charactr Download free
charactr Trust & safety Privacy

Privacy Policy

What we collect, how we use it, and the controls you have over your data and AI processing.

Last updated: April 29, 2026

Effective: April 29, 2026 · Last updated: April 29, 2026

This Privacy Policy ("Policy") explains how Charactr, Inc. ("charactr," "we," "us," "our") collects, uses, shares, and protects personal information ("Personal Data") in connection with all charactr products and services, including:

  • The charactr iOS application distributed through the Apple App Store (the "App");
  • The charactr web application at charactr.xyz (the "Web App");
  • This marketing website at charactr.com;
  • Any APIs, SDKs, plugins, embeds, and other services we provide (collectively, the "Service").

By using the Service, you confirm you have read and agree to this Policy. For our terms of use, see the Terms of Service. For our content rules, see the AI & Content Policy. For details on the third-party AI providers we use, see the AI Providers & Disclosure page.

1. Who we are (data controller)

charactr is operated by Charactr, Inc., a Delaware corporation. For all data-protection purposes, Charactr, Inc. is the controller of your Personal Data.

  • Email: privacy@character.app
  • Postal: Charactr, Inc., privacy correspondence accepted by email above
  • EU/UK representatives: we will appoint a representative as required under GDPR Article 27 / UK GDPR; current contact information is available on request to privacy@character.app.

2. The Personal Data we collect

We collect Personal Data in the categories set out below. The categories track Apple's App Store Privacy Nutrition Label taxonomy and the data taxonomy used by major U.S. and EU privacy laws.

2.1 Information you provide

  • Account data — email address, display name, age confirmation (the Service is for users 17+), and authentication identifiers (e.g., from Sign in with Apple).
  • User content — characters you create; scene scripts, prompts, and direction notes; voice references; visual references; storyboards and rendered scenes; project metadata.
  • Audio — voice you record for voice-driven scene direction, dialogue capture, or speech-to-text transcription.
  • Communications — any messages you send to support, abuse, rights, or sales addresses.

2.2 Information collected automatically

  • Identifiers — internal account ID; device identifiers provided by Apple (IDFV) and the operating system; session identifiers.
  • Usage data — features used, generation requests, in-app actions, session timestamps, app version, locale, time zone.
  • Diagnostics — crash logs, performance metrics, error traces.
  • Network and device data — coarse network type, device model, OS version, screen size.

2.3 Information from third parties

  • Apple App Store — purchase receipts, subscription state, refund signals (we never see your card number).
  • Stripe (web only, where applicable) — payment confirmation tokens (we never see your card number).
  • Authentication providers — when you use Sign in with Apple, we receive a unique identifier and (if you choose) your name and email.

2.4 Categories of data we do not collect

  • Precise geolocation.
  • Health, fitness, biometric, or genetic data.
  • Contacts list, call history, SMS, photos library, or microphone outside features you explicitly use.
  • Browsing history outside the Service.
  • Special-category / sensitive data under GDPR Article 9 unless you voluntarily include it in user content.

3. How we use Personal Data and our lawful bases

We process Personal Data for the purposes below. For users in the European Economic Area, the United Kingdom, and Switzerland, the indicated GDPR Article 6 lawful basis applies.

  • To deliver and operate the Service — generate scenes, render voices, sync your library across iOS and web, run subscriptions and purchases. Lawful basis: performance of a contract (Art. 6(1)(b)).
  • To prevent abuse and enforce our policies — detect attempts to violate our AI & Content Policy, investigate reports, protect users and the Service. Lawful basis: legitimate interests in safety, security, and platform integrity (Art. 6(1)(f)); legal obligation (Art. 6(1)(c)) where applicable.
  • To improve and develop the Service — fix bugs, measure performance, develop new features. Lawful basis: legitimate interests (Art. 6(1)(f)).
  • To improve AI models — only with your explicit, in-app opt-in. By default we do not use your user content to train foundation models. Lawful basis: consent (Art. 6(1)(a)); withdrawable any time in Settings.
  • To communicate with you — service notices, security alerts, legal updates (transactional); product news (only if you opt in). Lawful basis: legitimate interests (transactional); consent (marketing).
  • To comply with law — respond to lawful requests, defend legal claims, satisfy regulatory obligations. Lawful basis: legal obligation (Art. 6(1)(c)); legitimate interests (Art. 6(1)(f)).

