aiAllure Logo

Privacy Policy

Last updated: February 24, 2026

At aiAllure.com ("we", "us", or "our"), operated by Novera Group s.r.o., a company incorporated under the laws of the Czech Republic (IČO: 22152610, DIČ: CZ22152610), registered office at Rybná 716/24, CZ-110 00 Praha 1, we are committed to protecting your personal information and your right to privacy in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and Czech Act No. 110/2019 Coll. on personal data processing. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI companion website (the "Service"). Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

By accessing or using the Service, you agree to this Privacy Policy.

Important: User Content & Media Policy

  • Limited Image Uploads: Certain premium features (such as IdentityForge™) allow users to upload reference images solely for AI avatar generation. These images are processed through automated safety checks (age verification, celebrity detection), used only as stylistic references for AI generation, are not displayed publicly or shared with third parties, and are deleted upon account deletion or upon user request.
  • Data Storage: We store text-based data (prompts, messages, preferences, account information) and, where applicable, user-uploaded reference images used for AI avatar generation. Reference images are stored securely in encrypted cloud storage and are not used for any purpose beyond generating AI content for the uploading user.
  • All Output Media is AI-Generated: All images, videos, and visual content produced by the Service are generated entirely by artificial intelligence systems and are intended to be synthetic and fictional. They are not intended to depict real, identifiable individuals; however, unintentional resemblance may occur. Even where a user-uploaded reference image is used, the resulting output is a synthetic AI creation.

1. Information We Collect

a. Personal Information You Provide

  • Account Registration: When you create an account, we collect personal information such as your name, email address, username, and password.
  • Profile Details: You may choose to add interests or other personal preferences to enhance your experience.
  • Communications: If you contact us directly, we may receive additional information such as your name, email address, phone number, and the content of your message.
  • Age Verification Data: When age verification is triggered, we process a real-time selfie image with liveness detection solely to estimate your age. Processing duration: the selfie image is transmitted to our age-estimation processor, analyzed in real time (typically under 5 seconds), and immediately and irreversibly discarded after the age-estimation result is returned — no biometric templates, facial geometry, or selfie images are stored on our servers or by our processor. Processor: age-estimation processing is performed by a third-party AI service provider operating under a Data Processing Agreement (DPA) with appropriate technical and organizational safeguards. Legal basis: Art. 6(1)(c) GDPR (legal obligation to prevent minors from accessing adult content under Directive 2011/93/EU and applicable national law) and Art. 9(2)(g) (substantial public interest in child protection). Necessity: this processing is strictly necessary because age-gating adult content is a legal requirement; less intrusive methods (e.g., self-declaration) are insufficient to meet our legal obligations. A Data Protection Impact Assessment (DPIA) under GDPR Art. 35 has been conducted for this processing activity and is available upon request to the supervisory authority.
  • Reference Image Uploads (IdentityForge™): If you use premium features that accept image uploads, we process the uploaded reference images through automated safety screening (age estimation, celebrity detection, face validation). Accepted images are stored securely and used solely as AI generation references. They are deleted upon account deletion or user request.

b. Information Collected Automatically

  • Usage Data: We collect information about your interactions with the Service, including the pages or content you view, and the dates and times of your visits.
  • Device Information: We collect data from the devices and applications you use to access the Service, such as your IP address, browser type, operating system, and device identifiers.
  • Cookies and Similar Technologies: We use cookies and other tracking technologies to collect and store information about your preferences and how you interact with the Service.

2. Legal Basis for Processing (GDPR Article 6)

Under the GDPR, we process your personal data on the following legal bases:

  • Performance of a Contract (Art. 6(1)(b)): Processing necessary to provide you with the Service, manage your account, process payments, and deliver AI-generated content.
  • Legitimate Interests (Art. 6(1)(f)): Processing for fraud prevention, platform security, analytics, and service improvement, where our interests are not overridden by your rights.
  • Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable laws, including tax, accounting, and law enforcement obligations.
  • Consent (Art. 6(1)(a)): Where we rely on your consent (e.g., for marketing communications or optional cookies), you may withdraw consent at any time without affecting the lawfulness of prior processing.

3. How We Use Your Information

We use your information for various purposes, including:

  • To Provide and Maintain the Service: Ensuring the Service functions as intended and providing customer support.
  • Personalization: Customizing your experience by remembering your preferences and settings.
  • Communication: Sending you updates, security alerts, and administrative messages.
  • Analytics and Improvements: Monitoring usage and trends to improve the Service.
  • Legal Compliance: Fulfilling legal obligations and responding to legal processes.

