faice.chat
Privacy Policy
Last updated: 19 July 2026
1. Controller
Blue Ship Media Limited, Kinyra 28, Office 303, 8011 Paphos, Cyprus — email: hello@faice.chat (see legal notice).
2. What we process, and why
- Account data — your email address and a salted password hash; your subscription/trial status. Legal basis: performance of contract (Art. 6(1)(b) GDPR).
- Conversations — your messages and the AI's replies are transmitted through our server to the AI provider you choose and connect with your own API key. We do not persistently store your conversation transcripts on our servers; they are processed transiently to stream the reply to you. Legal basis: contract.
- Companion memory — short facts the AI derives from your conversations (e.g. your name or interests) are stored with your account so your companion remembers you. You can view these facts and delete them at any time with the "Forget everything" button in Settings. Legal basis: contract.
- API keys— the provider key you enter is stored with your account, encrypted at rest, and used solely to forward your chat requests to the AI provider you chose. It is never shared with anyone else, never logged, and you can remove it at any time with the "Remove key" button in Settings. Legal basis: contract.
- Voice — text-to-speech runs on our own server; the text of a reply is processed transiently and not stored. If you enable the microphone, speech recognition is performed by your browser (see your browser vendor's privacy policy); we receive only the resulting text as a normal message.
- Custom avatar photos — if you order a custom avatar, the photo you submit is used solely to create your avatar and is deleted within 30 days of delivery. Legal basis: contract.
- Server logs — IP address, timestamp and requested URL, kept briefly for security and troubleshooting. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
- Cookies — one strictly necessary session cookie to keep you logged in. No advertising or analytics cookies.
3. Recipients
- Hetzner — hosting and data storage in Germany/EU (processor under Art. 28 GDPR).
- Creem (Armitage Labs OÜ, Estonia) — payment processing as merchant of record. Creem acts as its own controller for payment data, issues the invoices and remits VAT; payment data sits with Creem, not with us.
- Your chosen AI provider (e.g. OpenAI or Anthropic, both USA, or a server you host yourself) — receives your messages under your own account and key, at your direction. Their processing is governed by their privacy policies; transfers to third countries are covered by the providers' standard contractual clauses / adequacy frameworks. If you prefer no third-country transfer, connect a locally hosted model.
4. Retention
- Account and memory data: until you delete them or your account.
- Database backups: rotated automatically after 21 days.
- Avatar photos: deleted within 30 days of delivery.
- Billing records at Creem: per statutory retention periods.
5. Your rights
You have the right to access, rectification, erasure, restriction of processing, data portability and objection (Art. 15–21 GDPR), and to lodge a complaint with a supervisory authority — in Cyprus: Office of the Commissioner for Personal Data Protection; or the authority of your habitual residence. To exercise your rights, email hello@faice.chat. Memory facts can be deleted directly in the app; account deletion is available on request.
6. No automated decision-making
We perform no automated decision-making with legal effect and no advertising profiling. AI replies are generated at your request as part of the service itself.
7. Security
All traffic is TLS-encrypted, passwords are stored as salted hashes, hosting is in the EU, and access to production systems is key-based and restricted.
← Back to faice.chat