Peach Privacy Policy
www.getpeach.ai · Date of revision: 22 March 2026
C.V. Companion Ventures Limited ("Company", "we", "us", or "our") is the Controller for the processing implemented through the website accessible at https://www.getpeach.ai and any affiliated websites or applications to which visitors or users may be redirected (the "Services").
The Company is duly incorporated under the laws of the Republic of Cyprus, registered under number HE 486475, with its registered office at Griva Digeni, 36B, Flat/Office 103, 1066, Nicosia, Cyprus.
The Services are an online AI-powered companion platform that uses artificial intelligence and machine learning algorithms to generate virtual, fictional characters ("AI Companions"), with whom you as a user of the Services ("you") can interact via text, images, voice notes, and other media formats. Parts of the Services may require you to create a user account and/or become a paid subscriber.
This Privacy Policy details how the Company collects, uses, discloses, and handles your Personal Data for the Services and, as applicable, your rights under the European Union's General Data Protection Regulation 2016/679 ("GDPR"), Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector ("ePrivacy Directive"), Cyprus Law 125(I)/2018 and Law 112(I)/2004, the UK Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003, the Federal Act on Data Protection 235.1 ("FADP"), as well as non-European data protection laws including but not limited to the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA") and the Virginia Consumer Data Protection Act (collectively, "Applicable Data Protection Law").
By using the Services, you agree that you have read and understood this Privacy Policy, as well as our Cookies Notice, which is incorporated herein by reference.
1. Definitions
All capitalised terms not otherwise defined in this Privacy Policy or in the GDPR shall have the following meaning:
"Content": the information that you provide in order to register as a User and/or in the course of using our Services. Such information includes your Personal Data, inputs in the course of conversations with AI Companions, and outputs generated in response to same.
"Consent": any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or a clear affirmative action, signifies agreement to the Processing of Personal Data relating to you.
"Controller": the natural or legal person, alone or jointly with others, who determines the purposes and means of the Processing of Personal Data and for the purposes of the Services (the Company). As used herein, the definition of "Controller" includes "Business" as defined under the CCPA.
"Data Subject": an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly. As used herein, "Data Subject" includes "Consumer" as defined under the CCPA.
"Performance of our Services": the actions necessary for us to provide our Services.
"Personal Data": any information relating to Data Subjects, such as name, address, date of birth, gender, photos, account number, location data, or online identifiers.
"Processing": any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Subscription": an arrangement between the Company and you to enable you to benefit from and/or use the Services.
"User", "you" and "your": collectively a person that has visited or is using the Services.
"Visitor": anyone who is browsing the Services without a valid Account and/or valid Subscription.
2. Purposes of Personal Data Processing
As we are committed to respecting your privacy, the Services will always be provided in accordance with the most relevant legal basis. If you do not or cannot provide us with the required data, we may not be able to provide the Services to you.
The following table sets out the categories of Personal Data we process, the purposes for which we process them, and the corresponding legal bases.
