effi.chat

Privacy Policy

Last updated: May 17, 2026

1. Introduction

At effi.chat, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal data. We are fully compliant with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Data Controller

The data controller for effi.chat is:

effi.chat
Email: [email protected]
Location: European Union

3. What Data We Collect

Account Information

  • Email address
  • Name (optional)
  • Password (encrypted)
  • Account creation date

Conversation Data

  • Chat messages with your AI companion
  • Conversation timestamps
  • AI-generated memories and facts about your preferences
  • Companion configuration (name, personality, role)

Technical Data

  • IP address (for security and fraud prevention)
  • Browser type and version
  • Device information
  • Cookies and similar technologies

4. How We Use Your Data

PurposeLegal Basis
Provide AI companion serviceContract performance
Remember conversation context (memory)Contract performance
Security and fraud preventionLegitimate interest
Service improvementsLegitimate interest (anonymized)

5. Data Storage & Security

  • All data is stored on secure servers in the European Union (Finland)
  • Data is encrypted at rest using AES-256
  • All communications use TLS/SSL encryption
  • Regular security audits and penetration testing
  • Access controls and authentication required for all data access

6. Data Retention

  • Active accounts: Data retained while account is active
  • Deleted accounts: All data deleted within 30 days of account deletion
  • Backups: Encrypted backups retained for 90 days then purged
  • Legal obligations: We may retain certain data as required by law

7. Your GDPR Rights

Under GDPR, you have the following rights:

Right to Access (Article 15)

You can request a copy of all personal data we hold about you. Contact us at [email protected] with subject line "Data Access Request".

Right to Rectification (Article 16)

You can update your information through youraccount settingsor contact us to correct inaccurate data.

Right to Erasure / "Right to be Forgotten" (Article 17)

You can delete your account and all associated data from yoursettings. We will delete your data within 30 days.

Right to Restriction of Processing (Article 18)

You can request we limit how we use your data in certain circumstances.

Right to Data Portability (Article 20)

You can request your data in a machine-readable format to transfer to another service.

Right to Object (Article 21)

You can object to processing based on legitimate interests.

8. Data Sharing — We Don't

Our Promise:

  • We do not sell your personal data
  • We do not share your data with advertisers
  • We do not use your conversations to train AI models (except yours)
  • We do not share data with third parties except as required to provide the service

We use third-party processors only for essential services:

  • Hetzner (hosting infrastructure) — EU-based
  • PostgreSQL (database) — self-hosted, EU
  • AI model providers (Ollama, OpenRouter) — processing only, no data retention

9. Cookies

We use only essential cookies:

  • Session cookie: Required for authentication
  • CSRF token: Required for security

We do not use tracking or advertising cookies.

10. International Transfers

Your data is stored in the European Union (Finland). When we use AI model providers outside the EU, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) where applicable
  • Processing agreements that prohibit data retention
  • Minimal data transmission (ephemeral processing only)

11. Children's Privacy

Our service is not intended for children under 16. If you believe we have collected data from a child under 16, please contact us immediately and we will delete the data.

12. Changes to This Policy

We may update this Privacy Policy. We will notify you of significant changes via email or through the service. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy questions or to exercise your rights:

If you have concerns about our data practices, you have the right to lodge a complaint with your local Data Protection Authority or the Finnish Data Protection Ombudsman (tietosuoja.fi).