Privacy Policy

Femma ("Company," "we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI companion service at femma.ai (the "Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy. This Privacy Policy is incorporated into and subject to our Terms of Service.

2.1 Information You Provide:

• Account Information: When you create an account, we collect your email address and password (stored in encrypted form by our authentication provider, Clerk).
• Phone Number: We collect and verify your phone number through a one-time passcode (OTP) sent via SMS during registration. This is used for identity verification, age verification, and account security.
• Age Verification Data: We store a record that you have confirmed you are 18 or older, along with a timestamp of when this confirmation was made. We do not store your date of birth.
• Profile Information: Optional preferences you set, such as companion preferences, language settings, and display name.
• Payment Information: When you make a purchase, payment information is processed by third-party payment processors such as CCBill. Femma does not store your full credit card number, CVV, or billing address on our servers.
• Communications: If you contact us for support, we retain those communications to provide assistance.

2.2 Information Collected Automatically:

• Usage Data: We collect aggregated usage statistics such as session duration, feature usage, and call frequency to improve our Service.
• Device Information: Basic device information including browser type, operating system, and device type.
• Log Data: Server logs that may include IP address, access times, and referring URLs. These logs are retained for a limited period for security purposes.
• AI Learning Data: Aggregated, non-identifying engagement metrics from conversations (such as conversation length and topic preferences) are used to improve AI quality. No raw conversation content is stored.

2.3 Information We Do NOT Collect:

• Your date of birth or government-issued ID numbers
• Biometric data (fingerprints, face scans)
• Precise geolocation data
• Social Security numbers or national identity numbers

We use the information we collect to:

• Provide the Service: Create and manage your account, process transactions, and deliver the Service to you.
• Verify Identity and Age: Confirm that you meet the minimum age requirement of 18 years through phone number verification and age-gate consent.
• Personalize Experience: Remember your preferences and settings to enhance your experience with the AI companion.
• Improve the Service: Analyze aggregated usage patterns to improve features, AI quality, and performance.
• Communicate: Send transactional emails, respond to inquiries, and provide customer support.
• Security: Detect, prevent, and address fraud, abuse, underage access, and security issues.
• Legal Compliance: Comply with legal obligations, including age verification laws, and enforce our terms.

We do not sell your personal information. We may share information only in the following circumstances:

• Service Providers: We work with trusted third-party service providers who assist us in operating the Service (e.g., payment processing, hosting, analytics, authentication, SMS verification). These providers are contractually obligated to protect your information and may only use it to provide services to us.
• Legal Requirements: We may disclose information if required by law, legal process, or government request, including in response to valid court orders or subpoenas.
• Protection of Rights: We may disclose information to protect the rights, property, or safety of Femma, our users, or others, including to prevent underage access.
• Law Enforcement: We may report to law enforcement if we have reason to believe the Service is being used for illegal purposes, including the exploitation of minors.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, user information may be transferred as a business asset. We will notify you of any such transfer.
• With Your Consent: We may share information for other purposes with your explicit consent.

We use the following categories of third-party services:

• Authentication: Clerk provides account authentication, including phone number verification via OTP. Their privacy policy governs their handling of your authentication data.
• Payment Processing: Payments are processed by third-party payment processors such as CCBill. Femma does not store your full credit card information. By making a payment you agree to the applicable processor's terms.
• Cloud Infrastructure: We use secure cloud hosting providers (Vercel, Supabase) to store account data and serve the application.
• Voice & AI Processing: Voice interactions are processed in real time to generate AI responses. Conversations are not permanently stored unless necessary for service improvement or user preference memory (e.g. the "Memories" feature). Voice data is not shared with third parties beyond what is necessary to operate the AI pipeline.
• Analytics: We use privacy-respecting analytics (PostHog) to understand aggregate usage patterns. Analytics data is anonymized.

Users may request deletion of their data by contacting support@femma.ai. We will process deletion requests within 30 days.

These third parties have access only to the information necessary to perform their functions and are obligated to maintain confidentiality.

