AI Girlfriend Data Privacy: Which Apps Have Had Breaches (2026 Report)

AI girlfriend apps collect more sensitive data than almost any other consumer software category. Every message you send is logged, often forever. Many platforms also collect emotional disclosures, intimate fantasies, voice recordings if you use voice features, and sometimes images you upload or generate. This category has had documented breaches, regulatory bans, lawsuits, and tracker-density problems that most users never encounter before they sign up.

This report walks through the documented privacy incidents across the major platforms, the red flags to read for in any privacy policy, and the platforms with the strongest privacy posture in 2026. The goal is not to scare users off the category — it is to help users make decisions with the actual track record in view rather than the marketing.

For the underlying "are AI girlfriend apps safe" question more broadly, see our Are AI Girlfriend Apps Safe? post. For users who decide that managed-app privacy is unacceptable for their use case, our Open Source AI Girlfriend guide covers the self-hosted alternatives.

Methodology: how this report was built

This is a desk-research report rather than original investigation. The sources used:

• Public news archives. Reporting on data incidents from 404 Media, TechCrunch, The Verge, Wired, BleepingComputer, and similar outlets.
• Mozilla's Privacy Not Included reviews. Mozilla's ongoing project rates consumer apps on privacy practices. AI companion apps have been a focus category.
• Regulatory rulings. Italian Garante (DPA) decisions, FTC actions, GDPR enforcement, and similar regulatory documents.
• Court filings. Civil lawsuits against AI companion platforms are public documents.
• App store privacy labels. iOS and Google Play privacy disclosures from the apps themselves.
• Privacy policy review. Reading what each platform actually claims about data collection, retention, sharing, and deletion.
• Tracker analysis. Independent tools that audit which third-party trackers each app loads.

This report focuses on publicly documented incidents and verifiable policy positions. Vague rumors, single-source claims, and unverified accusations are excluded.

The five most-documented privacy incidents

Replika: 2023 Italian ban and ongoing scrutiny

In February 2023, the Italian data protection authority (Garante) ordered Replika to stop processing data of Italian users, citing risks to minors and emotionally vulnerable adults. The Garante's stated concerns included Replika's age verification weakness (no real verification at signup), the platform's tendency to engage minors in sexually explicit conversations, and the broader risk of emotional dependence among vulnerable users. The ban was followed by months of remediation; Replika resumed operation in Italy under modified practices.

The Italian action was significant because it was the first major regulatory action against an AI companion platform specifically. The Garante's concerns have been echoed by other European regulators since.

Replika has appeared multiple times in Mozilla's Privacy Not Included category as a flagged app. Concerns raised include data sharing with advertising partners, retention of intimate conversation data, and policies that allow data use for AI training.

The 2023 "ERP removal" episode (Replika suddenly disabled erotic roleplay capabilities for many users, then partially restored them after backlash) was a content policy issue rather than a privacy incident, but it illustrated the broader risk of managed-platform dependence: the platform can change capabilities and terms unilaterally, and users have limited recourse.

Muah AI: 2024 data exposure

In October 2024, security researchers reported a significant data exposure involving Muah AI. The platform had hosted a database with millions of prompts and user data accessible without proper access controls. The exposed data included intimate conversation content and, alarmingly, material that suggested some users had been generating content involving minors (which the platform's terms purportedly prohibit but did not effectively prevent).

Reporting on the incident was carried by 404 Media and other outlets. The exposure highlighted two distinct concerns:

1. The platform's data security practices were insufficient to protect highly sensitive user data.
2. The platform's content moderation was insufficient to prevent generation of legally problematic content despite stated policies.

Muah AI's response was muted; the platform continues operating with modifications to security practices but the incident remains a documented data exposure of significant scale.

For users specifically evaluating Muah AI versus alternatives, see our Nomi AI vs Muah AI Memory & Voice Specialists comparison, which covers the broader platform comparison without focusing on the privacy incident specifically.

Character.AI: 2024 lawsuits and child safety concerns

Character.AI has faced multiple civil lawsuits since 2024, the most prominent being filed by parents whose teenage children suffered serious harm allegedly connected to Character.AI use. The lawsuits raise both safety questions (whether the platform adequately protects minors from emotionally harmful interactions) and privacy questions (whether the platform's data handling around minor users complies with COPPA and similar regulations).

