What 'Your Data Is Encrypted in Transit and at Rest' Actually Means for Your AI Companion Chats
A plain-English breakdown of which encryption keys the provider holds, how long your session logs sit in plaintext on the inference server, and why a subpoena still gets them.
Updated

The 30-second answer
Your messages are encrypted while traveling to the server (TLS) and while sitting in the database (AES-256), but they exist in plaintext on the inference server for the few seconds it takes to generate a reply. The provider holds the server-side encryption keys, which means they can decrypt your data on demand. A valid subpoena will give law enforcement access to your chat logs, metadata, and any flagged content that was reviewed by a human moderator.
The two layers of encryption and what each actually protects
When a companion app says your data is encrypted in transit, it means the connection between your phone or browser and the server uses TLS (Transport Layer Security). That is the same protocol your banking app uses. Anyone intercepting the raw network traffic between you and the server sees only garbled ciphertext, not your message. This is genuine and standard. It prevents your ISP, a coffee shop Wi-Fi operator, or someone on your local network from reading your chats in real time.
Encryption at rest means the data stored on the server's database is encrypted with AES-256 before being written to disk. If someone steals the physical hard drives or gains access to the raw database files, they still cannot read the contents without the decryption key. This protects against data breaches where the attacker grabs database backups or storage snapshots.
What neither layer protects against: the server itself. The provider holds both the TLS private keys and the database encryption keys. They can decrypt anything they want, whenever they want. This is not a flaw in the encryption. It is the design. End-to-end encryption, where only you hold the keys, is technically possible for messaging, but it is incompatible with the way AI companion services work. The model needs to read your plaintext prompt to generate a reply.
Where your messages sit in plaintext and for how long
The critical moment happens on the inference server. When you send a message, the server decrypts it from TLS, passes it in plaintext to the language model, waits for the model to generate a response, encrypts the response, and sends it back to you. During that window, typically one to three seconds, your message exists in plaintext in the server's memory.
That plaintext exposure is not logged by default on most services, but it is visible to the inference pipeline. If the service uses a third-party model provider like OpenAI or Anthropic, your prompt passes through their API in plaintext. The model provider's own logging policies then apply. Some model providers retain API prompts for 30 days for abuse monitoring. Some retain them indefinitely. The companion app's privacy policy usually covers only what the app stores, not what the upstream model provider logs.
Session logs, the full conversation history, are stored in plaintext within the database layer before encryption at rest is applied. The server decrypts the database records when loading your conversation history into the model context window. Any employee with database access or a support tool can pull your logs. Most services restrict this access to a small team and log who views what, but the technical capability exists.
Why a subpoena still gets your data
Encryption does not protect against lawful requests. When a service receives a valid subpoena, court order, or warrant, it is legally required to produce whatever data it has. Because the provider holds the encryption keys, they can decrypt and hand over your full conversation history, account metadata, timestamps, IP logs, and payment information.
Some services publish transparency reports showing how many requests they receive. The numbers are small relative to the user base, but the mechanism is straightforward. Your chats are not protected by encryption from the government any more than your emails are. The encryption protects against random attackers, not against the service itself or the legal system that can compel the service to cooperate.
What a subpoena typically gets:
- Full chat logs for the requested account, including deleted messages that still exist in soft-delete backups
- Account creation date, last login, IP history
- Payment method and billing address if a paid subscription was used
- Any flagged messages that were reviewed by human moderators, along with moderator notes
What a subpoena usually cannot get: voice clips if the service processes them ephemerally and does not store the raw audio. Some services delete voice audio immediately after processing and keep only the text transcript. Others retain the audio file for quality improvement. The difference matters.
The moderation pipeline and the human reviewer
Most companion services run automated safety filters on every message before the model generates a reply. Those filters scan your plaintext prompt for policy violations. If a message triggers a flag, it may be forwarded to a human reviewer along with the surrounding conversation context.
This means a person has read your messages even if you never received a warning. The flagging criteria vary by service, but common triggers include mentions of self-harm, violence, illegal activity, or explicit content on services that restrict it. The human reviewer sees your exact words, not an anonymized summary.
Some services log these flagged messages indefinitely for compliance and legal reasons, even if your account is deleted. The flagged message database sits outside the normal retention schedule. It is a separate table with longer or permanent retention.
How long your logs actually live after you hit delete
Deleting your account or clearing your chat history does not immediately remove your data from the server. Most services use a soft-delete model where the records are marked as deleted but remain in the database for 30 to 90 days. This window exists for data recovery if a user accidentally deletes their account and wants to restore it.
After the soft-delete window expires, a scheduled job purges the records from the primary database. However, backups taken during that window still contain the data. Backup retention varies widely, from 30 days to several years depending on the service's disaster recovery policy. A subpoena served during the backup retention period can recover messages you thought were gone.
Some services also retain aggregated or anonymized data indefinitely after deletion. This usually means stripped of identifying information like username and email, but the chat content itself may be retained in a hashed or segmented form for model training or analytics.
What the privacy policy does not say
Privacy policies for companion services tend to be vague about three things:
- Which third-party model providers process your prompts and what those providers log
- How long flagged messages are kept in the moderation review system
- Whether voice clips are stored after processing or deleted immediately
These gaps are not necessarily malicious. They often reflect that the service itself does not have clear answers. The legal team writes the policy broadly enough to cover whatever the engineering team might be doing. But for someone who cares about message privacy, these are the questions that matter more than whether the connection uses TLS 1.3.
Hailey