| Purpose | Categories of Personal Data | Legal Basis |
|---|---|---|
| Account Creation — Managing your registration to our Services | Email address; encrypted password; nickname/screen name; user gender; first and last name (or as disclosed by third-party login such as Google SSO); creation date and signup provider; results of any age estimation or verification process | Consent; necessity for the performance of a contract; compliance with legal obligations |
| Account Management | Currency (based on detected country); country and/or city (detected from IP address); token balance; last account update date; current and last sign-in date, time, and IP address; sign-in count | Our legitimate interest in managing user accounts and addressing queries |
| Provision of the Services — Customisation of AI Companions; generation of images; interactive chat; voice interaction | User preferences regarding AI Companions' attributes (e.g. ethnicity, age, personality — none of which relate to a living natural person); user prompts and messages voluntarily entered; output generated in response to your input | Consent; necessity for the performance of a contract |
| Support of the Services — Technical support and customer service | Supporting data entered through the "Contact us" form; email address; device information; browser type; cookies | Our legitimate interest in addressing queries and technical issues |
| De-identification, anonymisation, and aggregation — Improve and develop our Services; conduct internal research; quality assurance and data analysis | Exchanges with AI Companions (prompts, requests, and outputs) may be aggregated, anonymised, and/or de-identified | Our legitimate interest in providing and improving the best Service possible; legitimate interests of Data Subjects in data minimisation and privacy by design |
| Improvement and Development of Services and Technology — Train and develop AI models and moderation technologies; prepare datasets; conduct internal research | De-identified and/or anonymised interaction data with AI Companions; users' interactions with the platform; data consented to in user surveys | Our legitimate interest in improving our Services |
| Quality Assurance and Statistical Analysis | Content data randomly queried for QA; de-identified and/or aggregated data for monitoring usage trends | Our legitimate interest in providing the best Service possible and detecting errors and/or misuse |
| Debugging and Technical Analysis — Monitoring the platform for anomalies or security vulnerabilities | Log files (user interactions, user IDs, timestamps); log files are automatically deleted after 30 days | Our legitimate interest in improving the Service, debugging, and responding to security threats |
| Payment Processing — Subscriptions, tokens, credits, and refunds | First and last name; email address; card brand; last 4 digits of payment card; transaction date, type, amount, currency; IP address; refund type | Necessity for the performance of a contract |
| Direct Marketing — Newsletters, offers, and updates to opted-in users | Email address; first and last name; account number; whether email was opened | Our legitimate interest (direct marketing for similar products/services) or Consent (third-party marketing) |
| Analytics (other than cookies) — Third-party analytics services; customer surveys and market analysis | Account number; email address; answers provided by the User in surveys | Consent |
| Safety and Moderation — Content moderation; human review of flagged content; compliance with our policies; reporting to law enforcement | Requests and prompts to AI models; flagged Content and metadata (date/time, originating IP); account data and history; information required by local authorities in appropriate cases | Necessity for compliance with legal obligations; necessity for the performance of a contract; legitimate interest in preventing misuse |
| Legal and Accounting — Record keeping; invoice recovery; compliance with court orders; management of Data Subject requests | Supporting data such as contact data, payment data, or credentials | Necessity for compliance with legal obligations |
3. Data Collected Automatically
When you use our Services, we collect certain data automatically, some of which may include Personal Data. This includes language settings, IP address, approximate location, device settings, operating system, activity data, time of use, referring URL, browser type and version, browsing history on our platform, and the type of content you viewed.
4. Cookies and Tracking Technologies
We use cookies and similar tracking technologies on our Services. For detailed information about the types of cookies we use, the purposes for which we use them, and how you can manage your preferences, please refer to our Cookies Notice.
5. Analytics
We use third-party analytics services to help us understand how users interact with our Services. These services may use cookies and similar technologies to collect information about your use of the Services, including your IP address, browser type, pages visited, time spent on pages, and other usage data.
Where required by Applicable Data Protection Law, we will obtain your Consent before deploying non-essential analytics cookies. For more information about the specific analytics providers we use, please contact us using the details in Section 14.
6. Marketing
We may send you marketing communications about our Services, including alerts, newsletters, and invitations to events which we believe might be of interest to you. We will communicate this to you according to the contact channels you provided and your stated preferences.
If you do not wish to receive marketing information from us, you can unsubscribe by: (a) clicking on the "Unsubscribe" or subscription preferences link in a direct marketing email you have received from us; or (b) contacting us using the contact details specified in Section 14 below.
Please note that opting out of marketing communications will not affect the sending of communications related to the Services themselves (e.g. service notifications, security alerts).
7. Third-Party Marketing
We will obtain your express opt-in Consent before sharing your Personal Data with any company outside the Company for marketing purposes. You can ask us or third parties to stop sending you direct marketing messages at any time by following the opt-out links on any marketing message sent to you.
