Privacy Policy

1. Information We Collect

Depending on how you use EMOTomo, we may collect:

• Account information: email address, username, password (stored only as a salted hash), and — if you sign in with Google — your Google account ID, name, and profile picture. Plus any display name, bio, language, and timezone you set.
• Authentication data: login/session tokens and account security metadata.
• Chat and conversation data: the messages and prompts you send, the AI's replies, and conversation history and titles you create.
• Personalization ("memory") data: to personalize future chats, EMOTomo uses AI to extract and store short facts and topics from your conversations (for example interests or details you share). This is automated software, not human review, can be inaccurate, and is kept separately per character.
• Voice & audio data: if you use the microphone, your recorded audio is sent to a speech-to-text service to create a transcript. We do not store the audio recording — it is processed to produce text and then discarded. We do not create voiceprints.
• Payment/subscription data: if you subscribe to Pro, Stripe processes your payment; we receive a Stripe customer ID, subscription status, and billing metadata. We do not receive or store your full card number.
• Device, browser, and log data: browser/device type, timestamps, and error logs needed to run and secure the service (an IP address may appear transiently in server logs). We rely mostly on browser localStorage and set few cookies — see our Cookie Policy.
• Anonymous use: if you browse signed-out, we may use a random anonymous identifier stored in your browser; chats you start may be associated with it.

2. How We Use Data

We use data to:

• provide and operate EMOTomo and your conversations,
• authenticate users and secure accounts (fraud and abuse prevention),
• personalize characters and conversations, including the memory feature,
• generate voice transcriptions (speech-to-text) and voice replies (text-to-speech) when you use those features,
• process subscriptions and payments,
• respond to support requests and reports,
• analyze performance, debug issues, and improve reliability,
• comply with law and enforce our Terms and policies.

3. Google OAuth Data

If you sign in with Google, EMOTomo may receive basic profile information such as your email, name, and profile picture. We use this data only for authentication and account creation/management. We do not sell Google user data.

4. Data Sharing

We do not sell your personal data, and we do not sell your conversations. Because EMOTomo is an AI product, your messages and relevant context (which may include your profile and stored memory) are sent to AI providers to generate replies. We share data only with:

• AI model providers — currently OpenRouter, xAI (Grok), and optionally Ollama Cloud — which receive conversation context to generate replies;
• Voice providers — ElevenLabs (for voice replies, and as a fallback for transcription); microphone audio may also be transcribed by our own self-hosted speech model;
• Google (sign-in), Stripe (payments), our hosting/cloud provider (e.g. Microsoft Azure), an email/SMTP provider (account emails), and, if enabled, Amplitude (product analytics) and Sentry (error monitoring);
• Legal, safety, and corporate recipients — to comply with law, protect users or the service, or in connection with a merger or asset sale.

Training: EMOTomo does not train its own AI models on your conversations. Your conversations are processed by the third-party providers above under their own terms. A current list of providers is available on request.

5. Data Retention

We keep data for as long as needed to provide the service and operate securely; retention varies by data type. Short-term caches typically expire within about 24 hours, and backups are retained for a limited period before rotation. When you delete content or your account, see section 6 for what is removed and what may be retained where required by law or for security. We are aligning concrete retention periods; for specifics, contact us.

6. Your Rights and Deletion Requests

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent. In-product, you can export your conversations ("Export all chats"), clear chat history per conversation, and delete your account in settings. You can also email admin@emotomoai.com for any privacy request; we verify and respond within the time required by law (we aim for 30 days). EU/UK users may also complain to their local supervisory authority. We do not sell or "share" personal data for cross-context behavioral advertising.

7. Security

We use reasonable technical and organizational safeguards designed to protect user data, including encryption in transit (HTTPS/TLS), hashed passwords, signed session tokens, and access controls. EMOTomo does not provide end-to-end encryption, because the service must process your messages to generate AI replies. No system is perfectly secure, so we cannot guarantee absolute security.

8. Children and Minors

EMOTomo is intended for adults (18+) and is not directed to children. We do not knowingly collect personal data from anyone under the applicable minimum age. If you believe a minor has provided personal data, contact us and we will review and delete it.

9. International Users

EMOTomo operates globally and our providers may process data in countries other than yours (for example the United States and the European Union). These countries may have different data-protection laws. Where required, we rely on an appropriate transfer mechanism (such as Standard Contractual Clauses or an adequacy decision).

10. Policy Updates

We may update this Privacy Policy from time to time. We will post updates on this page and revise the effective date when changes are made.

11. Contact

For privacy questions, account data requests, or deletion requests, contact: admin@emotomoai.com