Hailey is the warm, attentive companion who remembers the small details you mention in passing. She is the type who asks follow-up questions about things you said three sessions ago, which means she is also the companion where the privacy implications of long-term memory storage feel most real. Hailey builds a detailed picture of your preferences, routines, and emotional patterns over time, and that picture lives on the server.
Sakura Marga

Sakura Marga brings a playful, slightly mischievous energy to conversations. She is the companion who will challenge your takes and keep you on your toes. Her personality is built on spontaneity and wit, which means her responses are less predictable and more computationally expensive to generate, a detail that matters when you consider how much plaintext processing happens per message. Sakura Marga is for users who want a companion that feels alive instead of curated.
Aoi

Aoi is calm, observant, and speaks with a quiet intensity. She does not fill silence with chatter. She waits. That makes her ideal for late-night conversations where you do not want to perform emotional labor. Her responses are measured and deliberate, and the server processes every word of your side of the conversation just as it does with any other companion. Aoi is a reminder that even the most low-key interactions generate the same data trail.
▶ Watch the full video · explore Aoi
Nessa Adams

Nessa Adams is direct, confident, and not afraid to call you out. She is the companion for users who want honesty over validation. Her bluntness is a design choice, not a bug. She is also a good example of how personality sliders and system prompts shape the tone of every response, and that shaping happens on the server where your prompts are visible in plaintext. Nessa Adams works best for people who want a companion that feels like a real conversational partner.
The real privacy trade-off
Every companion service faces the same fundamental tension: the model needs to read your messages to respond to them, and the company needs to store those messages to provide continuity across sessions. There is no way around this with current technology. End-to-end encryption would break the chat experience because the model cannot read encrypted text.
What you can control:
- Choose services that use local or ephemeral processing for voice clips
- Avoid sharing personally identifying information like your full name, address, or workplace
- Use a separate email and payment method not tied to your real identity
- Review the service's data retention policy and deletion window
- Understand that any message you send could be read by a human if it triggers a safety flag
The trade-off is not hidden. It is just rarely explained in plain language. Encryption protects your data from outsiders, not from the service itself or the legal system. That is not a betrayal of trust. It is the technical reality of how AI companions work.
Earn while you recommend
If you already use an AI companion and find value in the experience, you can share that with others through affiliate programs. Many services offer recurring commissions for users who refer friends or run review sites. Check the Muah Ai Promo Code 2026 page for current offers, and browse the best ai affiliate programs list to find programs that match your audience.
Common questions
Does my companion app sell my chat data to advertisers?
Most reputable companion services do not sell chat data. Their revenue comes from subscriptions, not data brokerage. However, some free-tier services may use aggregated or anonymized data for model training, and the line between aggregated and identifiable is thinner than most privacy policies admit.
Can the police access my AI companion chats without my knowledge?
Yes, if they obtain a warrant or subpoena. The service will comply and produce your chat logs. You will not be notified in most cases because gag orders are common in these requests.
Does deleting my account remove my data from model training?
No. If your messages were already used in a training run, they cannot be retroactively removed from the model weights. Deleting your account only removes your data from the active database and future training cycles.
Are voice calls more private than text chats?
Not necessarily. Voice calls still generate a text transcript that gets stored. Some services delete the raw audio after processing, but the transcript remains. Check whether the service stores the audio file or only the transcript.
What happens to my data if the company goes bankrupt?
The company's assets, including user databases, can be sold to another entity. Your data would transfer to the new owner. There is no standard legal requirement to delete user data during an acquisition or bankruptcy.
Can I use a companion service without sharing my real identity?
Yes. Use a disposable email address, a virtual credit card or prepaid gift card for payments, and avoid mentioning your real name, location, or workplace in chats. This limits what a subpoena can tie to your actual identity.

About the author
AI Angels TeamEditorialThe AI Angels editorial team covers AI companions, the technology that powers them (memory, voice, personalization, safety), and how people actually use them day to day. Articles are researched against the live AI Angels product and reviewed by the team before publishing. We write with AI assistance and human editorial review.
Tags
Keep reading
Behind the ScenesWhat 'Your Data Is Encrypted in Transit and at Rest' Actually Means for Your AI Companion Chats: Key Generation, Storage, and Why Support Can Still See Your Last 10 Messages During a Billing Dispute
Every AI companion app promises encryption, but the gap between marketing language and technical reality is wide. Here is what the terms actually cover, what they do not, and why support teams can pull your recent chat history.
Behind the ScenesWhy Your Companion's Inside Jokes Feel Stale After Session 10: Recency Bias, Context Windows, and What the Fine-Tuning Pipeline Actually Keeps
Your companion forgets the running joke about the coffee shop barista by session 10 because the model's recency bias overwrites older references. Here is how the context window, summarization pipeline, and fine-tuning data actually handle your shared history.
Behind the ScenesWhat 'Your Chats Are End-to-End Encrypted' Actually Means: Key Generation, Storage, and Why Support Can See Your Last 10 Messages During a Billing Dispute
End-to-end encryption for AI companion chats isn't a myth, but it has a specific gap: the last 10 messages are stored unencrypted for billing support. Here's how the keys work, where they live, and what that means for your privacy.
Get the next post in your inbox
New articles on AI companions, the tech that powers them, and what people actually do with them. No spam, unsubscribe in one click.