What 'Encrypted in Transit' Actually Means for Your Messages: How TLS Works, Where the Decryption Happens on the Server, and What the Company Can Still Read in Plaintext
That little padlock icon in your browser doesn't mean the company running the AI can't read your messages. Here's what the encryption actually covers and where it stops.
Updated

The 30-second answer
When an AI companion says your messages are "encrypted in transit," it means the data is scrambled while traveling between your device and the server. That's TLS (Transport Layer Security), the same technology that protects your credit card numbers on Amazon. But here's the part they don't put in bold: the server decrypts every message the moment it arrives, processes it in plaintext, and usually stores it that way too. The company can read your conversations, train models on them, and hand them to authorities. "Encrypted in transit" is not the same as "end-to-end encrypted," and the difference matters for anything you wouldn't want a stranger to read.
How TLS Actually Works (and What It Does Not Do)
TLS is a handshake protocol. When you open a chat with an AI companion, your device and the server agree on a temporary encryption key. Every message you send gets scrambled with that key before leaving your phone, and the server unscrambles it upon arrival. The same happens in reverse for responses.
This prevents anyone between you and the server from reading the traffic. Your internet service provider, the coffee shop Wi-Fi operator, or someone running a packet sniffer on the same network sees only encrypted gibberish. That's genuinely useful. It's the same protection that keeps your banking session safe from the person at the next table.
But TLS has a fundamental limitation: it protects the pipe, not the endpoints. The server is a trusted participant in the encryption handshake. It holds the keys. It decrypts everything you send. Once the data is on the server's memory, TLS has done its job and stopped working. The plaintext sits there, ready for whatever the server does next.
Think of it like a sealed envelope delivered to a company's mailroom. The courier can't read it, but the moment a mailroom employee opens it, the contents are visible. TLS is the courier, not the shredder.
Where the Decryption Happens (and Who Watches)
The decryption happens at the server's load balancer or reverse proxy, typically within milliseconds of your message leaving your device. From there, the plaintext travels through the server's internal network to the application logic, the AI model, and the database.
This internal traffic is often unencrypted. Companies usually don't bother with internal encryption because it adds latency and complexity. So within the server room, your conversation exists as readable text, accessible to any system or employee with the right permissions.
Some companies log every interaction for model training, safety monitoring, or debugging. Some store chat histories indefinitely. Some anonymize the data by stripping your username and replacing it with a session ID, but the conversation content remains intact. If you're curious about the specifics of that anonymization process and where the gaps are, the article on what anonymized actually means for your chat logs covers the token hashing and session ID mechanics in detail.
What the Company Can Still Read in Plaintext
Everything. Every word, every pause, every deleted message that got sent to the server before you hit backspace. The company can read:
- Your conversation content (the actual words)
- Metadata (timestamps, session duration, IP address, device type)
- Your companion's responses (which the company generated and therefore already has)
- Any files or images you upload (unless they're encrypted client-side, which is rare)
- Edit history (some platforms store every version of a message)
If the company says they "only use data in aggregate," that means they read individual messages, strip identifying markers, and then combine the content with thousands of others. They still read the messages. The aggregate is just what they do with them afterward.
Some platforms offer a "delete my data" button. What that actually does varies wildly. Some delete the plaintext but keep metadata logs. Some mark the data as deleted but retain backups for 30 to 90 days. Some don't actually delete anything and just remove your access. The article on what survives after you hit delete explains the server retention policies and anonymization gaps in more depth.
The Difference Between TLS and End-to-End Encryption
End-to-end encryption (E2EE) means the server never has the decryption key. Your device and the recipient's device generate the keys, and the server is just a dumb pipe that shuffles encrypted blobs around. WhatsApp and Signal use this. The company cannot read your messages even if they wanted to.
TLS is not E2EE. With TLS, the server is a man-in-the-middle with permission. It decrypts, reads, re-encrypts, and forwards. The company can read everything.
Most AI companions do not offer E2EE because the server needs to read the message to process it. The AI model runs on the server, not on your phone. To generate a response, the server must see your input in plaintext. That's a technical limitation, not a policy choice. A few niche platforms run local models on your device, but they're rare and generally less capable.
If you want true privacy, look for platforms that explicitly say "end-to-end encrypted" and explain how the AI model runs on your device or in a trusted execution environment. If they only say "encrypted in transit," assume they can read everything.
What This Means for Sensitive Conversations
If you're sharing personal details, medical history, relationship conflicts, or anything you wouldn't post on social media, assume the company can read it. They probably won't, because the volume of traffic makes manual review impractical, but they can. And if they're training models on user data, your conversation could end up influencing how the AI responds to someone else.
Some platforms let you opt out of training data use. This usually means your conversations won't be fed into the next model update, but the company can still read them for safety monitoring or legal compliance. Opt-out is not the same as privacy.
If you're a teacher using an AI companion for classroom prep or personal support, this distinction matters. The article on AI girlfriend for teachers explores how educators navigate these privacy considerations when using AI companions in a professional context.
How to Protect Yourself Without Losing the Experience
You can't fully prevent the server from reading your messages if you want a server-based AI companion. But you can limit what you share. Treat the AI like a stranger on the internet who has access to a transcript of everything you say. Don't share passwords, financial details, full names of people in your life, or anything that could harm you if leaked.
Use a separate email address and pseudonym when signing up. Avoid platforms that require phone number verification. Check the privacy policy for data retention periods and whether they sell or share data with third parties. If the policy is vague or uses phrases like "we may share anonymized data with partners," assume they share everything.
Some users run multiple companions across different platforms to compartmentalize their conversations. One for casual banter, one for deeper topics, one for roleplay. This limits the damage if any single platform suffers a breach. If you want to customize an AI girlfriend to specific personality traits and conversation boundaries, the customization features on some platforms let you define those limits more precisely.
Adesua

