Privacy Policy

SIAS SMART INNOVATION AI SOLUTIONS LTD

Effective Date: February 23, 2026 · Last Updated: March 13, 2026

1. Introduction

This Privacy Policy describes how SIAS SMART INNOVATION AI SOLUTIONS LTD, a company registered in Cyprus with its registered office at:

28 Oktovriou, 319, 6th Floor, Flat/Office 601, 3105 Limassol, Cyprus

("Company", "we", "us", or "our") collects, uses, discloses, and safeguards personal data when you use our AI companion / virtual girlfriend mobile application and related services (the "Service").

This Policy applies to users accessing the Service via Apple App Store, Google Play Store, and any related web interfaces.

2. Eligibility – Adults Only

The Service is intended exclusively for individuals who are at least 18 years old or the age of majority in their jurisdiction, whichever is higher.

Access requires in-app confirmation that you meet the minimum age requirement.

We do not knowingly collect or process personal data from minors. If we become aware that a minor has used the Service, we will take steps to delete associated data.

3. Data Controller

SIAS SMART INNOVATION AI SOLUTIONS LTD acts as the data controller.

Contact:

  • Email: contact@sias-smart.com
  • Support: contact@sias-smart.com
  • Address: 28 Oktovriou, 319, 6th Floor, Flat/Office 601, 3105 Limassol, Cyprus

4. Categories of Personal Data Collected

4.1 Information You Provide

Account Information

  • Email address
  • Authentication credentials (email/password or OAuth tokens)
  • Sign-in provider (Email, Apple, Google)
  • Username or display name

User Content

  • Text messages and prompts
  • Conversation history
  • Uploaded images
  • Uploaded voice messages
  • Character customization inputs

The Service may process intimate or adult content if you choose to provide it. Submission of such content is voluntary and at your discretion.

Support Communications

  • Emails and messages sent to support
  • Attachments and troubleshooting details

4.2 Information Collected Automatically

Device & Technical Data

  • IP address
  • Device model
  • Operating system
  • App version
  • Language and region

Usage Data

  • Session activity
  • Feature interaction
  • Timestamped events

Diagnostics

  • Crash logs
  • Error reports
  • Performance metrics

4.3 Third-Party Service Providers

We use the following third-party services to operate and improve the Service. Each provider acts as a data processor on our behalf.

PostHog – Product Analytics & Session Recording

  • Analytics events: automatic screen view capture, autocapture of UI interactions, and custom events (e.g. chat opened, message sent, profile views, social interactions, purchase events, onboarding steps)
  • Session recording: enabled by default; captures the in-app interface rendered within the application's embedded WebView; all text input fields are masked during recording (maskAllInputs is enabled); cross-origin iframes are excluded
  • Feature flags: used to control feature rollout and A/B testing; flag evaluation is processed by PostHog
  • User identification: authenticated users are identified by internal user ID; anonymous users receive a distinct ID
  • On-device persistence: data is persisted via the app's WebView local storage
  • Data location: PostHog US cloud (us.i.posthog.com)

OneSignal – Push Notifications

  • Native push token collection: APNs device tokens (iOS) and FCM registration tokens (Android) are registered with OneSignal when you grant notification permission
  • Device identifiers: OneSignal assigns a unique player ID per device installation; on iOS the Identifier for Vendor (IDFV) may be collected; on Android the app instance ID is used
  • User linking: your internal user ID is associated with your OneSignal record to enable targeted notifications
  • Notification interaction data: delivery receipts and click/open events

Fungies – Web Checkout & Subscription Billing

  • Purchase history: product IDs, transaction IDs, amounts, currencies, timestamps (processed server-side for verification)
  • Subscription status: active entitlements (e.g. VIP), expiration dates, renewal status, cancellation status
  • Checkout data: billing email and any checkout metadata we prefill to link your purchase to your account
  • User linking: your internal user ID may be passed as checkout metadata so completed web purchases can be attached to your account
  • Fungies processes the web checkout and recurring billing flow; payment card details are handled by Fungies and its payment partners, not stored by us

Supabase – Backend Infrastructure & Data Storage

  • Authentication: email/password credentials, OAuth tokens (Apple, Google), session tokens
  • Profile data: username, avatar image
  • Chat data: conversation sessions, message content (text), AI-generated media URLs, message metadata
  • Economy data: coin balances, coin transaction history, purchase records, content unlocks
  • Social data: likes, follows, gifts sent, tips sent
  • Engagement data: login streaks, daily rewards, quest progress, relationship and popularity progress
  • Persona data: AI-extracted user personas, relationship summaries
  • Character preferences: customizations (appearance, personality), overrides, primary character selections
  • Device data: push tokens, platform identifier, device name
  • Media storage: user-uploaded avatars, AI-generated images and videos

All data stored in Supabase is associated with your authenticated account and is deleted upon a verified account deletion request.

Firebase (Google)

  • Authentication services, crash reporting, and performance monitoring

These providers may process data in the European Union and the United States.

We do not sell personal data.

