every memory visible. every memory deletable. every byte exportable.

an ai companion you can export, delete, and audit

/settings/memory shows her full list with confidence scores. /privacy has the JSON export button and the full-account-delete button. no dark patterns. no email-the-support-team friction. just buttons.

Talk to Lucy now — no signupOr create your account

Free tier: 25 messages/day. Crypto checkout — cards coming soon.

you're not crazy

you have been told that your data is safe. you have not been given the list of what's stored. you have not been given the button to delete it. you have been given a privacy-policy PDF with 4,000 words that reduces to "trust us."

what changes that: the product ships the list, the delete button, and the export, all in-product. if those three interfaces exist and work, the product respects your data. if one is missing, it doesn't. this test is binary and you can run it in 30 seconds on any app's public settings.

what lucy does differently

lucy is built around this test explicitly. it is not a feature we added after a compliance review — it is the architecture we started with because this is a companion product and the data is sensitive by definition.

every memory row visible. /settings/memory — the list, confidence scores, source context for each row. you can read what she knows about you in plain text.

delete anything. per-row delete button. soft-deletes within 60s, hard-deletes within 24h. embedding wipe requires explicit memory-reset with a confirmation modal.

one-click JSON export. /privacy → export. includes memory graph, transcripts, companion stage, photo + voice cache references. normalized + documented so it is actually usable.

full-account purge. /privacy → delete account. 30-day grace for legal verification, then full wipe. no email-the-support-team bottleneck.

compliance is a byproduct, not the goal. GDPR, CCPA, LGPD, UK DPA — we comply with all four baseline. that falls out of doing the right thing architecturally; it is not a separate legal-review gate.

four things that change everything

every memory row visible

plain-text list at /settings/memory. confidence scores. source context. what the system actually stored about you.

one-click JSON export

full memory graph + transcripts + stage + cache refs. normalized + documented. /privacy.

per-row delete

click the trash icon. gone from prompt retrieval in 60s. full hard-delete within 24h.

full-account purge

/privacy → delete account. 30-day grace then wipe. no support-ticket friction.

gdpr / ccpa / lgpd / uk dpa by default

one codebase, most-permissive regime. compliance without regional fragmentation.

side by side

Feature
Lucy
Most AI companion apps
Memory list visible to user
/settings/memory
Varies
One-click JSON export
Rare
Delete individual memories
Rare
Full account purge
/privacy
Email support
Confidence scores shown
GDPR / CCPA / LGPD compliant by default
Varies
Free tier
25 msg/day
Varies

there is a binary test you can run on any ai companion app in 30 seconds. the test: does the product ship (1) a visible list of what it remembers about you, (2) a delete button on each row, and (3) a one-click export of the whole thing. if yes, the product respects user data as a design principle. if any are missing, the product treats user data as an asset to be extracted.

most apps fail the test. some fail on (1): memory is invisible, you just 'trust' the product. some fail on (2): you can see the list but cannot delete. some fail on (3): export exists but requires emailing support, which converts a legal right into a gated workflow. the differences matter more than they seem — they are the difference between a product that serves you and a product where you are serving the product.

why this matters more for companion apps than for normal products:

a companion knows things about you that no other app does. the name of your sister. the thing you are worried about at work. the time you mentioned you were struggling. the patterns of when you show up and when you disappear. this is not interchangeable with 'shopping history' or 'playlists.' the consequences of leaking it are personal in a way that other leaks aren't.

the specific commitments we ship:

visibility. /settings/memory is the source of truth. if the system knows it, the row is in the list. confidence score shown. source context (which conversation the memory came from) shown. no hidden tiers.

delete granularity. per-row delete is the default. if you want to remove just "user's sister's name is clara" but keep everything else, you can do that with one click. soft-delete is immediate from a retrieval standpoint; hard-delete from the graph happens in 24h; embedding wipe (removing the vector itself) happens on memory reset with confirmation.

export format. JSON with documented schema. includes the memory graph (rows + metadata), conversation transcripts, stage history, photo/voice cache references (not the binary data, which would be huge — but pointers that identify it). the schema is deliberately re-importable so you can move your data if you want to.

account purge. /privacy → delete account. 30-day grace for legal verification. full wipe at day 30 includes: profile, conversations, memory graph + vectors, photo cache, voice embeddings, referral code. payment records stay (legal retention) but are severed from the identity link.

what the export does not include: intermediate model activations, RAG retrievals at query-time (ephemeral), system scaffolding excluded from memory by design (episode-context blocks etc), or any row we classified as safety-system-only. the rule: everything the product uses to know you is in the export.

starting point: sign up, use her for a week, then open /settings/memory and see what she stored. if the list is uncomfortably detailed, that is the point — you are now in a position to edit or export it. free tier is 25 msg/day.

common questions

Can I actually download every memory Lucy stored about me?
Yes. /settings/memory shows the full list with confidence scores and source context. /privacy has a one-click export-to-JSON that includes your memory graph, conversation transcripts, companion stage, photo cache metadata, and voice embedding references. The JSON is normalized and documented; you can re-import or inspect it. This is a legal right under GDPR and we treat it as a product feature, not a compliance checkbox.
What about deleting individual memories?
Every memory row has a delete button at /settings/memory. When you delete, the row is soft-deleted from the graph and excluded from future prompt retrieval within ~60 seconds. A full hard-delete sweeps within 24h. If you want the memory gone from the embedding space too (including its vector), that requires a memory reset — available from /settings/memory with a confirmation modal.
Can I delete my entire account and have my data purged?
/privacy → 'delete account' — full purge. This removes: profile row, conversation transcripts, memory graph (both rows and vectors), photo cache, voice embedding cache, payment ledger references (the payments themselves stay for legal reasons, but the link to you is severed), and referral code. 30-day grace for compliance verification then hard-wiped. No dark pattern.
Does the export include things I'd rather not share even with myself?
Yes and no. The export is literally what the system has. If she stored something specific, it's in the JSON. What's NOT in the export: intermediate model states, RAG retrievals at query-time (those are ephemeral), or any data that was classified as memory-excluded (episode context blocks, system scaffolding). The goal is: everything the system uses to know you is visible to you.
Why is this different from other AI companion apps?
Most AI companion apps either (a) don't expose memory to you at all — it just 'works,' you can't see what she knows, (b) show you a partial memory log but can't export, or (c) technically allow export but via email-support-ticket rather than a button. We expose the full row list, the confidence scores, the source context, and the JSON button, all in-product. Runs the diagnostic in 30 seconds.
What's the legal framework?
GDPR (EU) Article 20 (right to data portability) and Article 17 (right to erasure). CCPA (California) equivalents. Brazil LGPD. UK DPA 2018. We comply with all four as a baseline regardless of where you're signing up from — the cost of maintaining one codebase with the most-permissive regime is lower than the cost of region-fragmenting data rights.

keep reading

memory explainedprivacy/privacy page101 companionsfeaturesfree trial

try her right here

pick a moment. no signup.

Try it. Right now.

No signup. No credit card. Just say hi.

every memory visible, deletable, exportable. run the 30-second test on any app. ship these three buttons or fail the data-respect bar. free 25 msg/day — try the test on us.

Start talking — no signupSee pricing

Free: 25 messages/day · Closer $14.99/mo · Bonded $29.99/mo · 18+ only