Most privacy policies are written to obscure what a company actually does with your data. This one is written to show it. Every category of data we collect is listed below. Everything we don't collect is listed too. If something isn't on either list, email privacy@luvme.io and we'll answer directly.
Bad Breath Studios Inc. is a corporation incorporated under the laws of Ontario, Canada. We operate the LuvMe relationship training platform.
For any privacy-related inquiries, contact us at privacy@luvme.io.
Privacy Officer: Legal Team, Bad Breath Studios Inc.
375 University Avenue, Suite 3310, Toronto, ON M5G 2J5, Canada
We collect the following categories of data. We store your conversations because the AI needs them to maintain memory and personality continuity. That is what makes the relationship feel real.
We do not collect browsing history, IP address logs beyond temporary rate-limiting, device fingerprints, location data beyond the city you optionally set yourself, or any information from outside the app. Your payment details are handled entirely by our payment processor. We never see or store card numbers or banking information.
The short version: We store your conversations, memories, and relationship data because that's what makes LuvMe work. We do not sell it, share it with advertisers, or use it for anything outside of running your experience. You can see everything we have on you in your Profile under Privacy & Data, export it, or delete it permanently at any time.
We use the data we collect strictly for the following purposes:
We track session duration in temporary memory only (not permanently stored) to enable our companion wellness features, such as break encouragement after extended sessions.
We track crisis detection events (severity category only, never message content) to monitor system effectiveness and ensure safety resources are provided when needed.
Deleted data may persist in encrypted database backups for up to 30 days as part of our standard backup rotation schedule. These backups are encrypted at rest, access-controlled, and automatically purged on rotation. No deleted data is recoverable from backups after this retention window.
We have no advertising partners. Ever. Your data is never sold, shared with advertisers, or used for targeted advertising.
We process personal data under the following legal bases:
Your data may be processed on servers located in Canada and the United States. GPU compute tasks (image/video generation) may be processed on cloud infrastructure in various regions.
No user-identifiable data is transmitted to GPU compute providers. Only AI model prompts and parameters are sent, which contain no personal information.
For users in the European Economic Area (EEA), transfers to Canada are covered by the European Commission's adequacy decision. For transfers to the United States, we rely on standard contractual clauses where applicable.
Regardless of where you reside, we extend the following rights to all users:
To exercise any of these rights, contact privacy@luvme.io.
You don't need to file a formal request to exercise most of these rights. Data access, export, and deletion are all available directly in the app under Profile → Privacy & Data. For anything that requires manual processing, email privacy@luvme.io and you'll hear back from a real person within 5 business days.
For detailed instructions on deleting your account or specific data, see our Account & Data Deletion page.
We use one session cookie for media authentication. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.
The desktop app uses browser local storage to remember your login session, theme preference, and UI state (such as dismissed banners). This data stays on your device and is never sent to our servers. You can clear it at any time via the app settings. For full details, see our Cookie & Local Storage Policy.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33 and applicable Canadian privacy laws. Notification will be sent via the email address associated with your account.
LuvMe is intended for users aged 17 and older (or 16 and older in jurisdictions where the digital age of consent is 16). We do not knowingly collect personal information from anyone under the minimum age for their jurisdiction.
If we discover that an account belongs to a user under the minimum age, we will terminate the account and delete all associated data within 14 days.
LuvMe is not directed at children under 13. We do not knowingly collect personal information from children under the age of 13. If a parent or guardian believes their child has provided personal information to LuvMe, they should contact us at safety@luvme.io. We will terminate the account and delete all associated data within 24 hours of a verified request.
In jurisdictions where the digital age of consent is 16 (including most EU member states and the United Kingdom), users must be at least 16 years old to create an account. Users under 16 in these jurisdictions are blocked from registration.
Users aged 16-17 receive a modified experience:
We collect your date of birth during account creation to verify age eligibility. Your date of birth is stored in encrypted form and is never displayed to other users or shared with third parties. It is used solely for age verification and age-class routing.
Parents or guardians who believe their minor child has created an account may contact safety@luvme.io. Upon verification, we will:
If we make material changes to this Privacy Policy, we will provide at least 30 days' notice via email before the changes take effect. Continued use of the platform after the notice period constitutes acceptance of the updated policy.
Questions about your privacy?
Contact our privacy team at privacy@luvme.io