8. Disclosing Your Personal Data
We generally only disclose your Personal Data to third parties: for the provision of Services to you; if we or the third party have a legitimate interest for the disclosure; if we have your Consent; or where required to fulfil a legal obligation. We may share your information with the following categories of recipients:
- Service providers to deliver the Services, including: payment service providers; hosting service providers; email marketing tool providers; analytics providers; moderation tool providers; and other tools or technologies that support our AI Services, including at our discretion third-party LLM providers and/or hosting providers. Please note that these third parties may receive the content of your messages exchanged with AI Companions.
- Professional advisers where necessary to obtain advice or assistance, including lawyers, accountants, IT or public relations advisers.
- Legal and regulatory authorities, as required by applicable laws and regulations.
- Our staff, as needed for them to carry out their work. Staff are bound by confidentiality agreements.
- Successors in interest: in the event of a restructuring, sale, or change of control, your data may be transferred to any successor, acquirer, or purchaser as part of that transaction.
- Aggregated data recipients: we may share aggregated, de-identified information (for example, aggregated trends about the general use of our Services) publicly and with our affiliates, subsidiaries, and partners.
We will not disclose, sell, trade, or otherwise transfer your Personal Data to any third parties without your Consent (where required) or unless otherwise stated in this Privacy Policy. If the Company merges with, or is acquired by, another company, your Personal Data may be among the assets transferred. However, Personal Data will always remain subject to this Privacy Policy, as updated in accordance with Section 16.
9. Transfer of Personal Data Outside the EEA
In principle, the Company does not transmit your Personal Data to third countries. In case of transfer of your Personal Data to a country outside the European Economic Area (EEA), the Company carries out this transfer under Chapter V of the GDPR, including:
- An adequacy decision of the European Commission (Article 45 GDPR);
- Appropriate safeguards in accordance with the GDPR (Article 46 GDPR), such as Standard Contractual Clauses; or
- For occasional processing, one of the derogations provided for in Article 49 GDPR (e.g. your explicit consent and information on the risks involved, necessity for the performance of a contract, or vital interests of the Data Subject).
You may request a copy of the safeguards under which your Personal Data is transferred outside of the EEA by contacting us using the details in Section 14.
10. Retention Period
We retain your Personal Data for as long as your account is in existence or as necessary to fulfil the purposes for which we collect it or as needed to provide you with the Services, except if required otherwise by law. When you terminate your account, we will retain your Personal Data for a limited period thereafter. We generally retain:
- Account data (for which there is no legally mandated retention period): for three (3) years after your last account activity, to address potential customer enquiries and/or permit further use of the platform, or until you request deletion, in which case we delete your account data without undue delay.
- Financial and transactional data: ten (10) years from the date of issuance, in accordance with our obligations under applicable tax and accounting laws.
- Marketing data: until you withdraw your Consent, or for a maximum of two (2) years after your last platform interaction.
- Log files: automatically deleted after thirty (30) days.
- Personal Data subject to mandated retention or legal disputes: in accordance with any legally mandated retention periods, or for as long as necessary to defend or exercise our legal rights.
Retention periods may be updated from time to time based on business or regulatory requirements. In such cases, we will update this Privacy Policy accordingly.
11. Personal Data of Minors
The Company does not provide Services to or knowingly collect Personal Data from anyone under 18 years of age or the equivalent minimum age depending on jurisdiction. Our Services are intended for use only by adults who are at least 18 years of age, or the age of majority in the jurisdiction in which they reside and/or access the Services.
If we learn that our Services have been improperly accessed by an underaged individual in violation of our policies, we will take steps to delete the information as soon as possible and block such user. Parents or guardians of minors are encouraged to contact us immediately if they become aware of any unauthorised disclosure of data on behalf of the minors for whom they are responsible.
12. Third-Party Links
The Services may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website that can be accessed through the Services.
