Privacy policy

socialAF (“we”, “us”, “our”) is operated by BLOVE INC, a Colorado S-Corporation, at 1155 Kelly Johnson BLVD, Suite 111, Colorado Springs, CO 80920.

Questions about this policy: [email protected].

• Account data. Name, email, authentication identifiers (hashed password or Google OAuth subject ID).
• Billing metadata. Subscription tier, Whop membership / order IDs, billing email, invoice identifiers, tax-relevant country. We never see or store full payment-card numbers. Our payment partner Whop handles card details as merchant of record.
• User-generated content. Character definitions (name, lore, tags), reference images, text prompts, generated images and video, and generation metadata (tool, aspect ratio, credit cost).
• Device & activity data. IP address, user agent, pages viewed, request timestamps, and performance metrics.
• Safety-audit records. Every prompt-safety check, image-classifier scan, and storage-layer CSAM scan writes an audit row with the affected asset, verdict, flags, and timestamp.
• Support communications. Any feedback, complaint, or support email you send us.

• Deliver, secure, and improve the service
• Process subscription billing and credit purchases
• Enforce our content-safety policy and related terms
• Detect and prevent fraud, abuse, and unauthorized access
• Respond to your questions, complaints, and legal requests
• Meet tax, accounting, and other regulatory obligations

We do not use your prompts, reference images, or generated outputs to train our own foundation models, and we do not sell your content to any third party. Generation requests are forwarded to upstream model providers (listed on our Sub-Processors page) solely to fulfill your request; each provider has its own retention and training policy, and we contractually require appropriate safeguards.

When you use the in-app agent at /agent, your conversation messages, character names, character lore, and recent generation captions are sent to Anthropic to power the conversational orchestration. We send these requests through Anthropic’s zero-retention endpoint so your prompts are not retained by Anthropic for training, fine-tuning, or any other purpose beyond satisfying the immediate request. Generation tool calls themselves still route to the upstream model providers as described above.

Personal data is shared only with the sub-processors needed to run the service: cloud hosting, databases, model inference, payment processing, safety classifiers, transactional email. The full list with data categories and regions is on our Sub-Processors page.

We may also disclose data when compelled by valid legal process (see our Law Enforcement Guidelines) or when reporting apparent child sexual abuse material to NCMEC under 18 U.S.C. § 2258A.

• Account data: while your account is active, plus up to 24 months after closure.
• Transactional records: seven years for tax and accounting purposes.
• Safety audit logs: seven years to meet our obligations under 18 U.S.C. § 2258A.
• Backups: rolling cycles of up to 90 days.
• Generated content & references: retained while your account is active and you choose to keep them; deleted on account closure unless preserved under a law-enforcement preservation request.

Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object to processing or withdraw consent. Submit requests to [email protected] with “Privacy request” in the subject line. We respond within the timelines required by applicable law (usually 30 days).

You may also request human review of any automated safety decision via our Complaints Policy appeal process.

Data may be transferred outside your country, including to the United States where our primary infrastructure is hosted. Where applicable, we rely on Standard Contractual Clauses and other lawful transfer mechanisms with our sub-processors.

We implement administrative, technical, and organizational safeguards designed to protect personal data: encryption in transit, OAuth-token encryption at rest, server-side input validation, rate limiting, and a four-layer content-safety stack. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security.

socialAF is not directed to children under 13 (or 16 in certain jurisdictions), and we do not knowingly collect data from children. If you believe we have, email [email protected] and we will delete it promptly. Content depicting minors is separately prohibited by our Content Safety policy.

We use a small number of cookies for authentication, preferences, and privacy-respecting analytics. See our Cookie Notice for details and controls.

Material changes to this policy will be announced via an in-product notice or by email to the address on file at least 30 days before taking effect. The effective date above will always reflect the current version.