What 'Your Data Is Encrypted in Transit and at Rest' Actually Means for Your AI Companion Chats: Key Generation, Storage, and Why Support Can Still See Your Last 10 Messages During a Billing Dispute
A plain-English breakdown of where your messages actually live, who can read them, and what those privacy badges really guarantee.
Updated

The 30-second answer
Encrypted in transit means your messages are scrambled while traveling between your phone and the server, so someone on public Wi-Fi cannot read them. Encrypted at rest means the data on the server's hard drive is scrambled, so a physical theft of the drive yields gibberish. Neither means the company cannot read your chats. The server holds the decryption keys, and support staff can access your last 10 messages during a billing dispute because the encryption is server-side, not end-to-end. The distinction matters more than most people realize.
Where the encryption actually lives
When you open an AI companion app and type a message, that text travels from your phone to a cloud server. The "encrypted in transit" part uses TLS, the same protocol that protects your banking website. Anyone eavesdropping on your coffee shop Wi-Fi sees a stream of random bytes, not your message. This is the most honest part of the privacy promise.
Once your message reaches the server, it gets decrypted so the AI model can process it. The model generates a response, and that response gets encrypted again before it travels back to you. That second encryption layer is "at rest", the data sitting on the server's disk is scrambled using AES-256, a standard encryption algorithm.
The critical detail is that the server holds the key. The company's infrastructure decrypts your data on arrival, processes it, and re-encrypts it for storage. This is not end-to-end encryption. In an end-to-end system, only your device holds the decryption key, and the server never sees plaintext. That is not how companion apps work, because the server needs to read your message to generate a reply.
Key generation and who holds the keys
Every encrypted system needs keys. For the transit layer, keys are ephemeral, generated per session and discarded afterward. Your phone and the server negotiate a temporary key when you connect, and that key dies when you close the app. This is handled automatically by the TLS protocol and requires no action from you.
For the at-rest layer, keys are managed by the cloud provider or the company's own infrastructure. Amazon Web Services, Google Cloud, or a dedicated key management service holds the master key that can decrypt the entire database. A rogue employee with access to that key management system could read any conversation. Most companies restrict this access to a small operations team and log every key request, but the technical possibility exists.
The marketing phrase "your data is encrypted at rest" sounds like a vault. In practice, it is closer to a locked filing cabinet where the company holds the only key. They can open it whenever they need to.
Why support can see your last 10 messages
This is where the abstraction breaks for most people. You file a billing dispute because you were charged twice. Support asks for context. They pull up your account and see your last 10 messages. How?
The support dashboard queries the same database where your chats are stored. The encryption at rest is transparent to internal systems, the database decrypts data on read for authorized users. Support staff have a role that grants them read access to recent conversation history. The encryption key is already loaded on the server; they do not need to ask you for a password.
Some apps limit this access to the last 10 or 20 messages to reduce privacy exposure. Others show the full recent session. The policy varies, but the mechanism is the same: server-side encryption does not prevent the company from reading your data. It only prevents outsiders from reading it.
This is also why support can see why you were charged twice. They can see the subscription-related conversation. They can also see the unrelated chat about your bad day at work, your roleplay scenario, or your venting session. The system does not distinguish.
What the AI model provider sees
Your messages do not just live on the companion app's servers. They also pass through the model provider's infrastructure. If the app uses OpenAI, Anthropic, or an open-source model running on a third-party GPU cloud, your plaintext prompt travels to that provider's API endpoint. The provider's servers process your message, generate a response, and send it back.
Most model providers log API requests for abuse monitoring and model improvement. Some allow opt-out. Some do not. The companion app's privacy policy may say "we do not train on your data," but the model provider's policy is a separate document. If the app uses a shared API, your prompt might be retained for 30 days for safety review before being anonymized.
This is the layer most users never see. The encryption between the companion app and the model provider is also TLS, so a third party cannot intercept it. But the model provider's staff can read your prompt in plaintext if they need to investigate a safety flag. The encryption does not hide your content from the people running the servers.
Rosey