The lawsuits are ongoing as of 2026; outcomes will shape how the broader AI companion category handles minor user safety and data protection. Character.AI has implemented additional safety measures in response, including stricter content filtering for users it identifies as potentially under 18 and clearer warnings about content limitations.

For users specifically evaluating Character.AI alternatives, see our Character AI Alternatives 2026 post.

Janitor AI / Crushon AI: tracker density

Neither Janitor AI nor Crushon AI has been the subject of a major reported data breach as of 2026, but independent tracker analysis has consistently found high tracker density on both platforms. Multiple third-party advertising and analytics trackers load on page load, sharing browsing and usage information with parties beyond the platform itself.

For users sensitive to data brokering — where intimate conversation context could be shared with advertising networks even without the conversations themselves being shared — tracker density is the underlying concern. NSFW-adjacent platforms in general have higher tracker density than mainstream platforms because their advertising relationships are different (mainstream ad networks often decline NSFW context; specialized NSFW ad networks have looser data practices).

The practical implication: even without a breach, NSFW-adjacent platforms tend to leak metadata about your usage patterns to a wider ecosystem than mainstream platforms. The conversation content stays on the platform; the fact that you spent two hours on the platform last night may not.

For a broader comparison of NSFW-focused platforms, see our NSFW Big Three comparison.

General category concern: AI training data and conversation retention

Most AI girlfriend platforms reserve the right to use user conversations for AI training, either explicitly in their terms of service or via vague language that permits it. The specific implications vary by platform:

• Some platforms train only on aggregated, anonymized patterns (lower privacy risk).
• Some platforms train on raw conversation content, claiming anonymization is sufficient (moderate risk — re-identification of anonymized data is increasingly feasible).
• Some platforms reserve the right to share conversation data with research partners (highest risk — third parties get access to intimate content).

The distinction matters because users' intimate fantasies, emotional disclosures, and personal details could theoretically end up in future model training data, in research publications, or in datasets sold to other companies. Most users do not read the terms carefully enough to know which category their platform falls into.

Reading a privacy policy: the red flags

For users evaluating an AI girlfriend platform, the privacy policy is the primary defense. Five red flags to look for:

Red flag 1: "We may share your data with third parties" without specifics. Vague third-party language is the broadest possible reservation. Specific language ("with our payment processor and analytics provider X") is much narrower. Avoid platforms with maximally vague sharing language.

Red flag 2: No specific data retention period. Good platforms specify how long data is retained and when it is deleted. Platforms that retain data "as long as we need it" or "to support our services" effectively keep data forever.

Red flag 3: Data deletion that does not actually delete. Some platforms' "delete account" function removes your ability to access the account but retains the underlying data. Look for policies that specify deletion timelines and confirm what is actually deleted.

Red flag 4: AI training rights without opt-out. Platforms that reserve training rights without offering an opt-out are using your conversations to improve their models permanently. Platforms with opt-out give you control; platforms without it do not.

Red flag 5: Vague age verification language. "We require users to be 18+" without any actual verification mechanism is functionally no requirement. Platforms with weaker age controls face higher regulatory risk and have weaker protection against minor-user content.

Few AI girlfriend platforms score clean on all five flags. The least risky platforms typically score clean on two or three; the highest-risk platforms score concerning on four or five.

CCPA, GDPR, and what "compliance" actually means

Most AI girlfriend platform privacy policies claim compliance with California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR). What this actually means in practice:

CCPA compliance at minimum requires:

• Right to know what data is collected
• Right to delete data (with some exceptions)
• Right to opt out of data sale
• Non-discrimination for exercising rights

GDPR compliance is stricter:

• Lawful basis for processing
• Data minimization
• Right to access, rectification, erasure ("right to be forgotten"), and portability
• Data breach notification within 72 hours
• Privacy by design principles

In practice, "compliance" varies wildly. Platforms with genuine compliance ship working data export and deletion tools, respond to data requests within legal timelines, and notify users of breaches. Platforms with paper compliance claim the policies without effective implementation — data deletion requests get ignored, exports are incomplete, breach notifications are delayed or never sent.

