Privacy Policy

1. Introduction

Luva AI LLC dba Shh ("Shh," "we," "us," "our," or the "Company") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website located at https://www.shh.com (www.shh.com) and our AI companion chat services (collectively, the "Services").

Our Services provide an online platform that uses artificial intelligence algorithms to generate virtual and fictional AI companions for conversational and entertainment purposes. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Definitions

For the purposes of this Privacy Policy:

• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Processing" means any operation performed on Personal Data.
• "Data Subject" means an identified or identifiable natural person whose Personal Data is being processed.
• "AI Companion" means the artificial intelligence-generated virtual characters available through our Services.
• "Content" means all text, images, voice messages, and other materials generated through or uploaded to our Services.
• "Controller" means the entity that determines the purposes and means of processing Personal Data.
• "Processor" means an entity that processes Personal Data on behalf of the Controller.

3. Personal Data We Collect

3.1 Account Registration Data

When you create an account, we collect:

• Email address (required)
• Password (stored in encrypted form)
• Username or display name
• Account creation date and time
• Authentication provider information (if using social login)

3.2 Profile and Preference Data

• Profile settings and preferences
• AI Companion preferences (personality traits, appearance, interests)
• Communication preferences
• Language preferences

3.3 Usage and Interaction Data

• Chat messages and conversations with AI Companions
• Content you generate or request (images, scenarios)
• User prompts and inputs
• Interaction history and patterns
• Features and functions you use
• Time spent on the platform

3.4 Payment and Transaction Data

• Transaction history and amounts
• Subscription status and type
• Token balance and usage
• Last four digits of payment card (full card details are processed by our payment providers and not stored by us)
• Billing address and country
• Payment method type

3.5 Technical and Device Data

• IP address and approximate geographic location
• Device type, operating system, and browser type
• Unique device identifiers
• Session information (login times, duration)
• Referral source and pages visited
• Cookies and similar tracking technologies

3.6 Customer Support Data

• Communication records and correspondence
• Support ticket details and history
• Feedback and survey responses

4. How We Use Your Data

4.1 Service Provision and Operation

• Creating and managing your account
• Providing access to AI Companion features
• Processing and delivering chat interactions
• Generating and delivering Content you request
• Processing payments and managing subscriptions
• Providing customer support

4.2 Service Improvement and Development

• Analyzing usage patterns to improve features
• Training and improving our AI models using aggregated, anonymized, and/or de-identified data
• Developing new features and services
• Conducting research and analytics
• Testing and quality assurance

4.3 Safety, Security, and Compliance

• Detecting and preventing fraud, abuse, and security threats
• Content moderation to enforce our Terms of Service
• Verifying age and identity where required
• Complying with legal obligations and law enforcement requests
• Protecting rights and safety of users and third parties

4.4 Communications

• Sending service-related notifications (account updates, security alerts)
• Responding to inquiries and support requests
• Sending promotional communications (with your consent, where required)

5. Legal Basis for Processing

5.1 Contract Performance

Processing necessary to perform our contract with you, including providing the Services, managing your account, and processing payments.

5.2 Consent

Where you have given explicit consent to the processing, such as for marketing communications. You may withdraw consent at any time.

5.3 Legitimate Interests

Processing necessary for our legitimate interests or those of third parties, provided your rights do not override those interests.

5.4 Legal Compliance

Processing necessary to comply with our legal obligations, including tax requirements, court orders, and regulatory requirements.

6. Data Sharing and Third Parties

6.1 Service Providers

• Payment Processors: To process transactions securely. These providers (such as Stripe) are PCI-DSS compliant.
• Cloud Hosting Providers: To host and deliver our Services reliably.
• AI and LLM Providers: Third-party AI providers may receive the content of your messages to generate responses. These providers are contractually bound to protect your data.
• Analytics Services: To understand usage patterns and improve our Services.
• Email and Communication Services: To send notifications and marketing communications.
• Content Moderation Services: To help ensure safety and compliance with our policies.

6.2 Professional Advisers

We may share data with lawyers, accountants, auditors, and other professional advisers as necessary for compliance with legal obligations and to protect our rights.

6.3 Legal and Regulatory Authorities

We may disclose Personal Data to legal and regulatory authorities as required by applicable laws, court orders, or government regulations, or to protect our rights, privacy, safety, or property.

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your Personal Data may be transferred to the successor entity as part of that transaction. We will notify you of any such change.

6.5 With Your Consent

We may share your Personal Data with other parties when you explicitly consent to such sharing.

Important: We do not sell your Personal Data to third parties for their marketing purposes.

7. Data Retention

7.1 Retention Periods

• Account Data: Retained for the duration of your account and for 3 years after account closure or last activity.
• Conversation Data: Retained for the duration of your account. You may delete individual conversations at any time.
• Payment and Financial Records: Retained for 10 years to comply with tax and accounting regulations.
• Marketing Preferences: Retained until you withdraw consent or 2 years after last interaction.
• Log Files and Technical Data: Automatically deleted after 30 days, except where required for security investigations.

7.2 Account Deletion

You may request deletion of your account and associated Personal Data at any time. Upon receiving a valid deletion request, we will delete or anonymize your Personal Data within 30 days, except where we are required by law to retain certain information.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Data: access, rectification, erasure, restriction of processing, data portability, objection to processing, withdrawal of consent, and the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

9. Cookies and Tracking Technologies

We use essential cookies (required for operation), performance cookies (anonymous usage info), functionality cookies (preferences), and analytics cookies (e.g. Google Analytics). You can manage cookies in your browser settings — disabling some may affect functionality. We currently do not respond to "Do Not Track" signals.

10. International Data Transfers

Your Personal Data may be transferred to and processed in countries outside of your country of residence. When we do, we implement Standard Contractual Clauses, Binding Corporate Rules where applicable, and contractual obligations on recipients to protect the data.

11. Security Measures

• Encryption of data in transit and at rest
• Secure password hashing
• Access controls limiting who can access Personal Data
• Regular security assessments and audits
• Employee training on data protection
• Incident response procedures

While we strive to protect your Personal Data, no method of transmission over the Internet or electronic storage is 100% secure.

12. Children's Privacy

Our Services are intended for users who are at least 18 years of age. We do not knowingly collect Personal Data from anyone under 18. If you become aware that a child has provided us with Personal Data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date, notify you by email or a prominent notice, and obtain consent where required by law.

14. Contact Us

Privacy inquiries: [email protected]
General support: [email protected]
Luva AI LLC dba Shh, Attn: Privacy Team

Additional Information for Specific Jurisdictions

California Residents (CCPA/CPRA)

You have additional rights under the CCPA and CPRA, including the right to know, delete, opt-out of sale or sharing, non-discrimination, and limit use of sensitive personal information. We do not sell your Personal Data as defined by the CCPA/CPRA.

European Economic Area, UK, and Switzerland Residents

You have rights under the GDPR and/or UK GDPR as described in Section 8.

Virginia, Colorado, Connecticut, and Other US State Residents

You have similar rights to access, correct, delete, and opt-out of certain processing activities. To exercise these rights, contact us using the information in Section 14.