4. Sharing Your Information

We may share your information in the following situations:

  • Service Providers: With third-party vendors who perform services on our behalf, such as hosting, data analysis, payment processing, and customer service.
  • Legal Obligations: When required to do so by law or in response to valid requests by public authorities.
  • Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business.
  • With Your Consent: If we disclose your information for any other purpose, we will obtain your consent.

Categories of Third-Party Processors (GDPR Art. 13(1)(e))

We share personal data with the following categories of processors, all bound by data processing agreements:

  • Cloud hosting & infrastructure (e.g., Vercel, AWS) — Service delivery and data storage
  • Payment processors (e.g., Stripe) — Subscription and transaction processing
  • Authentication providers (e.g., Clerk) — Identity verification and account management
  • Analytics providers — Anonymized usage analytics and service improvement
  • AI model providers — Generation of synthetic content (text prompts only; no personal data shared beyond prompts)
  • Content delivery networks — Fast and secure delivery of media assets

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enhance Functionality: Remember your preferences and settings.
  • Analytics: Understand and analyze how you use the Service.
  • Advertising: Deliver personalized advertisements based on your interests.

Your Choices Regarding Cookies

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Service may not function properly without cookies.

6. Data Security

We implement reasonable security measures to protect your personal information, including encryption of data in transit (TLS 1.2+) and at rest, access controls, and regular security reviews. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

Data Breach Notification (GDPR Art. 33-34)

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Czech Data Protection Authority (ÚOOÚ) without undue delay and, where feasible, within 72 hours of becoming aware of the breach (Art. 33). Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay (Art. 34), describing the nature of the breach, the likely consequences, and the measures taken to address it.

7. Data Retention

We retain your personal information only as long as necessary for the purposes set out in this Privacy Policy and to the extent necessary to comply with our legal obligations. In accordance with GDPR Article 5(1)(e), personal data is kept in a form which permits identification of data subjects for no longer than is necessary. For details, see our Data Retention Policy.

8. Your Privacy Rights

a. Rights Under the GDPR (EU/EEA Residents)

As our company is based in the Czech Republic, GDPR is our primary data protection framework. All users in the EU/EEA have the following rights:

  • Right of Access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): You have the right to request correction of inaccurate personal data.
  • Right to Erasure (Art. 17): You can request deletion of your personal data ("right to be forgotten"), subject to lawful exceptions.
  • Right to Restriction of Processing (Art. 18): You can request that we limit processing of your data in certain circumstances.
  • Right to Data Portability (Art. 20): You have the right to receive your data in a structured, commonly used, machine-readable format.
  • Right to Object (Art. 21): You may object to processing based on legitimate interests, including profiling.
  • Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů, ÚOOÚ) at www.uoou.cz, or with the supervisory authority of your EU/EEA member state of residence.

b. California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). See our CCPA Notice for details.

To Exercise Your Rights

Please contact us at hello@aiallure.com with your request. We will respond within 30 days as required by GDPR Article 12(3). We may need to verify your identity before processing your request.

9. Automated Decision-Making (GDPR Art. 22)

Our Service uses automated systems for content moderation and safety filtering. These systems may automatically flag, restrict, or remove content that violates our policies. Where automated decisions significantly affect your account (e.g., suspension or ban), you have the right to request human review of the decision by contacting us at hello@aiallure.com.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us to address the issue.

11. International Data Transfers

Your information may be transferred to and processed in countries outside the EU/EEA. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V, including:

  • Transfers to countries recognized by the European Commission as providing an adequate level of data protection (Art. 45 adequacy decisions)
  • Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46(2)(c))
  • Other lawful transfer mechanisms as permitted under GDPR

You may request a copy of the safeguards we use for international transfers by contacting us at hello@aiallure.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

13. Data Controller & Contact

The data controller responsible for your personal data is:

Novera Group s.r.o.
Rybná 716/24, CZ-110 00 Praha 1, Czech Republic
IČO: 22152610 | DIČ: CZ22152610
Email: hello@aiallure.com

Supervisory Authority: Úřad pro ochranu osobních údajů (ÚOOÚ), Pplk. Sochora 27, 170 00 Praha 7, Czech Republic — www.uoou.cz

By using the Service, you acknowledge that you have read and understand this Privacy Policy and agree to our collection, use, and sharing of your information as described.