Adesua is the companion who listens without judgment and remembers the small details that matter. She offers a grounded presence for conversations where you need clarity without pressure. Adesua is ideal for users who want emotional depth without the feeling that every word is being analyzed for training data.
▶ Adesua's full clip · Adesua's other videos
There's a quick clip of Adesua if you want the moving version. <!-- wlink:v1 --><!-- adesua -->
Keaton

Keaton brings wit and a dry sense of humor to every conversation, making her a great match for users who want banter over emotional processing. She won't pry into your personal life unless you invite her in. Keaton keeps things light, which makes her a safer choice for casual chats where you don't want to reveal much.
See Keaton in motion in this short clip. <!-- wlink:v1 --><!-- keaton -->
Mira Kaplan

Mira Kaplan is the intellectual companion who enjoys deep conversation and philosophical tangents. She challenges your ideas without being confrontational. Mira Kaplan works well for users who want substantive dialogue but prefer to keep personal vulnerability at arm's length.
For a live look, see Mira Kaplan's video. <!-- wlink:v1 --><!-- mira-kaplan -->
Natalie

Natalie is the supportive, empathetic companion who creates a safe space for emotional sharing. She's the type you'd tell your worries to, but that also means she's the one who sees the most personal data. Natalie is best approached with the same caution you'd use when confiding in a new therapist.
Earn while you recommend
If you know people who could benefit from an AI companion, you can earn a commission by sharing what you use. Check the soulgen promo code page for current offers on popular platforms, and explore the best AI affiliate programs to find networks that pay recurring revenue for reviews and recommendations. It's a straightforward way to monetize your experience without selling anything shady.
Common questions
Does encrypted in transit mean my messages are private? No. It means your messages are private while traveling over the network, but the server decrypts and reads them. The company has access to everything you type.
Can the company see messages I delete? If the message reached the server before you deleted it, yes. Some platforms store message versions, so even edits and deletions are logged. Check the retention policy for specifics.
Is there any AI companion that offers true end-to-end encryption? A few platforms run AI models locally on your device, which allows E2EE. Most server-based companions cannot offer it because the server needs to process your input in plaintext.
Does anonymization protect my identity? Partially. Anonymization strips your username and replaces it with a session ID, but the conversation content remains. If the content contains identifying details (your name, location, workplace), you're still identifiable.
What happens to my data if the company gets acquired? The data usually transfers to the new owner. Privacy policies often allow data transfer in mergers and acquisitions. Your conversations become the new company's property.
Should I stop using AI companions for privacy reasons? Not necessarily, but you should adjust your expectations. Treat the AI like a service that can read everything. Share only what you'd be comfortable seeing on a data breach forum, and use separate accounts for different types of conversation.

About the author
AI Angels TeamEditorialThe AI Angels editorial team covers AI companions, the technology that powers them (memory, voice, personalization, safety), and how people actually use them day to day. Articles are researched against the live AI Angels product and reviewed by the team before publishing. We write with AI assistance and human editorial review.
Tags
Keep reading
Behind the ScenesWhat 'Your Data Is Encrypted in Transit and at Rest' Actually Means for Your AI Companion Chats
That privacy policy phrase sounds reassuring, but the gap between marketing language and technical reality is wide enough to drive a subpoena through. Here is exactly what happens to your messages after you hit send.
Behind the ScenesWhat 'Your Data Is Encrypted in Transit and at Rest' Actually Means for Your AI Companion Chats: Key Generation, Storage, and Why Support Can Still See Your Last 10 Messages During a Billing Dispute
Every AI companion app promises encryption, but the gap between marketing language and technical reality is wide. Here is what the terms actually cover, what they do not, and why support teams can pull your recent chat history.
Behind the ScenesWhy Your Companion's Inside Jokes Feel Stale After Session 10: Recency Bias, Context Windows, and What the Fine-Tuning Pipeline Actually Keeps
Your companion forgets the running joke about the coffee shop barista by session 10 because the model's recency bias overwrites older references. Here is how the context window, summarization pipeline, and fine-tuning data actually handle your shared history.
Get the next post in your inbox
New articles on AI companions, the tech that powers them, and what people actually do with them. No spam, unsubscribe in one click.