We will act as a data controller in relation to personal information about you that may be either provided by you or collected by us.

As a data controller, we will solely determine the purposes and means of the processing of your personal information.

In this Section 2 we have set out:

1. the general categories of personal information that we may process;
2. the purposes for which we may process personal information; and
3. the legal basis of the processing.

Please note that not all the information you provide to us is personally identifiable information according to the applicable law.

It is your sole decision whether to provide us with the requested information or not. However, if you choose to withhold the requested information, we may not be able to create an Account for you on the Platform or provide you with the possibility to use related services. Depending upon the activity, some of the information that we ask you to provide is identified as mandatory and some as optional. Please do not supply any other person’s personal information to us, unless we prompt you to do so.

Account data. We may process your account data (“account data”). The account data may include your email address, password, name, nickname (or username), account identifiers, phone number, signup metadata, country of residence, profile photo, social media identifiers, profile information.

Source. The source of the account data is you, authentication providers (Google via single sign-on functionality).

Processing. The account data may be processed for the purposes of creating your Account, providing you access to the Platform and our services, managing your Account, ensuring the security of the Platform and communicating with you.

Legal Basis. The legal basis for this processing is a performance of an agreement between you and us and/or taking steps, at your request, to enter into such an agreement, compliance with our legal obligation, the protection and assertion of our legal rights, your legal rights and the legal rights of others.

Interaction data. We may process information that you generate while using the Platform, including your interactions with AI Companions, your use of Platform features, and any materials you submit or request (“interaction data”). Interaction data may include your User Content, chat messages, prompts, instructions, reference materials, preferences, selections, interests, favourites, viewed AI Companions, generated requests, and any other information you submit, create, or engage with while using the Platform. Interaction data also includes information related to your access to or use of AI Content, including previously generated content or content made available to you on the Platform.

Source. The source of this interaction data is you, including your activities, inputs, selections and interactions with AI Companions and Platform features.

Processing. This data may be processed for the purposes of providing relevant services to you, enabling AI Companion functionality and generating AI Content, operating safety systems, including automated and human moderation, detecting fraud, misuse, or policy violations, assessing whether content, prompts, uploads, or interactions comply with our Terms of Service, policies, and applicable laws

Legal Basis. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract, compliance with legal obligations applicable to us, including obligations relating to child-protection regulations, harmful-content legislation, safety reporting frameworks, online-safety, harmful-content and digital-services regulation compliance, our legitimate interests in ensuring the security, integrity, and lawful operation of the Platform.

Customer relationship data. We may process information contained in or relating to any communication that you send to us, or relating to our customer relationships with you (“customer relationship data”). The customer relationship data may include your name, your nickname (or username), account identifiers, your contact details (phone number, social media identifier, email address or messengers identifiers you use to communicate with us) and information contained in communications between us and you.

Source. The source of the customer relationship data is you.

Processing. The customer relationship data may be processed for the purposes of managing our relationships with customers, responding to your inquiries and providing customer support, quality assurance of our customer support and communication with customers, keeping records of those communications and promoting our products and services to customers.

Legal Basis. The legal basis for this processing is a performance of an agreement between you and us and/or taking steps, at your request, to enter into such an agreement and our legitimate interest, namely the proper management of our customer relationships and administration of the Platform, performance of legal obligations applicable to us (obligations to maintain records or respond to certain regulatory requests).

Usage Data. We may process information about your use of the Platform (“usage data”). Usage data includes general technical and interaction information as well as information collected for the purpose of device fingerprinting. Depending on your device and browser settings, usage data may include:

1. your IP address and approximate location;
2. browser type and version, operating system, device type and configuration;
3. referral source, length of visit, page views, navigation paths, and interaction analytics (e.g., clicks, scrolls, features used);
4. time zone, language settings, installed fonts, screen size and system performance data;
5. unique internal identifiers generated by our systems;
6. information processed through device fingerprinting methods used for fraud detection, security, platform analytics, and access-control purposes.

Source. The source of the usage data is our analytics tracking system and your usage of the Platform.

Processing. This usage data may be processed for the purposes of analysing the use of the Platform, keeping you signed in at the Platform and complying with our legal obligations of restricting access in certain jurisdictions and/or perform enhanced or specific verification of our users in such certain jurisdictions.

Legal Basis. The legal basis for this processing is your consent, our legitimate interest, namely retrieving your location for jurisdiction-based access restrictions for adult content and compliance with local regulatory frameworks, monitoring and improving the Platform and our services, compliance with legal obligations, where geo-blocking or age-gating is required.