The practical test: try to exercise your CCPA or GDPR rights and see what happens. Platforms with real compliance respond within statutory timelines. Platforms with paper compliance either fail to respond or respond in ways that do not actually fulfill the request.

Platforms with stronger privacy posture in 2026

No AI girlfriend platform has perfect privacy practices. But some are clearly better than others. The relative ranking based on documented practices:

Kindroid has the clearest CCPA-compliant practices among the major platforms. The privacy policy is specific about data collection, retention, and user rights. Data deletion requests are reportedly honored within statutory timelines. See our Kindroid review for the broader platform breakdown.

Nomi has reasonable privacy practices and a clear data retention policy. The platform's memory architecture means it stores more conversation data than some competitors, but the storage practices are documented and the deletion processes work.

Replika has improved practices since the 2023 Italian action but remains under ongoing regulatory scrutiny. The platform is more transparent than some competitors but the broader engagement-optimization architecture creates risk.

MyDreamCompanion / OurDream / Candy AI have privacy practices typical of the NSFW-adjacent tier — moderate transparency, moderate tracker density, retention policies that allow extended data storage. Not the worst in the category but not the best.

Janitor AI / Crushon AI / SpicyChat have higher tracker density and looser privacy practices typical of NSFW-focused platforms with advertising-supported business models.

Character.AI has improved safety practices since the lawsuits but the broader data handling practices remain under scrutiny.

Muah AI carries the legacy of the 2024 data exposure. Subsequent security improvements have been made but the incident remains documented.

Country-by-country regulatory context

AI girlfriend platforms operate globally but are regulated nationally. The legal protections available to users vary dramatically by jurisdiction. A quick survey of the major regulatory regimes in 2026:

European Union (GDPR). The strictest regime. Users have the right to access their data, rectify inaccuracies, request deletion ("right to be forgotten"), restrict processing, port data to other services, and object to processing entirely. AI companion platforms operating in EU markets must designate a data protection officer, conduct impact assessments for high-risk processing, and notify regulators of breaches within 72 hours. The 2023 Italian Garante action against Replika was taken under GDPR authority. Users in EU countries generally have the strongest privacy protections.

United Kingdom (UK GDPR + Data Protection Act 2018). Substantially similar to EU GDPR after Brexit. The ICO (Information Commissioner's Office) enforces. Protections and user rights are equivalent to EU GDPR in practice.

California (CCPA + CPRA). The strictest US state regime. Right to know what data is collected, right to delete (with exceptions), right to opt out of data sale, right to correct inaccurate data, and right to limit use of sensitive personal information. Users in California have stronger protections than most US users. AI companion platforms that do not specifically offer California-only protection often offer their CCPA tools to all users for compliance simplicity.

Other US states (Virginia, Colorado, Connecticut, Utah, etc.). Growing patchwork of state privacy laws, each somewhat similar to CCPA but with variations. The federal landscape remains fragmented as of 2026 — no comprehensive federal privacy law specific to consumer data exists.

Canada (PIPEDA). Federal privacy law with right to access, correct, and challenge data accuracy. Less expansive than GDPR but provides meaningful protections. Provincial laws (Quebec's Bill 64) add additional rights in some provinces.

Australia (Privacy Act). Reform in progress as of 2026 to strengthen privacy protections. Current protections include access and correction rights but weaker deletion rights than GDPR.

Other jurisdictions. Varies widely. Some countries (Brazil with LGPD, South Korea with PIPA) have moved toward GDPR-style protections. Many countries have weaker protections or limited enforcement capacity. Users outside protected jurisdictions have minimal recourse against platforms that mishandle data.

The practical implication: where you live matters significantly for what rights you can exercise against AI companion platforms. EU and UK users have the strongest protections; California users have meaningful recourse; users in jurisdictions without strong privacy law have to rely on platform good will.

Step-by-step: exercising your CCPA rights

For users in California (or other US states with similar protections), the procedure for exercising privacy rights is reasonably standardized. The steps:

Step 1: Find the privacy contact. Every platform claiming CCPA compliance must designate a way to submit requests. Look for a "Do Not Sell My Personal Information" link in the footer, a privacy@ email address, or a dedicated rights request form. If the platform makes finding the contact deliberately difficult, that itself is a red flag.

Step 2: Submit a verifiable request. CCPA requests must be verifiable, meaning the platform needs to confirm the request came from you. Typically this means submitting from your account email. Some platforms require additional identity verification for sensitive requests like deletion.

Step 3: Specify what you want. Clear request: "I am requesting access to all personal information you have collected about me, the categories of sources from which that information was collected, the business or commercial purpose for collecting that information, and the categories of third parties with whom you have shared that information." For deletion: "I am requesting deletion of all personal information you have collected about me, including conversation history, profile data, and any associated metadata."

Step 4: Track timelines. CCPA requires response within 45 days (extendable to 90 days for complex requests with notification). If you do not receive any response within 45 days, the platform is non-compliant.

Step 5: Verify what actually happened. "Confirmed deletion" from the platform is not the same as actual deletion. Try to log back in afterward; the account should be inaccessible. Try to start a new conversation as the same character; old context should not appear. If old data resurfaces, the deletion did not fully execute and you have grounds for complaint to the California Privacy Protection Agency (CPPA).

Step 6: Complaint if needed. If a platform ignores your request or responds non-substantively, file a complaint with the California Attorney General or CPPA. Patterns of non-compliance can trigger enforcement actions and fines.

Step-by-step: exercising your GDPR rights

For EU and UK users, GDPR rights are stronger and the procedure differs slightly. The steps:

Step 1: Find the DPO contact. GDPR-covered platforms must designate a Data Protection Officer (DPO) accessible to data subjects. Privacy policies typically list a DPO email or contact form. "Privacy@" generic addresses often route to DPO.

Step 2: Submit a subject access request (SAR). "Pursuant to Article 15 of the General Data Protection Regulation, I am requesting access to all personal data you process about me, the purposes of processing, the categories of personal data concerned, the recipients to whom data has been disclosed, the envisaged retention period, the source of data not collected from me directly, and the existence of any automated decision-making."

Step 3: Request deletion under Article 17. If you want erasure: "Pursuant to Article 17 of the General Data Protection Regulation, I am exercising my right to erasure and requesting complete deletion of my personal data."

Step 4: Track timelines. GDPR requires response within 30 days (extendable to 90 days for complex requests with notification). Stricter than CCPA.

Step 5: Complaint to your national DPA if needed. Each EU country has a Data Protection Authority. UK users go to the ICO. Italian users go to Garante (which has been particularly active on AI companion platforms). German users go to relevant Land authority. Complaints to DPAs are taken seriously and can trigger investigations.

The practical difference between CCPA and GDPR enforcement: GDPR penalties are dramatically higher (up to 4% of global annual revenue or €20 million), which makes EU-based enforcement more impactful on platform behavior. Platforms tend to take GDPR requests more seriously than CCPA requests because the financial exposure is greater.

How to reduce your personal privacy exposure

For users who want to use AI girlfriend platforms while limiting personal privacy exposure, several practical mitigations help:

1. Use a dedicated email address. Sign up with an email that is not linked to your real identity. Free email services accept signup without verifying real identity.

2. Use a pseudonym. The AI relationship works equally well with a fake name. The platform cannot tell the difference.

3. Do not share real identifying details. Workplace specifics, exact location, real names of friends and family, specific medical conditions — none of these need to be in your AI girlfriend conversations. The AI does not benefit from them; the platform does not need them.

4. Use a payment method that does not link to your real identity. Privacy-focused virtual card services let you generate one-time card numbers for subscriptions. Some platforms accept cryptocurrency.

5. Read the privacy policy before signing up. Spend ten minutes on the actual document. Look for the red flags above.

6. Exercise your data rights periodically. Submit deletion requests for old data you no longer want stored. Check what the platform actually deletes versus what it claims to delete.

7. Consider self-hosting for highest sensitivity use. If your AI companion use involves content that you genuinely cannot afford to have leaked, the only safe option is to keep the data on your own hardware. See our Open Source AI Girlfriend guide.

