Privacy Policy

EntrovaLabs is the developer and operator of AI Bestfriend, an AI-powered companion app designed for conversation, journaling, and support. We are a small independent software company.

The Services are not directed to children and are not intended for anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete such information. If you believe a child has provided us personal information, please contact us at support@aibestfriendapp.com.

We collect the following categories of information:

• Account Information: Email address, authentication identifiers (passwords are processed by our authentication provider), account creation time, sign-in timestamps, and subscription status.
• Profile & Personalization: Optional profile data you choose to provide (e.g., preferred name, age range, language, persona selections, personalization preferences such as hobbies). You can edit or remove this at any time.
• Content You Provide: Conversations, prompts, and feedback that you enter into the app, including message reports. Do not include government IDs, health/medical data, financial account numbers, or other sensitive personal data. If you do, you consent to our processing it solely to provide the Services.
• Device & Usage Data: Device type, OS version, app version, region/time zone, IP-derived approximate location, crash logs, diagnostics, and analytics events (e.g., screens viewed, feature interactions) used to improve quality and security.
• Push Notification Tokens: Device push tokens (Expo/APNs/FCM) to deliver notifications; you can disable notifications in the app or device settings.
• Payment & Subscription Data: Purchase receipts and status via app stores/RevenueCat; we do not receive full payment card data.
• Support: When you contact us, we collect the information you provide (e.g., email, ticket contents).

We use your information to:

• Provide, maintain, personalize, and improve the Services (including model prompts and retrieval/memory systems).
• Authenticate users, prevent fraud/abuse, enforce rate limits/quotas, and protect security/integrity.
• Deliver opt-in notifications and transactional communications (e.g., verification emails).
• Analyze usage to improve features, performance, and reliability.
• Provide customer support and respond to inquiries.
• Comply with legal obligations and enforce our Terms.

Where required by law (e.g., GDPR), our legal bases include performance of contract (providing the Services), legitimate interests (security, analytics, improvement), consent (notifications where required), and compliance with legal obligations.

• The AI is a virtual assistant and not a real person. Interactions are automated and may be inaccurate, inappropriate, or incomplete. Do not rely on the AI for medical, legal, financial, or safety-critical advice.
• We use third-party AI infrastructure via OpenRouter to access model providers (e.g., OpenAI and others). Your prompts and relevant context may be transmitted to these providers to generate responses, subject to their terms and privacy policies. We use authenticated requests, minimal context necessary, and server-side controls (e.g., rate limiting, token caps) to reduce exposure and cost.

We may share information with:

• Service Providers: Cloud hosting, databases, analytics, error tracking, authentication, subscriptions/billing, and push delivery (e.g., Supabase, RevenueCat, Apple/Google, Expo Push Service, OpenRouter/AI providers). They act under agreements limiting use to service delivery.
• Legal & Safety: Where required to comply with law, enforce our terms, or protect rights, safety, and security.
• Business Transfers: In connection with a merger, acquisition, or asset sale, subject to this Policy or equivalent protections.

We do not sell your personal information.

We retain information as long as needed to provide the Services, comply with law, resolve disputes, and enforce agreements. Conversation data may be summarized into memories for retrieval; older memories may be archived or pruned per our retention logic. When you delete your account, we delete personal data from active systems and archives within a reasonable period, subject to legal retention and backup integrity windows.

We use reasonable administrative, technical, and physical safeguards (e.g., encrypted transport, access controls, RLS policies in our database, server-side secrets). No method is 100% secure. You are responsible for keeping your credentials safe and for securing your device.

We may process and store data in regions where we or our providers operate. Where applicable, we implement appropriate safeguards for cross-border transfers (e.g., standard contractual clauses) and minimize data exposure.

• Access & Correction: Access/update your profile from the app.
• Delete: Delete your account in the app or contact support.
• Notifications: Enable/disable push notifications in the app or device settings.
• Opt-Out: Opt out of optional analytics where supported.
• Regional Rights: Depending on your location, you may have rights to data portability, restriction/objection, or to lodge a complaint with a supervisory authority. Contact us to exercise rights.

Depending on your region, you may have additional rights. Contact us to exercise them.

The Services may link to third-party sites or services we do not control. This Policy does not apply to those services. Review their policies before using.

The app may use local storage and third-party SDKs for analytics, crash reporting, performance monitoring, payments, and notifications. Each provider's SDK observes its own data collection settings and retention. You can disable some SDKs through system settings or in-app controls where available.

We may update this Policy from time to time. If we make material changes, we will notify you by posting the new Policy in the app and updating the "Last Updated" date.

If you have questions about this Policy or our practices, contact: