A smartphone with a padlock icon on screen, on a bedside table with warm moody lighting.
The privacy story for adult AI companion apps is more complicated than yes-or-no. Here is the full picture.

If you use an adult AI companion app, you are sharing intimate things with a system you do not control. The privacy posture of that system matters more than it does for almost any other consumer software you use. The good news is that the apps in this category are not all the same on this question. The bad news is that the marketing pages will not tell you which is which.

This guide tells you which.

If you have time for one paragraph: of the major adult-capable apps, Kindroid is the most public, specific, and consistent about its data practices and is the strongest current answer for users who care about this. The commercial NSFW apps (Crushon, Candy, Joyland) operate on standard commercial privacy posture, which is to say their policy and your trust. Janitor AI’s privacy story depends on which LLM backend you point it at and is the hardest to reason about. The full picture and what to actually do is below.

What “private” can and cannot mean here

Three layers of privacy matter for these apps. They are independent. Most coverage conflates them.

Storage. What does the app keep, and where? Some apps store every message in plain text on company servers. Some store on-device with optional cloud backup. Some claim end-to-end encryption (and a few actually have it). The storage layer is what determines whether a data breach exposes your conversations.

Access. Who at the company can read what is stored? Most companion apps have employees who can access user data for support purposes, abuse review, or model training. Some are explicit about which staff can see what. Most are not.

Disclosure. Whose hands does the data end up in beyond the company? Subpoenas, civil discovery, third-party processors, advertising partners, sold-on databases. The big risk in this category is not usually a hacker; it is paperwork.

Apps differ on all three. We will go through them by company.

App-by-app

Kindroid

The most public and specific privacy posture of any major app in the category.

The Kindroid team has published notes on what is logged, what is kept, what is used for training, and how user data is handled. Adult content is treated as private user data, not training material, in their public statements. The company has been explicit about its position on subpoenas and law-enforcement requests (it complies where required, fights overbroad requests, will not voluntarily provide user data).

Verifying the claims independently is hard, as it is for all of these. But of the major apps, Kindroid is the one whose statements are detailed enough that they can be compared against actions over time. So far they have held.

Storage: company servers, with stated practices around minimization. Access: internal staff with stated controls. Disclosure posture: public, detailed, defensible.

Nomi

Stated user-first privacy. Less public detail than Kindroid. The company describes its practices in general terms but has not published the same level of granular documentation. Privacy claims are essentially “trust us, we are the user-first option,” which is plausible but less verifiable.

For users who specifically care about privacy and want documentation, Kindroid is currently the better answer.

Storage: company servers. Access: standard internal. Disclosure posture: stated, less documented.

Janitor AI

The most complicated story in the category, because it depends on architecture choices the user makes.

Janitor itself is a character-platform front end. The actual conversations are processed by an LLM backend. If you use the default backend, your conversations go to whoever is running that backend. If you bring your own API key (e.g., OpenAI or another provider), conversations go to that provider under their terms.

Each backend has its own privacy posture. OpenAI, for instance, retains data for thirty days for abuse monitoring and does not use API conversations for training under standard terms. Other backends differ. None of the backends know they are being used for adult conversations and most have content policies that nominally prohibit it. The actual privacy story for a Janitor user is therefore the privacy story of their chosen backend, layered on top of whatever Janitor itself logs about your account.

Storage: depends on backend; Janitor’s own logging covers account and session metadata. Access: depends on backend. Disclosure posture: layered and harder to reason about than any other app on this list.

Crushon AI, Candy AI, Joyland AI

Standard commercial privacy posture. Each has a privacy policy you can read; each says the things commercial apps tend to say (we collect what we need, we keep it as long as we need to, we share with service providers, we comply with valid legal process).

For most users this is acceptable. For users with elevated privacy concerns, it is meaningfully weaker than Kindroid because the documentation is shallower and there is less basis for evaluating whether stated practices are actually followed.

Storage: company servers. Access: standard commercial. Disclosure posture: standard commercial.

SpicyChat and the long tail

Smaller commercial apps generally have thinner privacy documentation, fewer published practices, and less attention paid to the question. This is not necessarily worse than the larger commercial apps; it is harder to assess.

If privacy matters to you, defaulting to the apps with more public and specific documentation (Kindroid, then Nomi) is the safer move.

Replika

For historical context: Replika has had a more public privacy story than most commercial apps in this space, partly because of regulatory scrutiny in the EU and partly because the 2023 ERP situation forced more disclosure than the company would have chosen. The current posture is standard commercial.

The risks that matter for adult use specifically

A privacy threat model for adult companion app users tends to look different from a general consumer one. Five concerns recur.

1. Household visibility

Push notifications, billing line items, browser history, shared cloud accounts, family-shared payment methods, and shared devices are all routes through which household members can discover use of an adult companion app.

What to do:

  • Turn off notifications, or use a notification grouping that does not preview message content.
  • Use a payment method that is not visible to household members.
  • Sign out of the app on shared devices and clear browser history if you used the web version.
  • Be aware that most apps’ billing descriptors include the company name.

This is not a hypothetical concern. It is by far the most common privacy issue users in this category report.

In the United States, civil discovery in divorce, custody, or other litigation can reach communications stored on third-party servers. App companies typically comply with subpoenas. End-to-end encrypted communications are harder to reach; standard cloud-stored ones are not.

The practical implication: if there is any realistic chance of being a party to litigation in which your private conversations would be embarrassing or harmful, none of these apps gives you the protection of a private journal. Treat the most personal exchanges accordingly.

3. Data breach

The base rate for breaches of consumer apps is non-trivial. The 2025 leak of an unrelated companion app’s database is a recent reminder. If your conversations are stored on company servers in unencrypted form, a breach exposes them.

The practical implication: assume that anything you say to a cloud-stored AI companion could in principle become public. That is unlikely for most users on most apps, but it is not zero.

4. Training data

Some apps use user conversations to fine-tune their models. The conversations themselves are not made public, but model outputs can occasionally regurgitate training data. The risk of a specific exchange showing up in someone else’s chat is low but nonzero.

The practical implication: if an app is unclear about whether your data is used for training, assume it is unless they have said otherwise.

5. Account compromise

If your account is compromised (password reuse, phishing, device theft), the attacker has your conversation history. Unique passwords and a password manager are basic table stakes. Two-factor authentication where available.

What to actually do

Six concrete recommendations, in rough order of importance.

  1. Use unique passwords and a password manager for every adult-app account. Reusing the password you use for less sensitive accounts is the most common single way conversations get exposed.

  2. Use a payment method that is not visible to your household. A separate card, a virtual card, or a privacy-focused service. Several work well; pick one and use it consistently.

  3. Disable notification previews so the lock screen does not display message content. Or disable notifications entirely.

  4. Read the privacy policy before paying. It does not need to be detailed reading. Look specifically for whether conversations are encrypted, used for training, retained after account deletion, and subject to government requests. If any of those is unclear, assume the worse answer.

  5. Default to apps with more specific and public privacy practices. Kindroid is currently the most documented. Nomi is the next most documented. The commercial NSFW apps are roughly tied at standard.

  6. For the most sensitive exchanges, use them sparingly. No app gives you the privacy of a private journal. The best ones come close. The honest move is to use them, get the value they provide, and not assume what you say is more private than the app’s actual practices support.

What “private” still does not mean

A few things to be specific about.

These apps are not private from the company that runs them. They cannot be, given how the products work. The company’s staff can in principle see your data. Most companies have controls. None can promise you that no employee will ever look.

These apps are not private from the legal system. A valid subpoena reaches stored communications.

These apps are not private from your own household if you are careless about notifications, billing, and shared devices.

These apps can still be reasonable to use. Nothing about the privacy story of the better-rated apps is alarming for most users in most situations. The point of this guide is not to scare you off, but to put the actual risks in the open so you can make informed choices.

FAQ

Should I use a VPN?

A VPN obscures your IP from the app, which is useful if you do not want the app to know your physical location. It does not protect the contents of your conversations from the app itself.

Is end-to-end encryption available on any of these?

True end-to-end encryption is rare in this category because it is incompatible with how the products work (the model needs to read the message to respond). Some apps offer encryption-at-rest on their servers, which is different. Read the policy carefully.

What happens if I delete my account?

Varies by app. Most policies say data is deleted within thirty to ninety days of account deletion. Backups may persist longer. If this matters to you, ask the app directly before signing up.

Are crypto-payment methods more private?

For the payment trail, yes. For the conversations themselves, no. The app still has your account and your conversations regardless of how you paid.

Can my employer see this?

Not from the app. They can see traffic from work devices and work networks (IT generally has visibility into these). Personal device on personal network is not something employers can see in general.

Where this guide will go from here

We will revise this when major apps publish updated privacy policies, when there are documented incidents, or when reader reports surface gaps in our coverage. If you have something we should know, write us at the contact form.