Age verification data. We may process information relating to your confirmation that you are eighteen (18) years of age or older, including your self-declared age, birthdate (where required), confirmation prompts, technical timestamp of your declaration, country or region information, and if applicable in your jurisdiction, identity documents or age-verification documents such as ID scans, facial verification data, or checks performed through third-party verification providers (“age verification data”). We do not store biometric templates unless required by law, third-party verifiers process biometric data directly.

Source. The source of this data is you when you confirm your age, and where mandatory, the third-party age-verification service used to validate your age or identity.

Processing. This data may be processed for the purposes of ensuring that only adults use the Platform, complying with laws and regulations applicable to adult-content platforms in relevant jurisdictions, conducting mandatory age-verification checks where required, preventing minors from accessing the Platform, detecting attempts to bypass age-restriction controls, moderation, safety assurance, and fraud prevention, reporting obligations to authorities where mandatory under child sexual abuse regulations (EU CSAM, UK Online Safety Act).

Legal Basis. The legal basis for this processing is performance of a contract with you as age confirmation is required to access the Platform, performance of our legal obligations, where applicable law requires age verification for adult content or child-protection compliance our legitimate interest, namely the protection of the Platform, other users, and compliance with international online-safety standards.

De-identified and research data. We may process de-identified or anonymised data derived from your activity on the Platform. This may include anonymised prompts, generation instructions, AI Companion configurations, reference inputs, interaction patterns, and anonymised outputs, as well as datasets created for internal research, development, model improvement, quality assurance, and system testing (“de-identified and research data”).

Source. The source of this data is your use of the Platform and the technical logs generated by our systems. All personal identifiers are removed or anonymised before use.

Processing. This data may be processed for the purposes of improving existing AI systems, developing new features, ensuring quality and safety, training or fine-tuning internal models, evaluating system performance, and enhancing Platform functionality.

Legal Basis. The legal basis for this processing is our legitimate interest in improving and developing the Platform in a safe, responsible manner.

Payment data. We may process information necessary to complete or support payments made on the Platform, including your name, email address, billing information, payment card details (limited to card brand and last four digits), transaction timestamps, purchase history, refund-related information, and limited device/browser metadata (“payment data”).

Source. The source of this data is you and/or our authorised third-party payment processors.

Processing. This data may be processed for the purposes of executing and verifying payments, preventing and detecting fraud, ensuring transaction security, managing subscriptions, crediting Internal Credits, processing refunds where applicable, and resolving payment-related issues.

Legal Basis. The legal basis for this processing is the performance of a contract between you and us, compliance with our legal obligation, the protection and assertion of our legal rights, your legal rights and the legal rights of others, our legitimate interest in fraud prevention, maintaining a secure payment environment, detection of chargebacks, misuse or unauthorised payment attempts.

Survey data. We may process survey responses, feedback forms, user-initiated questionnaires, account identifiers, email (“survey data”).

Source. The source of this data is you.

Processing. This data may be processed for market analysis, user experience evaluation, service optimisation, and internal research.

Legal Basis. The legal basis for this processing is your consent.

Moderation data. We may process prompts, instructions, uploaded User Content, AI Companion configurations, flagged messages or media, safety signals, device/IP metadata, automated detection logs, and account history (“moderation data”). This may also include data transmitted to competent authorities where legally required, including but not limited to, child-safety obligations, cybercrime investigation and reporting of imminent harm.

Source. The source of this data is you, other users, automated moderation tools, and human moderation review.

Processing. This data may be processed for detecting, preventing, and responding to abuse, enforcing our Terms of Service and policies, ensuring child-safety compliance, investigating misuse, preventing fraud or harmful activity and fulfilling our legal obligations.

Legal Basis. The legal basis for this processing is our legal obligations (including child-protection and online-safety regulations), performance of a contract between you and us and our legitimate interest in maintaining a safe and compliant Platform environment.

Legal and accounting data. We may process information required for legal, regulatory and financial compliance, including your contact details, payment-related information, transaction records, Internal Credits history, account identifiers, and any other data necessary to respond to lawful requests (“legal and accounting data”).

Source. The source of this data is you, our Platform systems, and third-party service providers (such as payment processors).

Processing. This data may be processed for statutory record-keeping, tax and accounting compliance, retention of data necessary for compliance with financial regulations, anti-money-laundering (AML) checks for card fraud and dispute/chargeback handling, responding to legal requests, managing disputes, ensuring audit requirements, managing risks or obtaining professional advice and defending or establishing legal claims.