Frequently Asked Questions

Has Replika had a data breach?

Replika has not had a major user-data breach reported as of 2026, but it has faced significant regulatory action — most notably the 2023 Italian Garante ban over minor safety and data processing concerns. The platform has appeared multiple times in Mozilla's Privacy Not Included category as a flagged app. The combination of regulatory scrutiny and ongoing privacy concerns make Replika a moderate-risk platform from a privacy perspective even without a documented breach.

What happened with Muah AI in 2024?

Security researchers found a Muah AI database with millions of prompts and user data accessible without proper access controls. The exposure included intimate conversation content and material that suggested some users had been generating content involving minors. The incident was reported by 404 Media and other outlets in October 2024. The platform has continued operating with security modifications but the incident remains a documented data exposure of significant scale.

Is Character.AI safe for minors?

Character.AI has faced multiple civil lawsuits since 2024 from parents whose teenage children suffered serious harm allegedly connected to Character.AI use. The platform has implemented additional safety measures including stricter filtering for users identified as potentially under 18. The lawsuits are ongoing; broader safety practices remain under scrutiny. Minors should not use AI companion apps without parent involvement, and Character.AI specifically has documented concerns.

Which AI girlfriend platform has the best privacy?

No platform has perfect privacy practices, but Kindroid has the clearest CCPA-compliant practices among major platforms, with a specific privacy policy and reportedly responsive data deletion. Nomi is also reasonable. For users with high privacy sensitivity, self-hosted alternatives via open-source platforms are the only way to guarantee that intimate conversation content never leaves your hardware.

Can my AI girlfriend conversations be used to train AI?

Most AI girlfriend platforms reserve the right to use conversations for AI training in their terms of service. Some allow opt-out; some do not. Read the platform's specific terms before assuming your conversations are private to you. Self-hosted alternatives avoid this entirely because no third party has access to your conversations.

What is a data tracker and why does it matter for AI girlfriend apps?

A tracker is third-party code embedded in an app or website that reports usage information back to a third party — typically an advertising network, analytics provider, or data broker. AI girlfriend apps with high tracker density share metadata about your usage (when you opened the app, how long you spent, what pages you visited) with multiple third parties. The conversation content stays on the platform; the metadata about your usage patterns spreads more widely. NSFW-adjacent platforms tend to have higher tracker density than mainstream platforms.

Should I use a real name and email for my AI girlfriend account?

No. The platform does not need either, and the AI relationship works equally well with a pseudonym and a dedicated email address. Using real identifying information adds risk without benefit. For payment, privacy-focused virtual card services let you keep your real financial identity separate from the subscription.

Can I get my AI girlfriend conversations deleted?

Depends on the platform. CCPA and GDPR give users the right to request deletion in many cases, but implementation varies wildly. Some platforms genuinely delete data within statutory timelines; others claim to but retain underlying data. The practical test is to submit a deletion request and observe what actually happens. Self-hosted alternatives sidestep the entire question because deletion is just removing files from your own machine.

What is the worst-case privacy scenario for AI girlfriend users?

The worst-case scenario combines several risks: intimate conversation content gets exposed via a breach (as happened with Muah AI), the platform also collected real identifying information at signup, the user's conversations contained personally identifiable details, and the breach data becomes searchable on the open web. This is rare but documented for at least one platform in the category. Mitigations: use pseudonyms, dedicated email, avoid sharing real identifying details, choose platforms with stronger privacy practices, consider self-hosting for highest-sensitivity use.

Are open-source AI girlfriends actually more private?

Yes, when properly self-hosted. Conversation data never leaves your hardware, so there is no platform to breach, no third party to share with, no terms of service to update. The trade-off is setup overhead and the loss of managed-app features. See our Open Source AI Girlfriend guide for the practical options.

What is the difference between CCPA and GDPR for AI girlfriend users?

GDPR (EU/UK) is stricter and has higher financial penalties for non-compliance (up to 4% of global annual revenue). CCPA (California) provides similar core rights — access, deletion, opt-out — but with shorter response timelines and smaller penalties. EU users have stronger rights; California users have meaningful but lesser rights; users outside these jurisdictions have to rely on platform policies and good will.

