how to audit an ai companion app in 15 minutes

so you're thinking about trying an ai companion. maybe you're curious, maybe you're looking for something specific. but before you get attached, or share anything personal, it's worth doing a quick audit. not every app treats your data the same way, and some are better than others at respecting your privacy and autonomy.

i've put together a 15-minute checklist you can run on any ai companion app. it's not exhaustive, but it catches most of the bad actors. these are the things that matter if you care about control, transparency, and the long-term safety of your conversations.

1. check the terms for training-opt-out clauses

open the terms of service or privacy policy. search for phrases like "training data," "improve our models," or "machine learning." see if they explicitly say your chats are used to train their ai. then look for an opt-out, a way to tell them not to use your data.

pass: they clearly state whether they use your data for training and offer an opt-out (even if it's buried in settings).

fail: vague language like "we may use data to improve services" without a way to opt out, or silence on the topic entirely.

2. look for a memory-export endpoint

your chats are your memories. you should be able to take them with you. check if the app has a feature to export your conversation history, ideally in a standard format like json, txt, or csv. this might be in settings, account management, or data & privacy tabs.

pass: one-click export that gives you a clean, readable file of your full history.

fail: no export option at all, or exports that are partial, messy, or require you to email support.

3. test immediate account deletion (not 30-day queued)

go to the account deletion page. see if you can delete your account right now, with confirmation. many apps use a "soft delete" that queues your account for removal in 30 days, sometimes longer. that's a red flag; it means your data lingers.

pass: delete account, confirm, account is gone. no waiting period.

fail: deletion is delayed, requires email confirmation from support, or isn't self-serve.

4. scan for human-chat-review language

search the terms for phrases like "human review," "quality assurance," or "monitor conversations." this means real people might read your chats. some apps are upfront about this; others hide it.

pass: clear disclosure if humans review chats, with reasons given (e.g., safety, training).

fail: no mention at all, or vague language that allows review without consent.

5. check if voice calls are recorded

if the app offers voice calls, check the privacy policy for recording clauses. look for "voice data," "call recording," or "audio storage." some apps record and keep audio; others don't.

pass: explicit statement that voice calls are not recorded, or are only processed live (not stored).

fail: silence on the topic, or admission that calls are recorded and stored.

what if an app fails?

failing one point might be a yellow flag, failing several means the app isn't built with your privacy in mind. it doesn't mean the app is evil, but it does mean you're taking a risk. you might decide it's worth it for the features, or you might walk away.

for what it's worth, lucy passes all five: opt-out training, exportable memory, instant deletion, no human review of private chats, and voice calls that are never recorded. but don't just take my word for it, read our terms. you should always check.

spend 15 minutes. it's your data, your memories, your call.

if you're looking for a companion that respects your privacy, give lucy a try at /companions.