity across sessions; you can delete it at any time using the "forget me" or "delete account" features. We also store personality embeddings and conversation summaries derived from your messages to give Anjo long-term memory.
- Usage data — monthly API usage, subscription status, and limited product events such as onboarding, feature usage, and subscription state, used to enforce tier limits, operate the service, and debug launch health.
- Personality profile — Anjo builds a profile of your personality traits, emotional patterns, and recurring themes from your conversations. This is used to personalise responses and deepen memory over time. You can erase this at any time using the "forget me" feature.
- Billing data — on iOS, payments are processed by Apple's in-app purchase system. We store only your subscription tier and status. We never see or store your payment card details.
- Device data — IP address, browser type, and device identifiers for security and fraud prevention.
What we do not collect
- We do not sell your personal data to third parties.
- We never use your conversations for advertising or to train third-party AI models.
- We do not run ads or share conversation data with advertisers.
- By default, no human reads your conversation history — it is accessed by automated systems for memory retrieval, continuity, and response generation.
- In rare cases (for example, technical troubleshooting with your explicit permission), authorized staff may access limited derived profile data to resolve issues. This access requires a temporary support grant, is logged, and is limited to senior engineers. Raw chat content is not exposed through admin support tools.
How we use your data
- To generate responses through our AI providers. Depending on your plan and the feature used, your messages and derived context may be sent to Anthropic, Google Gemini, or OpenAI/Azure OpenAI to produce replies, classify messages, transcribe voice, or generate spoken responses. We use these providers on their paid, enterprise API tiers (for Gemini, Google's Vertex AI), under which they process this data only to return a response to Anjo, are bound by their API terms and data-processing agreements to protect it to a standard equivalent to this policy, and do not use Anjo API inputs or outputs to train their models. Their privacy policies govern their handling of API data. In the mobile app, you are shown what data is sent and to whom, and asked to consent, before this sharing begins; you can revoke that consent at any time — signing out of the app stops all sharing immediately, the disclosure is shown again before sharing resumes, and deleting your account (in app settings, or from the consent screen itself) permanently ends it and removes your data. On the web, sending a message is how sharing occurs, and this section together with the disclosures at sign-up describes it; signing out likewise stops all sharing, and account deletion is available in settings.
- To build a personality profile — Anjo derives OCEAN personality traits, emotional patterns, and topic clusters from your conversations to personalise how it responds and what it remembers. This profiling is core to how Anjo works; you can reset it at any time.
- To build persistent memory — summaries and embeddings of your conversations are stored and retrieved to give Anjo context in future sessions.
- To maintain your account and subscription.
- To operate and debug the service using operational logs and product events. These records are designed not to include raw conversation content, memory text, model prompts/responses, passwords, reset tokens, API keys, or payment secrets.
- To send transactional emails (email verification, password reset). We use Resend for email delivery.
Research use
To provide the service, Anjo derives and stores structural signals about every user's sessions — such as personality signals, emotional tone summaries, and session statistics. These are internal operational data used to operate and improve Anjo. They are never shared externally and never include your name, email address, or raw conversation content.
You can separately opt in to contribute your anonymized data to non-commercial research on human-AI interaction (off by default). When you opt in, a privacy-preserving, pseudonymized export of your structural signals may be shared with academic partners for research purposes. You can withdraw consent through the available research controls at any time, and no further data will be shared after withdrawal.
Data storage
Your data is stored on servers in the US. Conversation messages are encrypted and stored in a database on our servers so they can remain visible to you in the chat. Memory embeddings and session summaries are also stored in a vector database (ChromaDB) per user. Account data, subscription status, and usage metrics are stored in a database on our servers.
Your rights
- Forget me — from inside the app, you can ask Anjo to erase your conversation history and memory at any time. This is negotiated with Anjo and processed immediately.
- Delete account — you can permanently delete your account and all associated data from the app settings. This is irreversible.
- Data export — to request a copy of your data, email us at kevin@anjo.love.
Your rights (GDPR & CCPA)
If you are in the EU, UK, or California, you have additional legal rights:
- Right to access — request a copy of all personal data we hold about you
- Right to correction — request correction of inaccurate personal data
- Right to deletion — request erasure of your personal data ("right to be forgotten")
- Right to data portability — request your data in a machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to restrict processing — request limitation on how we process your data
- CCPA (California) — request disclosure of categories of data collected, request deletion, and opt-out of "sale" of personal data
To exercise any of these rights, email kevin@anjo.love. We will respond within 30 days.
Cookies
We use a single authentication cookie (anjo_auth) to keep you signed in. This is a strictly necessary cookie for the service to function. We do not use tracking cookies, advertising cookies, or analytics cookies.
By using Anjo, you consent to this essential cookie. You can delete it by logging out, which will clear your session.
Data retention
- Active accounts — your data is retained as long as your account is active
- Deleted accounts — all personal data is permanently deleted within 30 days of account deletion
- Conversation history — stored until you delete it or request "forget me"
- Financial records — retained for minimum 7 years for tax and legal compliance
Data security
We implement industry-standard security measures including encryption, access controls, and regular security reviews. Passwords are hashed using bcrypt. Session tokens are HMAC-signed with secure secrets.
Third-party services
Anjo uses the following third-party services to operate. Each provider below is bound by its API terms and data-processing agreement to safeguard your data to a standard equivalent to this policy, to process it only to deliver the requested feature, and — for the AI providers — not to train its models on Anjo API data:
- Anthropic — AI language models for generating responses and background processing where used. Anthropic Privacy Policy
- Google Gemini (via Vertex AI) — AI language models for free-tier responses and some background processing, served through Google's paid Vertex AI tier, which processes API data under its Data Processing Addendum and does not use it to train Google's models. Google Sign-In may also be used for account authentication. Google Privacy Policy
- OpenAI / Azure OpenAI — voice and realtime features. When you use voice, your audio and current companion instructions/context may be sent for transcription and spoken responses. Audio is not retained by Anjo after transcription; transcripts are stored as chat history when the voice turn is saved. OpenAI Privacy Policy
- Apple — in-app purchase processing and Apple Sign In on iOS. Apple Privacy Policy
- RevenueCat — subscription management and purchase validation. RevenueCat Privacy Policy
- Resend — email delivery for transactional emails. Resend Privacy Policy
- Expo / push notification infrastructure — push notification delivery when notifications are enabled.
- AWS — hosting and infrastructure. Data is stored in US-based data centers.
Age requirements
Anjo requires users to be at least 18 years old. We do not knowingly collect personal data from children under 18. If you believe a child under 18 has created an account, contact us at kevin@anjo.love and we will delete the account and all associated data promptly.
Changes to this policy
We may update this policy. Material changes will be communicated by email if you have one on file. Continued use of Anjo after changes constitutes acceptance.
Contact
Questions? Email us at kevin@anjo.love.