13. Your Rights
The Company ensures it can respond to your requests for the exercise of your rights in accordance with Applicable Data Protection Law.
13.1 Right of Access
You have the right to request a copy of your Personal Data that we hold, as well as information about the purposes of Processing, the categories of data, the recipients, the envisaged retention period, the existence of the right to rectification or erasure, the right to lodge a complaint, and the existence of any automated decision-making.
13.2 Right to Rectification
You have the right to obtain from us without undue delay the rectification of inaccurate Personal Data concerning you, and to have incomplete Personal Data completed.
13.3 Right to Erasure
You can request that we erase your Personal Data where: (a) it is no longer needed for the purposes for which it was collected; (b) you have withdrawn your Consent and there is no other legal ground for the Processing; (c) following a successful right to object; (d) it has been processed unlawfully; or (e) to comply with a legal obligation. We are not required to comply if the Processing is necessary for compliance with a legal obligation, the establishment, exercise, or defence of legal claims, or the performance of a contract.
13.4 Right to Restriction of Processing
You may request that we suspend the Processing of your Personal Data in certain scenarios, such as if you want us to establish the data's accuracy, where our Processing is unlawful, where you need us to hold the data for legal claims, or where you have objected to Processing.
13.5 Right to Data Portability
You can ask us to provide your Personal Data in a structured, commonly used, machine-readable format, or to have it transferred directly to another Controller, where the Processing is based on your Consent or the performance of a contract and is carried out by automated means.
13.6 Right to Withdraw Consent
You have the right to withdraw your Consent at any time and free of charge. The withdrawal of Consent shall not affect the lawfulness of Processing based on Consent before its withdrawal. If you withdraw your Consent, we may not be able to provide our Services to you in full.
13.7 Right to Object
You can object to any Processing of your Personal Data based on our legitimate interests, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights.
13.8 Right to Object to Direct Marketing
You can request that we change the manner in which we contact you for marketing purposes. You can withdraw your Consent to direct marketing at any time and free of charge, either by clicking on the "Unsubscribe" link in our emails or by contacting us using the details in Section 14.
13.9 Right to Obtain Safeguard Information
You can ask to obtain a copy of, or reference to, the safeguards under which your Personal Data is transferred outside of the European Union, the United Kingdom, or Switzerland, as applicable.
14. Contact Us and Complaints
You have a right to lodge a complaint with your local supervisory authority. In Cyprus, this is the Office of the Commissioner for Personal Data Protection.
If you have concerns about how we are Processing your Personal Data, we ask that you please attempt to resolve any issues with us first. If you have any questions, concerns, or complaints regarding this Privacy Policy, or if you wish to exercise your rights related to your Personal Data, you can reach us at:
| Contact | Details |
|---|---|
| Company Name | C.V. Companion Ventures Limited |
| Registered Address | Griva Digeni, 36B, Flat/Office 103, 1066, Nicosia, Cyprus |
| Privacy Email | privacy@getpeach.ai |
| General / Support Email | support@companion-company.com |
| Legal / IP Email | legal@getpeach.ai |
Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information. We try to respond to all legitimate requests within one month. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests, in which case we will notify you and keep you updated.
15. Data Security
We have put in place appropriate technical and organisational security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We limit access to your Personal Data to those employees, agents, contractors, and third parties who have a business need to know. They will only process your Personal Data on our instructions and are subject to a duty of confidentiality.
16. Changes to This Privacy Policy
We may revise this Privacy Policy from time to time to take account of changes in our practices or new Applicable Data Protection Law. If we modify this Privacy Policy, we will post the revised version on the Services with an updated revision date. Where such changes are substantial, we will also notify you by other means prior to the changes taking effect, such as by sending you an email notification or through the Services.
By continuing to use our Services thirty (30) days after such revisions are in effect, you will be deemed to accept and agree to the revisions and to abide by them.