Legal Basis. The legal basis for this processing is compliance with our legal obligations and our legitimate interest in protecting our rights and fulfilling business administration requirements.

Sensitive Data. We do not require you to provide us with personal information revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sexual orientation (“sensitive data”). If you decide to provide us, it should be your voluntary decision taken solely by you. We additionally inform you that information that is public can be seen by anyone and people you share and communicate with may download or copy the content or information you provided to them or make it public. Use caution about the personal information you share with others.

We may process your personal information identified in this Policy to keep you informed about our new products, product upgrades, special offers, webinars, events and promotions that may be of interest to you, to send you updates regarding services you have shown interest in or provide further information related to the topic you requested, or to get your consent to further contacting you regarding any other services you might be interested in.

Legal Basis. The legal basis for this processing is our legitimate interest, namely the development and conducting of our business.

We may use your personal information to send you promotional emails and/or newsletters when you have consented to receive such communications.

Legal Basis. The legal basis for this processing is your consent to receive promotional communications from us.

We may use aggregate, non-identifying statistical data for statistical analysis, marketing, or similar promotional purposes to help improve our offerings to you or to improve your browsing experience by personalising the Platform.

We do not intentionally set cookies on your device, nor do we operate our own cookie-based tracking technologies. Similarly, we do not knowingly deploy any third-party cookies through the Platform.

However, certain third-party service providers integrated into the Platform may independently use cookies, pixel tags, or similar technologies as part of their service delivery. These technologies are not controlled by us, and in some cases, we may not have full technical visibility into which cookies such third parties deploy.

We undertake reasonable efforts to ensure that the third-party providers we engage do not use cookies or similar technologies in ways that conflict with this Policy or applicable law. Nevertheless, we cannot fully guarantee that no cookies will be placed by third-party technologies operating via the Platform.

If any such technologies are detected, we will take steps to review and assess their necessity and compliance, update this Privacy Policy accordingly and provide you with additional disclosures where required by applicable law. You may control or delete cookies at any time through your browser settings, even if they were not intentionally placed by us.

We may use device fingerprinting and similar identification or analytics technologies (“Device Fingerprinting Technologies”) to enhance the security, functionality, and performance of the Platform. These technologies allow us to recognise a user’s device or browser based on a combination of attributes, such as browser type, device model, operating system version, screen resolution, language settings, time zone, installed fonts, device identifiers, session information, IP address, and interaction patterns. Device Fingerprinting Technologies do not use cookies and may operate even when cookies are disabled.

Purposes. These technologies are used for the following purposes:

1. Security and Fraud Prevention: to detect abusive or fraudulent activity (including spam accounts, account takeovers, payment fraud, and attempts to bypass safety restrictions), monitor suspicious behaviour, prevent misuse of the Platform and enforce our Terms of Service;
2. Safety and Compliance: to support moderation systems, detect prohibited conduct (including evasion of bans, harmful behaviour patterns, or attempts to manipulate AI generation filters) and comply with applicable legal obligations, including child-safety and online-safety requirements;
3. Analytics and Product Performance: to understand how users interact with the Platform, measure usage, identify technical issues, and improve functionality, user experience, and service quality;
4. Access Control and Service Integrity: to help us identify returning devices, maintain session integrity, manage Subscription access, enforce geographic restrictions, and support age-gating measures where required by law.

Source. The source of this data is your device and browser while interacting with the Platform, as well as third-party anti-fraud and analytics partners that support our security and functionality.

Legal Basis. The legal bases for this processing are: our legitimate interest (ensuring Platform security, fraud prevention, and operational integrity), performance of a contract with you (enabling core Platform functionality and protecting user accounts), our legal obligation (compliance with online-safety rules, record-keeping, and fraud-prevention obligations).

When you upload reference photos or similar materials for the purpose of configuring an AI Companion or generating AI Content, such materials may contain identifiable images of real persons, including their faces (“reference image data”). Reference image data may qualify as biometric data under applicable laws. You acknowledge that any such personal data is provided voluntarily by you, and you represent and warrant that you have obtained all necessary permissions or legal grounds required to upload such materials.

We do not perform facial recognition, identity verification, matching of uploaded faces to real individuals, or any other form of biometric identification. The Platform only uses the uploaded images as a reference to generate AI Content or configure AI Companions according to your instructions.

Although you may upload reference images to illustrate preferred appearance traits, styles, poses, body proportions, or general aesthetic directions, we do not intend, attempt or train our systems to produce AI Companions or AI Content that replicate any real person, whether the person in your reference images or any other individual. All outputs are generated synthetically and are designed to avoid creating exact likenesses. Any resemblance to real individuals is accidental and unintentional.