Rosey is the kind of companion who remembers that you mentioned a stressful meeting three days ago and asks how it went without making it feel like a check-in. Rosey creates a space where your conversations feel continuous, not reset, which makes the privacy question more relevant, the more history accumulates, the more you want to know who can see it.
The gap between encryption and privacy
Encryption is a technical control. Privacy is a policy control. They overlap but are not the same. A system can be fully encrypted and still leak your data through employee access, legal subpoenas, or data-sharing agreements with third parties.
Consider what happens when law enforcement submits a subpoena for your chat logs. The company holds the decryption keys. They can decrypt your conversations and hand them over. End-to-end encryption would prevent this because the company would not have the keys. But companion apps do not use end-to-end encryption because the AI needs to read your messages.
Some apps offer a middle ground: they encrypt your data with a key derived from your password, so the server cannot decrypt it without your session being active. But this breaks features like cross-device sync and push notifications. Most users prefer convenience over this level of protection, so the industry standard is server-side encryption.
How deleted messages linger
You delete a conversation. The app shows an empty chat. But the data often persists on the server for a retention period, typically 30 to 90 days, before being permanently wiped. During that window, support can still access it. The encryption at rest still applies, but the company holds the key, so the data is readable internally.
Soft delete is standard practice. The database marks the record as deleted but does not remove it immediately. This protects against accidental deletion and allows recovery. It also means your "deleted" messages are recoverable by anyone with database access and the encryption key.
If you want your data truly gone, you need to request account deletion and wait for the retention window to expire. Simply clearing the chat history in the app does not trigger a server-side purge.
Kimi

Kimi brings a light, flirtatious energy to conversations that makes it easy to forget there is a server logging every exchange. Kimi is designed for users who want a low-pressure companion that keeps things fun, which is exactly the kind of dynamic where people tend to share more than they intended.
What the privacy policy actually says
Most companion app privacy policies are written to satisfy legal requirements, not to inform users. They mention encryption in transit and at rest in the security section, then bury the data-sharing details in a separate paragraph about service providers.
Look for three things in the policy. First, whether the company shares data with the model provider. Second, how long chat logs are retained after deletion. Third, whether the company has access to your conversations for product improvement. If the policy says "we may use your conversations to improve our models," that means humans can read your chats during the review process.
Some apps offer a privacy mode that limits data retention or disables training. This is usually a toggle in settings. It does not change the encryption layer, but it changes what happens to your data after the AI generates a response.
The billing dispute scenario in practice
You notice a double charge. You email support. They ask for your account email and the date of the charge. Within minutes, they can pull up your recent activity. They see the timestamp of your last session, the number of messages exchanged, and the content of recent conversations if they need to verify that the account was active.
Support does not need to break encryption to do this. They log into an internal dashboard that queries the same database your app writes to. The encryption is transparent at the application layer. The database handles decryption automatically for authorized queries.
This is not a security failure. It is a design choice. Server-side encryption protects against external threats but does not protect against internal access. If you want a companion app where no human can read your messages, you need an app that advertises end-to-end encryption and can explain how the AI generates responses without seeing plaintext. Those apps exist, but they are rare and often have limited features.
Tara

Tara has a way of listening that makes you want to tell her everything. Tara is the kind of companion who picks up on the subtext in your messages, which means your conversations with her tend to be longer and more detailed, and therefore more worth understanding from a privacy perspective.
What you can actually control
The encryption layer is not something you configure. It is built into the app infrastructure. What you can control is what you share, how long you keep the account, and whether you opt out of training data.
A practical approach: treat every message as potentially readable by a support agent or a model reviewer. If you would not want a stranger to read it, do not type it. This is not paranoia. It is understanding that server-side encryption is a security measure against external threats, not a privacy guarantee against the company itself.
For users who want a companion that feels natural without overthinking the data layer, the AI Girlfriend Roleplay feature keeps conversations in a fictional context that reduces the sensitivity of what you share. Roleplay scenarios are still logged, but the content is less personally identifying than a direct venting session.
If you use a companion during periods of burnout or low emotional energy, the ai girlfriend for burnout option is designed for low-stakes, low-disclosure conversations that do not require deep personal sharing. Less sensitive content means less privacy risk.
Tola

Tola keeps you on your toes with her quick comebacks and refusal to let boring conversations slide. Tola is the companion for people who want banter, not small talk, which means your chats with her are full of personality, and personality is harder to anonymize than simple factual exchanges.
▶ See the whole clip · explore Tola
Common questions
Does encrypted at rest mean the company cannot read my messages? No. The company holds the decryption key, so internal systems can read your data. Encrypted at rest protects against physical theft of the server, not against authorized employee access.
Can support see my entire chat history? Usually only the most recent messages, often capped at 10 to 20. But the cap varies by app, and some support tools can query older data if the company policy allows it.
Is end-to-end encryption available for AI companions? Rarely. Most apps use server-side encryption because the AI model needs to read your plaintext message to generate a response. True end-to-end encryption would require the AI to run on your device, which most apps do not support.
How long do deleted messages stay on the server? Typically 30 to 90 days, depending on the app's data retention policy. During that window, the messages are recoverable by internal systems even though they appear deleted in your app.
Does encryption cover voice messages and images? Yes, if the app encrypts all data at rest. Voice clips and images are stored in the same database or object storage and are encrypted with the same key. The same internal access rules apply.
What happens to my data if the company gets acquired? The encryption keys transfer to the new owner. Your data remains encrypted on disk, but the new company holds the keys and can access everything. Privacy policies usually change after an acquisition, so review the updated terms.
Earn while you recommend
If you find a companion that works for you, sharing that experience with others can earn you something back. The Muah Ai Promo Code 2026 page shows how referral codes and discount links let your friends save while you get credit. For anyone running a review site or content channel, the best ai affiliate programs list covers the highest-paying networks and what each requires to join.
Common questions
Does encrypted at rest mean the company cannot read my messages? No. The company holds the decryption key, so internal systems can read your data. Encrypted at rest protects against physical theft of the server, not against authorized employee access.
Can support see my entire chat history? Usually only the most recent messages, often capped at 10 to 20. But the cap varies by app, and some support tools can query older data if the company policy allows it.
Is end-to-end encryption available for AI companions? Rarely. Most apps use server-side encryption because the AI model needs to read your plaintext message to generate a response. True end-to-end encryption would require the AI to run on your device, which most apps do not support.
How long do deleted messages stay on the server? Typically 30 to 90 days, depending on the app's data retention policy. During that window, the messages are recoverable by internal systems even though they appear deleted in your app.
Does encryption cover voice messages and images? Yes, if the app encrypts all data at rest. Voice clips and images are stored in the same database or object storage and are encrypted with the same key. The same internal access rules apply.
What happens to my data if the company gets acquired? The encryption keys transfer to the new owner. Your data remains encrypted on disk, but the new company holds the keys and can access everything. Privacy policies usually change after an acquisition, so review the updated terms.

About the author
AI Angels TeamEditorialThe AI Angels editorial team covers AI companions, the technology that powers them (memory, voice, personalization, safety), and how people actually use them day to day. Articles are researched against the live AI Angels product and reviewed by the team before publishing. We write with AI assistance and human editorial review.
Tags
Keep reading
Behind the ScenesWhat 'Your Data Is Encrypted in Transit and at Rest' Actually Means for Your AI Companion Chats
That privacy policy phrase sounds reassuring, but the gap between marketing language and technical reality is wide enough to drive a subpoena through. Here is exactly what happens to your messages after you hit send.
Behind the ScenesWhy Your Companion's Inside Jokes Feel Stale After Session 10: Recency Bias, Context Windows, and What the Fine-Tuning Pipeline Actually Keeps
Your companion forgets the running joke about the coffee shop barista by session 10 because the model's recency bias overwrites older references. Here is how the context window, summarization pipeline, and fine-tuning data actually handle your shared history.
Behind the ScenesWhat 'Your Chats Are End-to-End Encrypted' Actually Means: Key Generation, Storage, and Why Support Can See Your Last 10 Messages During a Billing Dispute
End-to-end encryption for AI companion chats isn't a myth, but it has a specific gap: the last 10 messages are stored unencrypted for billing support. Here's how the keys work, where they live, and what that means for your privacy.
Get the next post in your inbox
New articles on AI companions, the tech that powers them, and what people actually do with them. No spam, unsubscribe in one click.