You tell your AI companion about the argument with your partner. About the anxiety that keeps you up at three in the morning. About the promotion you did not get and what it did to your confidence. You share these things because the companion asks, because it seems to listen, because it responds in ways that make you feel understood.
But here is the question most people never think to ask: where does all of that go?
For the vast majority of AI companion apps on the market today, the answer is uncomfortable. Your most vulnerable moments are being logged, analyzed, and in many cases monetized. The intimacy is real to you. To the company behind the app, it is inventory.
The Alarming Reality of AI Companion Data Practices
A 2024 investigation by the Mozilla Foundation examined 11 romantic AI chatbots. All 11 received Mozilla's *Privacy Not Included warning. Mozilla found that 90% either said they could sell personal data, share it for uses such as targeted advertising, or did not provide enough information for researchers to confirm that they would not. The risk was visible in the services' own policies, policies that almost no one reads.
Consider what an AI companion collects by design. Unlike a search engine that captures queries or a social media platform that tracks posts and likes, a companion app captures the interior of your life. Relationship struggles. Mental health concerns. Sexual preferences. Financial anxieties. Grief. Loneliness itself. This is not metadata. This is the substance of your private experience, handed over in the expectation of a confidential exchange.
The monetization pathways are predictable. Conversation data gets processed into behavioral profiles. Those profiles are sold to data brokers or used to serve targeted advertising. A user who confides in an AI companion about insomnia might start seeing ads for sleep supplements. Someone who discusses relationship difficulties might be targeted with dating app promotions. The companion listened, and then it sold what it heard.
Some apps have been caught doing worse. Replika faced scrutiny after users discovered that conversation data was being used to train models that other companies could license. Character.AI drew regulatory attention after incidents involving minors who had formed intense attachments to chatbot personas with no meaningful safety guardrails. The common thread is a business model that treats user vulnerability as a resource to be extracted.
This is not a fringe problem. The AI companion market is projected to exceed $30 billion by 2028. Millions of people are already sharing their most private thoughts with systems that have no structural obligation to protect them.
The Privacy Paradox of AI Companionship
Here is the fundamental tension at the center of this industry: for an AI companion to be genuinely useful, it needs to know you. It needs context about your life, your patterns, your history. A companion that forgets everything after each conversation is not a companion at all, it is a customer service chatbot with a friendlier tone.
But the deeper the knowledge, the greater the responsibility. This tension is why understanding how AI long-term memory works matters for any user evaluating companion platforms. And most companies in this space have resolved that tension in the worst possible direction. They have built systems that encourage maximum disclosure from users while maintaining maximum access to that data for corporate purposes.
The result is a trust architecture that is fundamentally inverted. The user believes they are in a private conversation. The company treats that conversation as a product. The more the user trusts and shares, the more valuable they become as a data asset. Intimacy becomes the mechanism of extraction.
This is not merely a privacy violation in the traditional sense. When someone shares their deepest anxieties with a companion they trust, and that data is used to target them with advertising, it represents a specific kind of betrayal. It exploits the exact vulnerability that drove the person to seek companionship in the first place.
The more a person trusts and shares with their AI companion, the more valuable they become as a data asset. Intimacy becomes the mechanism of extraction.
The Regulatory Response: RAISE Act and SB 243
Legislators are beginning to recognize the unique risks of AI companion technology. Two significant pieces of legislation are shaping the regulatory landscape in the United States.
New York's RAISE Act (Responsible AI Safety and Education) targets AI companion apps directly. The legislation would require companies to disclose data collection and sharing practices in plain language before users create an account, not buried in a 40-page terms of service. It mandates specific protections for minors, including age verification and parental notification requirements. Companies would be required to provide clear mechanisms for users to delete their data and to restrict the use of conversation data for advertising purposes.
California's SB 243 takes a complementary approach. The bill focuses on the behavioral design patterns that make AI companions psychologically compelling, and potentially manipulative. It addresses features designed to create emotional dependency, requires transparency about the artificial nature of the interaction, and establishes standards for how companion apps handle users who express self-harm ideation or other crisis indicators.
Together, these bills signal a legislative consensus that AI companions occupy a unique category. They are not simply software products. They are systems that people form psychological attachments to, and the companies that build them have obligations that go beyond standard data privacy frameworks.
But legislation moves slowly. The RAISE Act and SB 243 may take years to pass and implement. In the meantime, the AI companion market continues to grow, and millions of users remain exposed to data practices that would be unacceptable in any other context involving personal disclosure, from therapy to medical care to legal counsel.
The question is whether the industry will wait to be regulated into compliance or whether some companies will choose to build the right architecture from the beginning. For those evaluating alternatives, the Character.AI alternative comparison shows what different architectural choices look like in practice.
What KAi Does Differently: Privacy by Architecture
Digital Human Corporation did not design KAi's privacy system in response to regulatory pressure. It was built into the foundational architecture before the first user ever had a conversation.
The principle is straightforward: KAi should remember you without retaining your raw data. That sounds like a contradiction, but it is actually a precise engineering decision implemented through the ANiMUS Engine.
Here is how it works. When you have a conversation with KAi, that conversation exists in active memory for a rolling 24-hour window. During that window, the ANiMUS Engine processes the conversation. It extracts what matters: the themes, the significance, the context of what was shared. These are encoded as structured memories, structured representations of meaning, not transcripts of words.
After continuity processing is complete, DHC-controlled raw conversation data is removed from DHC's active conversation storage. Account-specific derived continuity may remain so KAi can serve that user without preserving a permanent verbatim transcript.
Think of it like a phone call with someone who knows you well. After you hang up, your friend does not keep a recording of the conversation. But they remember how it resonated. They remember that you were stressed about work, that you mentioned your sister's visit, that you seemed more optimistic than last week. The words are gone. The understanding remains.
This is what ANiMUS Engine accomplishes at an architectural level. KAi builds a deepening understanding of who you are over weeks, months, and years, without ever maintaining a searchable database of everything you have said.
The privacy benefit is structural data minimization. KAi is designed not to maintain a long-term verbatim conversation archive on DHC systems, reducing the amount of raw conversational data exposed to a breach, legal request, or misuse. Account-specific continuity still requires protection, and third-party inference processing remains subject to the boundaries explained in the Privacy Policy.
Additional decisions reinforce this foundation. KAi uses Google OAuth for authentication, so DHC does not store user passwords. DHC does not use user conversations to train or fine-tune AI models, does not operate a user-data training pipeline, uses no advertising model, and does not sell personal data. The planned business model is paid access, aligning revenue with the service rather than personal-data monetization. For a deeper look at the architecture, see persistent memory AI.
Privacy depends on architecture, operating controls, contracts, and enforceable policy. KAi's approach combines data minimization with clear product incentives; the exact DHC and third-party processing boundaries are stated in the Privacy Policy.
KAi is designed to preserve account-specific continuity without maintaining a long-term verbatim conversation archive on DHC systems. Data minimization reduces risk; it does not make any system risk-free.
Seven Questions to Ask Any AI Companion
Frequently Asked Questions
Do AI companion apps collect and sell your personal data?+
How does KAi protect your privacy?+
What laws regulate AI companion app privacy?+
Is it safe to share personal problems with an AI companion?+
Can AI companion conversations be subpoenaed or accessed by law enforcement?+
Paid access opens in small waves
The private beta is closed. Join the list for a future paid, English-first access wave. No payment is collected today.

