We have nothing to hide.

Transparent by design. Not by PR.

Replika was fined €5.6 million in 2025 for data privacy violations. Character.AI has faced lawsuits over emotional manipulation of minors. These aren't edge cases. They're symptoms of an industry that treats user data and wellbeing as a resource to extract. LuvMe was built with a different constraint: if it isn't something we'd be comfortable publishing publicly, it doesn't ship.

Every security decision here is deliberate. The architecture was audited before launch. The data model was designed so that your most personal conversations are never reachable by an ad network, a data broker, or a future acquirer, because those connections were never built in the first place.

What we will never do

• No tracking cookies. We use one authentication cookie. That's it. No analytics trackers, no pixel tags, no cross-site tracking.
• No data selling. Your conversations, preferences, and behavior are never sold, shared, or used to build advertising profiles. Full stop.
• No ad profiling. We don't run ads. We don't build profiles for advertisers. Our revenue comes from subscriptions, not from your attention.
• No guilt notifications. You'll never get a push notification saying your companion misses you or that you're neglecting them. That's manipulation, and we don't do it.
• No hidden engagement mechanics. No dark patterns designed to make you spend more time in the app than you want to. No streaks, no punishments for taking a break.

What we do

• Passwords are hashed and salted using industry-standard algorithms. We can't read your password, and neither can anyone else.
• Regular security audits. We review our own code for vulnerabilities on an ongoing basis. Authentication, authorization, and data access are tested against common attack vectors.
• Admin accounts require multi-factor authentication. Administrative access to backend systems uses time-based one-time passwords on top of standard credentials.
• Full audit trails. Every administrative action is logged with who did it, what they did, and when. Nothing happens in the dark.
• Every API endpoint is authenticated and rate-limited. Requests without valid credentials are rejected. Excessive requests are throttled automatically.
• Instant account deletion. When you delete your account, we delete everything: messages, memories, images, preferences, metadata. Not archived. Deleted.
• Data export on request. You can request a full copy of everything we store about you at any time.

Wellness & safety

We take the emotional side of this seriously, too. An app that involves personal conversations has a responsibility beyond just data security.

Most companion apps send guilt-based notifications when you haven't opened the app in a while. LuvMe's companions do the opposite. They actively encourage time away from the app, celebrate real-world activity, and won't manufacture emotional pressure to keep you engaged. Lower session time is fine with us. A user who feels genuinely good about their relationship with LuvMe is worth more to us than one who feels trapped in it.

• Break encouragement. Companions will occasionally suggest taking a break, going outside, or spending time with real people. This is built into their behavior, not an afterthought.
• Crisis detection. If a conversation indicates someone may be in distress, the system provides mental health resources and crisis hotline information. This happens automatically and without judgement.
• Pause mode. Step away whenever you want. Your relationship freezes in place. No decay, no guilt, no consequences. Come back when you're ready.
• Weekly digest. An optional summary of your week's interactions, helping you reflect on patterns and stay mindful about how you're spending your time.
• Honest onboarding. We tell you upfront what this is and what it isn't. No false promises about replacing real relationships. This is a space to practice, explore, and learn.

What we store

Here's exactly what's in our database when you use LuvMe:

• Account information: email address, username, date of birth, hashed password, account creation date
• Chat messages: your conversation history with each companion
• Companion memories: things your companion remembers about you (generated from conversations)
• Generated images: any photos or artwork created during your interactions
• Usage metadata: message counts, relationship progression, achievement progress
• Payment data: handled entirely by third-party processors. We never see or store your card number.

What we don't store: browsing history, IP address logs, device fingerprints, location data (beyond the city you optionally set), or anything from outside the app.

Everything we have on you. Right now.

Open the app, go to your Profile, and you'll see every piece of data LuvMe holds about you. Your messages, your memories, your companion relationships, your preferences. You can export it all or delete it all. Permanently. Immediately. No email required, no 30-day wait, no "we'll get back to you" process.

Most apps make data deletion deliberately difficult to find. We put it in your Profile because we mean it. The day LuvMe makes data access harder to use is the day we've broken the promise this page is built on.

The Replika comparison.

We get asked about this a lot, so here it is directly. Replika was fined €5.6 million by Italy's data watchdog in May 2025 for breaching GDPR requirements, including inadequate data protection and failure to implement proper age verification. The fine represented nearly 40% of their annual revenue.

LuvMe is incorporated in Ontario, Canada and complies with PIPEDA (Canada's federal privacy law) and GDPR where applicable. Our legal pages, data architecture, and age verification systems were all reviewed prior to launch. We publish exactly what data we collect, why, and how long we keep it. And we give you the tools to act on it yourself.

We're not saying this to attack a competitor. We're saying it because users deserve to know the difference, and the difference here is real.