We use cookies and similar technologies for the following purposes:

• Essential Cookies: Required for the Service to function, including authentication session cookies that keep you logged in.
• Age Verification Cookies: We set a cookie to record that you have passed our age-gate verification. This cookie is necessary to prevent repeated age-gate prompts and lasts for 30 days.
• Preference Cookies: Remember your settings and preferences (e.g., companion preferences, language, theme).
• Analytics Cookies: Help us understand how the Service is used. These cookies collect anonymized, aggregated data only.

Cookie Management: You can control cookies through your browser settings. Note that disabling essential cookies (including authentication and age verification cookies) may prevent you from using the Service. Disabling analytics cookies will not affect your ability to use the Service.

Local Storage: We use browser local storage to save your companion preferences and settings locally on your device for a faster experience. This data never leaves your device unless you actively sync it.

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of all data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Regular security assessments and monitoring
• Access controls and authentication measures
• Secure password hashing via our authentication provider
• Server-to-server authentication using API keys for internal services
• CORS restrictions limiting API access to authorized domains

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for 30 days afterward in case of reactivation.
• Age Verification Records: Retained as long as your account exists, as required for legal compliance.
• Transaction Records: Retained as required by tax and accounting laws (typically 7 years).
• Server Logs: Retained for up to 90 days for security purposes.
• Analytics Data: Aggregated analytics data is retained indefinitely but contains no personally identifiable information.

Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate personal information.
• Deletion: Request deletion of your personal information.
• Data Portability: Request a copy of your data in a structured, machine-readable format.
• Opt-Out: Opt out of marketing communications at any time.
• Withdraw Consent: Withdraw consent where processing is based on consent.

To exercise these rights, please contact us at privacy@femma.ai. We will respond to your request within 30 days.

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws.

When we transfer personal information internationally, we implement appropriate safeguards to protect your information, including:

• Standard contractual clauses approved by relevant authorities
• Ensuring recipients are in countries with adequate data protection laws
• Obtaining your explicit consent where required

Not Directed to Children: The Service is not directed to children under the age of 13, nor to any minors under the age of 18. This Service contains AI-generated personalized content intended exclusively for adults.

COPPA Compliance: In accordance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect, use, or disclose personal information from children under 13. We do not knowingly collect personal information from any minor under the age of 18.

Age Verification: We employ multiple layers of age verification to prevent minors from accessing the Service, including:

• Age-gate screen requiring affirmative confirmation of being 18 or older
• Phone number verification via SMS one-time passcode (OTP) during registration
• Three-part affirmative consent during onboarding (age confirmation, content acknowledgment, and Terms/Privacy agreement)

Discovery of Minor's Data: If we discover or are notified that we have inadvertently collected personal information from a minor under 18, we will take immediate steps to:

• Terminate the account
• Delete all personal information and associated data
• Block further access from the same credentials

Parental Reporting: If you are a parent or guardian and believe your child has provided personal information to or accessed the Service, please contact us immediately at support@femma.ai. We will take prompt action to investigate and remove any data associated with the minor.

California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
• Right to Delete: Request deletion of personal information we have collected.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out: Opt out of the sale or sharing of personal information. Note: We do not sell or share personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Limit: Limit the use and disclosure of sensitive personal information.

To exercise these rights, contact us at privacy@femma.ai or submit a request through your account settings.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on: (a) your consent, (b) contract performance, (c) legal obligations, or (d) legitimate interests.
• Data Protection Authority: You have the right to lodge a complaint with your local data protection authority.
• Right to Object: You may object to processing based on legitimate interests.
• Right to Restriction: You may request restriction of processing in certain circumstances.
• Right to Erasure: You may request the deletion of your data ("right to be forgotten").

We are committed to complying with all applicable US state laws regarding age verification for online services that contain adult content, including but not limited to laws enacted in Louisiana, Texas, Virginia, Utah, Arkansas, Mississippi, Montana, North Carolina, and other states.

Our age verification process, which includes an age-gate screen, phone number OTP verification, and affirmative consent during onboarding, is designed to meet or exceed the requirements of applicable state and federal laws.

If you believe we are not in compliance with the age verification laws in your jurisdiction, please contact us at legal@femma.ai.

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated Privacy Policy on our website
• Updating the "Last updated" date at the top of this page
• Sending you an email notification for significant changes

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days.