CandysAI Privacy Policy

Last updated: June 5, 2025

This Privacy Policy describes how CandysAI, operated by CandysAI.com, collects, uses, processes, and protects the personal data of users who use our website available at CandysAI.com and related services (“Services”). CandysAI Services is a platform that enables interactions with virtual AI companions.

We are committed to protecting your privacy and complying with data protection regulations, including the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK Data Protection Act (UK GDPR), and other applicable regulations (“Applicable Data Protection Regulations”).

1. Data Controller

The data controller for your personal data is CandysAI.com, registered at: Polska ul. Aleja Wolności 2c 84-300 Lębork, entered in the register of entrepreneurs under number [NIP: 8411683192 REGON: 529295307].

Contact us at: smentochadam[a]gmail.com.

2. What data do we collect?

We collect personal data that is necessary for providing the Services and improving their quality. This may include:

  • Data provided by you:
    • Information provided when creating an account (e.g., email address, nickname).
    • Data provided when using the Services, such as preferences for AI companions (appearance, personality) or content generated through interactions (e.g., text messages, requests for images or voice recordings).
  • Automatically collected data:
    • Device and browser information (e.g., IP address, browser type, operating system).
    • Data related to the use of Services, such as interaction history, user preferences, time spent on the platform.
    • Cookies and similar technologies (see section 7).
  • Payment data:
    • Information related to transactions (e.g., payment card details, subscription details), processed by our payment partner PayPal. CandysAI does not store full payment card details.

3. Purpose and legal basis for data processing

Your personal data is processed for the following purposes:

  • Providing Services: To enable you to use CandysAI, including creating and personalizing AI companions and facilitating interactions (legal basis: performance of a contract, Art. 6(1)(b) GDPR).
  • Improving Services: We analyze data to enhance platform functionality and adapt it to your needs (legal basis: legitimate interest of the controller, Art. 6(1)(f) GDPR).
  • Marketing communication: We may send you information about our Services, such as newsletters or offers, if you have given your consent (legal basis: consent, Art. 6(1)(a) GDPR).
  • Legal compliance: We process data to fulfill legal obligations, e.g., in tax matters or fraud prevention (legal basis: legal obligation, Art. 6(1)(c) GDPR).
  • Security and content moderation: We monitor user-generated content to ensure compliance with platform rules (e.g., prohibition of harmful or illegal content) and to protect other users (legal basis: legitimate interest of the controller, Art. 6(1)(f) GDPR).

4. Data sharing

We do not sell or share your personal data with third parties without your consent, except in the following cases:

  • Service providers: We cooperate with trusted partners, such as PayPal (payment operator) or cloud infrastructure providers, who process data on our behalf based on data processing agreements.
  • Legal requirements: We may disclose data if required by law, e.g., at the request of law enforcement agencies or to protect our rights, property, or user safety.
  • Business transfers: In the event of a merger, acquisition, or sale of CandysAI, your data may be transferred to the new owner, subject to applicable data protection rules.

5. Payments and discretion

Payments for CandysAI Services are processed by PayPal. Transactions will appear on your bank statements as “PayPal” or a similar designation (e.g., “PayPal Polska”) to ensure discretion. The name “CandysAI” will not be visible on the statement. All transactions are secured with SSL encryption, and payment data is processed in accordance with the highest security standards.

6. Your rights

In accordance with Applicable Data Protection Regulations, you have the right to:

  • Access: You can request a copy of your personal data and information about its processing (Art. 15 GDPR).
  • Rectification: You can correct inaccurate or incomplete data (Art. 16 GDPR).
  • Erasure: You can request the deletion of your data, e.g., after ceasing to use the Services (Art. 17 GDPR).
  • Restriction of processing: You can restrict data processing in specific cases (Art. 18 GDPR).
  • Data portability: You can receive your data in a structured format or request its transfer to another entity (Art. 20 GDPR).
  • Objection: You can object to data processing based on legitimate interest (Art. 21 GDPR).
  • Withdrawal of consent: If processing is based on your consent, you can withdraw it at any time.

To exercise these rights, please contact us at smentochadam[a]gmail.com. For EU users, your request will be processed within 30 days, unless additional time is required (in which case you will be informed).

7. Cookies and tracking technologies

We use cookies and similar technologies to:

  • Ensure proper functioning of the website (strictly necessary cookies).
  • Analyze website traffic and user preferences (analytical cookies).
  • Deliver personalized advertisements (marketing cookies, with your consent).

You can manage cookie settings in your browser. More information can be found in our Cookie Policy.

8. Data security

We implement appropriate technical and organizational measures, such as SSL encryption and Cloudflare security, to protect your data from unauthorized access, loss, or alteration. However, no system is 100% secure, so we recommend regularly updating your software and exercising caution when using the internet.

Conversations with AI companions are confidential, but are subject to moderation to detect content that violates platform rules (e.g., illegal or harmful content). In such cases, we may manually review reported content and take appropriate action, such as removing content or suspending the account.

9. Data retention

Your personal data is stored for as long as necessary to provide the Services or fulfill legal obligations. For example:

  • Account data is stored for the duration of your account’s existence.
  • Transaction data may be stored for the period required by tax regulations (e.g., 5 years in Poland).
  • Analytical data is anonymized and stored for the period necessary for statistical analysis.

After ceasing to use the Services, you may request the deletion of your data, in accordance with section 6.

10. Links to third-party sites

Our website may contain links to third-party websites, plugins, or applications. We do not control these sites and recommend that you review their privacy policies.

11. Contact

If you have questions about this Privacy Policy or the processing of your data, please contact us:

  • Email: smentochadam[a]gmail.com
  • Address: Polska ul. Aleja Wolności 2c 84-300 Lębork

In case of complaints, you have the right to file a complaint with the supervisory authority, e.g., the President of the Personal Data Protection Office in Poland (ul. Stawki 2, 00-193 Warszawa, Poland).

12. Changes to the Privacy Policy

We reserve the right to update this Privacy Policy at any time. We will inform you about significant changes by posting a new version on our website or by sending an email notification. Please check this page regularly to stay informed.

Scroll to Top