4.4 On-Device Storage

This is a native mobile application. We do not use browser cookies. The app stores data locally on your device via the application's embedded WebView local storage, including:

  • PostHog: analytics session identifiers and user identification tokens
  • Supabase: authentication session tokens for persistent login
  • App preferences and cached data for offline functionality

This data remains on your device and is cleared when you uninstall the application or clear app data.

5. Purpose of Processing

We process personal data to:

  • Provide and maintain the Service
  • Authenticate users
  • Enable AI chat functionality
  • Deliver notifications
  • Monitor reliability and performance
  • Improve product functionality
  • Detect fraud, abuse, or misuse
  • Comply with legal obligations

We do not process personal data for unrelated purposes.

6. AI Processing

6.1 Operation of AI Features

User inputs (text, images, voice) are processed by AI systems to generate responses and enable interactive features.

Automated moderation systems may analyze content to enforce platform rules and prevent misuse.

6.2 Model Training

We do not use private user chats, voice messages, or uploaded images to train AI models.

User-generated content is processed solely to provide the Service and maintain system safety.

6.3 Human Review

Limited human access to content may occur only:

  • When required for customer support
  • When content is reported
  • When flagged for policy or legal review

Access is restricted and logged.

7. Legal Basis for Processing (EEA/UK)

Where GDPR applies, we rely on:

  • Contractual necessity – to provide the Service
  • Legitimate interests – security, analytics, product improvement
  • Legal obligation – regulatory compliance
  • Consent – where required by law

8. Data Retention

We retain personal data only as long as reasonably necessary for operational, legal, and security purposes.

  • Account data: retained while account remains active
  • User content: retained while account remains active unless deleted
  • Logs and analytics: retained per internal operational schedules
  • Legal records: retained as required by law

Upon a valid deletion request, we process deletion within up to 90 days, subject to legal or technical constraints.

Backup systems may require additional time for full erasure consistent with standard retention cycles.

9. Data Subject Rights (GDPR)

If you are in the EEA or UK, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Object to certain processing
  • Data portability
  • Withdraw consent where applicable

Requests may be submitted through the in-app deletion URL or by email.

Identity verification may be required.

You may also lodge a complaint with your local supervisory authority.

10. California Privacy Rights (CPRA) and U.S. State Privacy Laws

If you are a California resident (or resident of another applicable U.S. state privacy jurisdiction), you may have the right to:

  • Know what personal information we collect
  • Access specific pieces of personal information
  • Request deletion
  • Correct inaccurate personal information
  • Limit use of sensitive personal information (where applicable)
  • Opt out of "sale" or "sharing" of personal information

We do not sell personal information.

We do not use personal information for cross-context behavioral advertising.

To exercise your rights, submit a request via:

  • The in-app deletion/request URL
  • contact@sias-smart.com

We will not discriminate against you for exercising privacy rights.

11. International Transfers

Personal data may be processed in the European Union and the United States.

Where required, transfers rely on appropriate safeguards such as:

  • Standard Contractual Clauses
  • Contractual data protection commitments

12. Security

We implement technical and organizational safeguards including:

  • Encryption in transit
  • Access controls
  • Authentication safeguards
  • Monitoring and incident response

No method of transmission over the internet is completely secure.

13. Automated Content Moderation

The Service may automatically restrict, filter, or block content that violates our terms or applicable laws.

Accounts may be suspended or restricted where necessary.

14. Third-Party Login Providers

If you sign in via Apple or Google:

  • Authentication is handled by those providers
  • We receive only data necessary for account creation and login
  • Their processing is governed by their respective privacy policies

15. App Store Privacy Declarations

This section provides transparency about how the data practices described in this policy map to platform-specific privacy disclosures.

Google Play Data Safety

  • Personal info — Email address: collected for account creation and authentication; not shared with third parties
  • Financial info — Purchase history: collected via Fungies (web checkout) for subscription and in-app purchase management; not shared
  • Messages — In-app messages: collected and stored on our servers to provide the chat Service; not shared
  • Photos and videos — Photos: collected when you upload images; AI-generated images stored on our servers; not shared
  • App activity — App interactions: collected via PostHog analytics to improve the Service; not shared
  • App info and performance — Crash logs, diagnostics, performance data: collected for reliability monitoring; not shared
  • Device or other IDs — Device identifiers: collected via OneSignal (native push tokens, player IDs) and PostHog (anonymous distinct IDs); not shared

Data is encrypted in transit. Users can request deletion via in-app account deletion or by contacting support.

Apple App Privacy Nutrition Labels

  • Data Used to Track You: None — we do not track users across other companies' apps or websites
  • Data Linked to You: Contact Info (email address), Identifiers (user ID, device ID), Purchases (purchase history, subscription status), Usage Data (product interaction, analytics events), User Content (messages, photos, character customizations)
  • Data Not Linked to You: Diagnostics (crash data, performance data)

16. Changes to This Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes.

Updates will be posted within the Service with a revised "Last Updated" date.

17. Contact

SIAS SMART INNOVATION AI SOLUTIONS LTD
28 Oktovriou, 319, 6th Floor, Flat/Office 601, 3105 Limassol, Cyprus

Email: contact@sias-smart.com

Support: contact@sias-smart.com