Privacy Policy

1. Introduction

Welcome to PersonaLLM. We are committed to protecting your privacy and ensuring you have a safe experience using our application. This Privacy Policy explains what data we collect, how it is processed, who it is shared with, and your rights under applicable data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

PersonaLLM is operated from the United Kingdom. By using the App, you agree to the practices described in this policy.

2. Data Controller

For the purposes of UK data protection law, the data controller is Koya Ventures Ltd, a company registered in England and Wales, trading as PersonaLLM ("we", "us", "our").

Contact: support@personallm.com

PersonaLLM is registered with the UK Information Commissioner's Office (ICO). Registration number: [pending].

3. Data Stored on Your Device

PersonaLLM is designed with a local-first architecture. The following data is stored entirely on your device using Apple's SwiftData framework and is never transmitted to us or any third party:

• Chat conversations and message history
• Character definitions, lore entries, and uploaded documents
• Character memory (RAG embeddings and vector stores)
• Generated images and videos saved to your gallery
• Text-to-speech audio (processed on-device)
• App settings and preferences

We do not have access to read your private conversations or locally stored media unless you explicitly choose to share content on the Community Platform.

4. Data Shared with Third-Party AI Services

When you use cloud-based features, your data is transmitted through our secure proxy server to the following third-party AI providers. We will ask for your explicit consent before transmitting any data to these services.

On-device features — including character memory (RAG), text-to-speech, and local AI models — do not transmit any data to third parties.

5. Community Platform

If you choose to use the Community Platform, the following data is collected:

• Account information: Provided via Sign in with Apple (we receive only the identifiers Apple provides; your real email may be hidden by Apple's Private Relay)
• Uploaded characters: Character name, description, personality, scenarios, and avatar image — these become publicly visible
• Usage data: Download counts and ratings for shared characters

Community participation is entirely optional. The core App functions without it.

6. Proxy Server & Logging

Our proxy server routes requests between the App and third-party AI providers. We may temporarily log request metadata (timestamps, token counts, error codes) for analytics and error tracking. We do not store the content of your conversations, prompts, or generated media on our servers long-term.

7. Legal Basis for Processing

Under UK GDPR, we process your data on the following bases:

• Consent (Article 6(1)(a)): For transmitting your data to third-party AI services. You can withdraw consent at any time by disabling cloud features in the App's settings. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
• Contract (Article 6(1)(b)): For processing necessary to provide the service you requested, including community platform account management and fulfilling credit purchases.
• Legitimate interest (Article 6(1)(f)): For temporary logging of request metadata (timestamps, token counts, error codes) to diagnose technical errors, prevent abuse, and maintain service availability. We have assessed that this processing is necessary for our operational needs and does not override your rights, given that no conversation content is logged and logs are automatically deleted after 30 days.

8. International Data Transfers

Our third-party AI providers (OpenRouter, Atlas Cloud, RunPod) and infrastructure provider (Cloudflare) may process data outside the United Kingdom, including in the United States.

Where data is transferred to the United States, it is protected by one or more of the following safeguards:

• The UK-US Data Bridge (where the recipient is certified under the EU-US Data Privacy Framework with UK Extension)
• The UK International Data Transfer Agreement (IDTA) or the UK Addendum to EU Standard Contractual Clauses

You may request a copy of the relevant safeguards by contacting us.

9. Data Retention

• On-device data: Retained until you delete it or uninstall the App
• Proxy server logs: Automatically deleted after 30 days
• Community uploads: Retained until you remove them or request account deletion
• Purchase records: Retained as required by applicable tax and accounting law

10. Automated Decision-Making

PersonaLLM uses AI models to generate text, images, and videos in response to your inputs. This processing is automated but does not constitute automated decision-making that produces legal or similarly significant effects on you within the meaning of Article 22 of the UK GDPR. No decisions about your access, rights, or account status are made solely by automated means without human involvement.

Content filtering is applied automatically to detect prohibited content. If content is blocked and you believe this was in error, you may contact us for human review.

11. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you (Article 15)
• Rectify inaccurate personal data (Article 16)
• Erase your personal data — "right to be forgotten" (Article 17)
• Restrict processing of your data (Article 18)
• Data portability — receive your data in a structured, machine-readable format (Article 20)
• Withdraw consent at any time for processing based on consent, without affecting the lawfulness of prior processing (Article 7(3))

To exercise any of these rights, contact us at support@personallm.com. We will respond within one month as required by law. If your request is complex, we may extend this by a further two months, but we will inform you within the first month.

These rights are provided free of charge, except in cases of manifestly unfounded or excessive requests, where we may charge a reasonable fee or refuse to act.

12. Complaints

If you are unhappy with how we have handled your personal data, we encourage you to contact us first at support@personallm.com so we can try to resolve your concern. We will acknowledge your complaint within 5 working days and aim to provide a full response within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• Website: ico.org.uk/make-a-complaint
• Helpline: 0303 123 1113

13. Children's Privacy

PersonaLLM is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected data from a user under 18, we will delete that data and terminate their access promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date above and posting the revised policy on our website. Your continued use of the App after changes take effect constitutes acceptance of the revised policy.

15. Contact Us

If you have any questions or concerns about this Privacy Policy or your data, please contact us at support@personallm.com.