Cave team · May 26, 2026 · 7 min read

Are your AI companion chats actually private?

Often not by default. Many consumer AI products use your conversations to improve or train their models unless you opt out, and few let you see everything they've stored about you. Before telling an AI companion your life, check three things: whether your chats train models, whether you can see and delete what it keeps, and who else can read it.

Why does privacy matter more for a companion than a chatbot?

Because of what you put in.

Ask a chatbot for a risotto recipe and the privacy stakes are roughly zero. But that's not what people tell a companion. A companion gets the fight with your mother, the doubt about your marriage, the health scare you haven't told anyone about, the thing you did at 19 that still embarrasses you. Companion chats aren't queries. They're diaries.

That changes the math completely. A leaked search history is awkward. A leaked diary is a different category of harm — and an AI companion accumulates that diary automatically, every day, in your own words, timestamped and organized. The more honest the product encourages you to be (and honesty is the whole point of a companion), the more it owes you on privacy. Most apps haven't earned what they're asking for.

Regulators have noticed the same asymmetry. The FTC has opened an inquiry into companies running AI companion chatbots, asking — among other things — how they handle and monetize the personal information users share. And when Mozilla's Privacy Not Included project reviewed romantic AI chatbot apps, it flagged nearly all of them for poor privacy practices. You don't need the specifics to take the lesson: in this category, assume nothing and check everything.

Are your chats used to train AI models?

Frequently, yes — by default.

A common pattern across consumer AI products: conversations from free and consumer tiers may be used to train or improve models unless you find the setting and opt out, while business and enterprise tiers are excluded by contract. Notice what that pricing structure admits — companies treat training-on-your-chats as something paying organizations would never accept, but consumers will tolerate if it's buried in a toggle.

What "used for training" means in practice:

  • Your words may be reviewed, processed, or sampled to improve future models.
  • Once trained into a model, your data can't be meaningfully pulled back out. Deletion removes the chat log, not whatever the model already absorbed.
  • The policy can change. An app that doesn't train on chats today may update its terms tomorrow, especially after an acquisition.

So make it the first question you ask, and don't accept vibes for an answer. Look for a plain sentence in the privacy policy: "We do not use your conversations to train AI models." If you can't find that sentence, assume the opposite.

For the record, since this post will be held to its own standard: Cave's answer is the plain sentence. Your memory is yours, and memory on Cave is never used for training — that's the mission statement, not a settings toggle.

Can you see and delete what an AI companion stores about you?

This is the test most apps fail, and it's the one that matters most for a companion.

Any app that remembers you is building a file on you. The only acceptable version of that is a file you can open. Three levels, from worst to best:

  1. Black box. The app clearly remembers things — it references past chats — but there's no way to see what it has stored. You're trusting a memory you can't audit.
  2. Partial visibility. You can view some extracted facts or saved memories, usually a terse list, and delete individual entries. Better, but you're seeing a summary of the file, not the file.
  3. Full, readable memory. You can open everything the AI knows about you, read it in plain words, see how it's organized, and remove what you want gone.

Deletion deserves equal scrutiny. "Delete" should mean the data is actually removed from the company's systems within a stated window — not just hidden from your screen. A trustworthy privacy policy says what deletion means and how long it takes. A vague one is an answer too.

This is also where privacy and memory stop being separate questions. Readable memory is simultaneously a feature and a safeguard: the same design that makes an AI actually remember you is what makes its memory auditable. Cave was built on that principle — your conversations are private, they're not used to train AI models, and the memory Cave builds is organized by topics and yours to open and read, like a document about you that you can actually inspect.

Who can actually read your conversations?

More people than "nobody," usually. The honest list of possible readers:

  • Employees and contractors. Many AI companies allow some human review of conversations — for safety, moderation, or quality. Check whether the policy mentions it and whether you can opt out.
  • Third-party processors. Most apps run on other companies' models and infrastructure. Your words may transit several organizations, each with its own retention rules.
  • Advertisers and data partners. If the app is free and ad-supported, ask yourself what's being sold. A diary is exactly the data profile advertisers dream about.
  • Anyone, after a breach. Companies get hacked. The relevant question isn't whether a breach is possible — it's how much readable, sensitive material is sitting there when it happens, and for how long it was retained.
  • Law enforcement and courts. Chat logs held by a company can be subpoenaed. This isn't paranoia; it's how stored data works everywhere.

None of this means you shouldn't talk to an AI. It means the level of candor a companion invites deserves the level of scrutiny you'd apply to anything holding your diary.

What should you check before telling an AI companion your life?

The checklist. Ten minutes with an app's privacy policy and settings answers most of it:

  1. Training: Does the policy plainly state that conversations are not used to train AI models? Is that the default, or an opt-out you must find?
  2. Visibility: Can you open and read what the app has stored and remembered about you — all of it, not a summary?
  3. Deletion: Can you delete your data, and does the policy say what deletion actually means and how long it takes?
  4. Human access: Do employees or contractors ever read conversations? Under what conditions?
  5. Business model: Is it a subscription, or is it free with ads? If your data isn't the thing being paid for, who's paying, with what?
  6. Third parties: Is conversation data shared with or sold to anyone? Which model and infrastructure providers does it pass through?
  7. Retention: How long are chats kept? Indefinite retention of diary-grade data is a standing liability.
  8. Policy changes: Does the company commit to notifying you if any of the above changes?

An app doesn't need a perfect score. But it should have clear, findable answers to at least the first three — training, visibility, deletion. Those are the load-bearing ones. We apply this same checklist when we compare the best AI companion apps, because in this category privacy isn't a footnote to the review; it's half the review.

One more honest note: no privacy policy makes it wise to outsource everything. An AI companion is a good place to think out loud. Serious struggles — the kind that involve safety or crisis — deserve a professional, not an app.

FAQ

Are AI companion apps private?

Not reliably, and not by default. Practices vary widely: some consumer AI products use chats for model training unless you opt out, allow human review, or retain data indefinitely, while others — Cave among them — keep conversations private and don't use them to train AI models. The only way to know is to check the specific app's privacy policy for training, visibility, and deletion answers.

Is my data used to train AI models?

It depends entirely on the app. A common industry pattern is that consumer-tier conversations are used for model training by default, with an opt-out buried in settings, while business tiers are excluded. The sentence to look for is a plain, unconditional one — Cave's, for example, is "memory on Cave is never used for training." If an app can't say it that plainly, assume your chats are training data.

Can I delete what an AI knows about me?

Usually you can delete chat logs, but read what "delete" means: some apps remove data from their systems within a stated window, others merely hide it from your view, and data already used for training can't be pulled back out of a model. Prefer apps that let you see everything stored about you and state concretely how deletion works.

Is it safe to tell an AI companion personal things?

It can be, if the app earns it. Companion chats are effectively a diary, so hold the app to diary standards: no training on your conversations, memory you can open and read, real deletion, and a subscription business model rather than an ad-driven one. And keep one human rule regardless of the app: anything involving crisis or safety belongs with a professional, not a chatbot.

What questions should I ask before using an AI companion?

Three load-bearing ones: Are my conversations used to train AI models? Can I see everything the app stores and remembers about me? Can I actually delete it, and what does deletion mean? After those: do humans ever read chats, who is the data shared with, how long is it retained, and what's the business model. Clear answers to the first three are the minimum bar.