Purposes. We process reference image data solely for generating AI Content according to your request, configuring AI Companions based on your instructions, ensuring compliance with safety rules (including child-safety), detecting prohibited content and preventing misuse.

Legal Basis. The legal basis for processing reference image data is your explicit consent, expressed by uploading such images for generative purposes, performing the contract with you to provide the requested Platform features, performing our legal obligations, including detecting and preventing illegal content (e.g., minor protection).

Retention. Reference image data is retained only for as long as necessary to provide the requested service or comply with legal obligations. If you delete a reference image or your Account, we will delete or irreversibly anonymise such data except where further retention is required by law.

You must not upload reference images that depict minors or persons who reasonably appear under 18, depict persons without their permission, include sensitive or unlawful imagery. Violations may result in suspension or termination of your account.

For the purposes of this Policy, “processing” means any operation or set of operations performed on personal information, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination, alignment or combination, restriction, erasure, destruction, support and maintenance. Processing is carried out through computer systems and IT-enabled tools following internal organisational procedures strictly related to the purposes set out in this Policy. We do not make automated decisions that produce legal or similarly significant effects on you.

Your personal information is processed at our operating offices, on our secure servers, and in locations where our authorised service providers, contractors, or data processors operate. This includes reputable third-party hosting and infrastructure providers that support Platform functionality.

We have implemented technical and organisational measures designed to secure your personal information from accidental loss, unauthorised access, unlawful use, alteration, or disclosure. These measures include access controls, encryption, staff confidentiality obligations, secure communications, regular security testing, and quality-assurance practices.

We also use Google Workspace (including Gmail) for staff operations, including customer support communications. Any personal information shared with or stored in these systems is processed under Google’s enterprise privacy and security controls.

We may disclose your personal information to our affiliates, employees, independent contractors, and authorised service providers insofar as reasonably necessary for the purposes and legal bases set out in this Policy. For example, we may share your personal information with identity verification providers, but in some cases, you may interact with them directly and they will act as independent data controllers for the information you provide to them.

Your personal information may be accessible to employees and contractors performing functions including customer support, moderation, compliance, fraud prevention, legal analysis, system administration, security operations, AI safety review, and marketing. External service providers such as hosting providers, cloud infrastructure vendors, email delivery platforms, affiliate program tools, IP verification tools, communication tools, software development contractors, and identity-verification providers may have access where necessary and act as data processors bound by contractual safeguards.

We may share personal information with partners or vendors who provide services directly to you. For example, payment providers and banks receive the information required to process payments, detect fraud, or manage chargebacks, identity-verification partners receive your information to complete required verification checks. In these circumstances, such partners act as independent data controllers, and their own privacy policies apply.

We may disclose your personal information when required to comply with a legal obligation, including responding to subpoenas, court orders, regulatory inquiries, law-enforcement requests or applicable reporting duties (including those relating to safety, child-protection, or unlawful activity). We may also share information where necessary to protect your vital interests or those of another natural person. Professional advisers (including lawyers, accountants, auditors, fraud-prevention specialists) may receive data where required for risk management, legal compliance, or establishing, exercising, or defending legal claims.

If we transfer your personal information outside the EEA, the United Kingdom, or Switzerland, we ensure that such transfers occur under an appropriate legal safeguard, such as: (i) transfers to jurisdictions with an adequacy decision; (ii) Standard Contractual Clauses or equivalent mechanisms; or (iii) exemptions permitted under applicable law.

We retain your personal information for as long as your Account remains active or as long as is necessary to fulfil the purposes for which the information was collected, including the provision of the Platform, compliance with our legal obligations (including child-protection, harmful-content, financial, and cybersecurity requirements), the protection of our legitimate interests, and the performance of a contract between you and us.

Once your Account is terminated, deactivated, or becomes inactive, we continue to retain certain categories of personal information for a limited period, strictly in accordance with legal, regulatory, and operational requirements. This includes retaining data to address potential inquiries, defend or establish legal claims, detect or prevent fraud, comply with online-safety reporting duties, fulfil accounting and tax obligations and resolve disputes.