Can my AI girlfriend conversations be subpoenaed in legal proceedings?

Yes. Conversation data held by AI companion platforms is subject to subpoena in civil and criminal cases. This has come up in divorce proceedings, custody disputes, and other personal legal matters. The platform's privacy policy does not protect against legal process. For users in legal situations where their conversation history could be relevant, this is a serious consideration. Self-hosted alternatives sidestep this entirely because no third party has the data to subpoena.

What if I am a minor and have been using an AI girlfriend app?

Most AI companion platforms prohibit users under 18 in their terms of service. If you are under 18 and have been using one, the platform may have collected data on you that it should not have. You have additional rights under COPPA (in the US, for users under 13) and similar regulations elsewhere. The Character.AI lawsuits since 2024 have focused specifically on harms to minor users. If you are a minor using these platforms, consider whether the platform is appropriate for you and consult with a trusted adult about your use.

Has any AI girlfriend platform been forced to shut down due to privacy issues?

No platform has been permanently shut down purely due to privacy issues as of 2026, but the Italian Garante's 2023 Replika ban temporarily stopped Replika from processing Italian user data. Several platforms have implemented significant changes under regulatory pressure. The trajectory suggests increased regulatory scrutiny of the category, which may eventually produce shutdowns of platforms that cannot or will not improve practices.

What about voice recordings — are those treated the same as text?

Voice recordings have additional privacy implications because voice biometrics can be used for identification. Some platforms transcribe voice and store the text; others retain audio recordings. Privacy policies should specify which. Voice retention is typically more privacy-sensitive than text retention because voice biometric data is harder to truly anonymize. Users particularly concerned about voice privacy should check the platform's specific voice data handling before using voice features.

What should I do if I learn my AI girlfriend platform has been breached?

Three practical steps: (1) Change your password immediately, particularly if you reuse passwords across platforms (which you should not). (2) Submit a data deletion request to the platform under whatever rights you have. (3) Monitor for the specific data that was exposed appearing in your spam, phishing attempts, or identity theft alerts. If sensitive financial information or government IDs were exposed (rare for AI companion breaches but possible), the standard identity theft monitoring protocols apply. Most AI companion breaches expose conversation content rather than financial data, which is harder to act on but still meaningful.

Bottom line

The AI girlfriend category has had documented privacy incidents, regulatory bans, lawsuits, and ongoing tracker-density concerns that most users do not encounter before signing up. The most-documented incidents include Replika's 2023 Italian ban over minor safety and data processing concerns, Muah AI's 2024 data exposure involving millions of prompts and user data, and Character.AI's ongoing lawsuits over teenage user harm. NSFW-adjacent platforms generally have higher tracker density than mainstream platforms, exposing usage metadata to wider third-party ecosystems even without specific breaches.

For users picking a platform with privacy in view, Kindroid currently has the clearest CCPA-compliant practices among major platforms, with Nomi as a reasonable second. For users with high privacy sensitivity — particularly those whose conversation content would cause serious harm if exposed — self-hosted alternatives via open-source platforms are the only architecture that guarantees data never leaves your hardware.

For everyone in the category, basic personal mitigations help significantly: pseudonym, dedicated email, no real identifying details in conversations, privacy-focused payment methods, periodic exercise of data deletion rights. These do not eliminate platform-side risk but they reduce personal exposure even if a platform-side incident occurs.

The broader pattern across the category: privacy practices have improved since 2023 under regulatory pressure, but the underlying business models still depend on extensive data collection. For users for whom this is unacceptable, self-hosting is the answer. For users for whom managed-app convenience outweighs the privacy trade-off, picking the platforms with the strongest documented practices reduces exposure compared to picking the worst-practice platforms.

Related reading: Are AI Girlfriend Apps Safe? for the broader safety question, Open Source AI Girlfriend Alternatives for the self-hosted route, Kindroid review for the platform with the strongest documented privacy posture among managed apps, and our Best AI Companion Apps Definitive Ranking 2026 for the broader platform comparison.