In general, and unless a longer retention period is required by applicable law:

account data, interaction data, moderation data, and AI-related logs may be retained for three (3) to five (5) years from the date of your last activity on the Platform or the closure of your Account, for security, anti-fraud, child-safety compliance, misuse detection, and legal defence purposes;

financial and transactional data (including payment and Internal Credit history) is retained for seven (7) years from the date of issuance, in accordance with tax, financial-reporting and anti-money-laundering obligations;

customer support communications may be retained for up to two (2) years from your last interaction with us, for quality assurance, dispute resolution, and service analytics;

marketing data, where based on consent, is retained until you withdraw your consent, or otherwise for up to two (2) years from your last interaction with our marketing communications;

age-verification data (including documents, checks, and related logs) is retained only for as long as necessary to comply with applicable regional adult-access requirements and online-safety legislation. Where law permits, such data is deleted or irreversibly anonymised promptly after verification is completed, unless retention is required for fraud-prevention, audit purposes, or compliance with legal obligations.

Following the expiry of relevant retention periods, or when the processing purpose no longer applies, we either delete personal information or anonymise it so that it can no longer be linked to you. Where deletion is technically impossible (e.g. due to backup integrity), we continue to store the data securely but cease all processing for any operational purpose.

We may retain anonymised and de-identified data indefinitely, as such data no longer constitutes personal information under applicable law and is used solely for improving the Platform, enhancing safety mechanisms, training systems, and conducting internal research.

Account Deactivation. At any time, you can deactivate/cancel your Account and erase your personal information by emailing support@lovel.ai. If you choose to deactivate your Account, we will generally delete all your personal information and it will not be recoverable should you later create another Account.

The Platform may contain links to any other websites or services. Please note that we are not responsible for the privacy practices or the content of such websites or services, and you should review the privacy policy of each such website or service to make sure you are comfortable with it before providing any personal information.

As a data subject (a person whose personal information is collected, stored and processed) you have several rights under data privacy laws:

Right of access. You have the right to obtain confirmation if your personal information is being processed by us. If that is the case, you can access your personal information and the following information: (i) the purposes of the processing; (ii) the categories of personal information; (iii) to whom the personal information has been or will be disclosed; (iv) the envisaged period for which the personal information will be stored, or the criteria used to determine that period.

If you would like to have a copy of your personal information from us, we will provide it if (i) you prove your identity, (ii) it will not adversely affect the rights and freedoms of others. The first copy will be provided for free, for any further copies we may charge a reasonable fee based on administrative costs.

Right to rectification. You have the right to demand that we correct without undue delay your personal information which we have in our systems if it is inaccurate or incomplete.

Right to erasure (“right to be forgotten”). You have the right to demand that we erase your personal information, and we shall erase it without undue delay where one of the following grounds applies: (i) this personal information is no longer necessary in relation to the purposes for which it was processed; (ii) you withdraw consent on which the processing is based, and where there is no other legal ground for the processing; (iii) you object to the processing and there are no overriding legitimate grounds; (iv) your personal information has been unlawfully processed; (v) your personal information has to be erased for compliance with a legal obligation.

Right to restrict processing. You have the right to restrict us in the ability of processing your information where one of the following applies: (i) you contest the accuracy of your personal information and we are verifying it; (ii) the processing is unlawful and you want to restrict it instead of erasure; (iii) we no longer need your personal information, but you need it for establishment, exercise or defense of legal claims; (iv) you have objected to the processing and we are verifying whether legitimate grounds override your request.

Right to data portability. You have the right to receive your personal information which you provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another company, where: (i) the processing is based on your consent or on a contract; and (ii) the processing is carried out by automated means.

Where technically feasible, you can demand that we transmit those data directly to another company.

Right to object. You have the right to object to the processing of your personal information based on our legitimate interests. We shall no longer process your personal information unless we demonstrate compelling legitimate grounds for the processing or for the establishment, exercise or defense of legal claims.

Where personal information is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal information for such marketing.

Right to withdraw consent. You have the right to withdraw your consent for processing of your personal information at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

We may modify this Privacy Policy by providing notice of such changes, such as by sending you an email, providing notice through the Platform or updating the “Last Updated” date at the bottom of this Privacy Policy. By continuing to access or use of the Platform, you confirm your agreement to the modified Privacy Policy. If you do not agree to any modification to this Privacy Policy, you must stop using the Platform and related services and delete our applications from your devices. We encourage you to frequently review the Privacy Policy to ensure you understand the terms and conditions that apply to your access to, and use of, the Platform and related services.

If you have any requests concerning your personal information or any queries with regard to this Privacy Policy please feel free to contact us at support@lovel.ai or our mailing address below:

MAX ATTN CAPITAL LTD
John Kennedy, 8, IRIS HOUSE, Floor 7, Office 740C 3106, Limassol, Cyprus

Last Updated on 1 December 2025