4. AI processing and third-party providers

charactr generates content using a routed mix of third-party AI foundation-model providers. To deliver a generation we send relevant inputs (your prompt, character references, scene context, voice parameters) to the appropriate provider for that step. We never send your account credentials, payment information, or unrelated app activity. We use enterprise / zero-retention provider modes where available and opt out of provider training on user content where an opt-out is offered.

For the named provider list, what is sent to whom, and the in-app point-of-generation disclosure that satisfies Apple App Review Guideline 5.1.2(i), see our AI Providers & Disclosure page.

5. How we share Personal Data

We share Personal Data only as set out below. We do not sell Personal Data and do not share it for cross-context behavioral advertising. Every third party with whom we share user data is contractually bound to provide the same or equal protection of user data as stated in this Policy and as required by Apple's App Review Guidelines.

  • Affiliates — entities under common control with Charactr, Inc., for the purposes described in this Policy.
  • Legal and safety — law enforcement, regulators, courts, and other parties where we are required by law, where we believe disclosure is necessary to investigate fraud or imminent harm, or to enforce our Terms.
  • Corporate transactions — in connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality protections.
  • With your direction — if you choose to share content publicly, post a scene, or grant another user access.

5.1 Sub-processors

The categories of sub-processors and the data they receive:

  • Cloud hosting and backend — Supabase (database, authentication, file storage). Receives: account data, user content, identifiers.
  • Payment processing — Apple App Store (iOS purchases), Stripe (web purchases). Receive: transaction confirmations and amounts. We never receive your card number.
  • AI generation providers — see the AI Providers & Disclosure page for the full list and what is sent. Receive: prompts, character references, scene context, voice parameters.
  • Email delivery — Mailgun (transactional email). Receives: email address, message content for delivery.
  • Customer support and abuse-handling tools — used to triage rights@character.app, support@character.app, and privacy@character.app mail.
  • Analytics and crash reporting — anonymous, aggregated metrics about feature use and crash diagnostics.
  • Domain and DNS — Google Cloud DNS / Google Workspace (email).

We periodically review sub-processors and remove those that do not meet our data-handling bar. Material changes to sub-processors are reflected here and announced in-app.

6. Account, retention, and deletion

6.1 Account deletion (in-app and on the web)

You can delete your charactr account at any time and at no cost. In line with Apple App Review Guideline 5.1.1(v), in-app account deletion is offered alongside account creation:

  • iOS app — open the app, go to Settings → Account → Delete account. Confirm the deletion. Your account is queued for deletion immediately.
  • Web (charactr.xyz) — sign in, go to Settings → Account → Delete account.
  • Email — if you cannot access the in-app flow, email privacy@character.app from the address on file with subject line DELETE MY ACCOUNT. We will verify your identity and complete the deletion.

When you delete your account, your characters, scenes, voice and visual references, prompts, drops, and other user content are deleted from the active Service immediately and from backups within 30 days. Some records are retained for the periods set out below where required by law or for safety purposes.

6.2 What you can delete without closing your account

  • A character or project — delete it from your library; it is removed immediately and from backups within 30 days.
  • A specific generated output — delete from the gallery in-app.
  • Voice and visual references — manage and remove in your character's reference library.
  • Marketing email subscriptions — unsubscribe via the link in any marketing email or in Settings → Notifications.

6.3 Retention schedule

  • Account data and user content — retained while your account is active. After account deletion, deleted within 30 days, except as set out below.
  • Transaction records — retained for the period required by tax and accounting law (typically 7 years).
  • Abuse, safety, and rights-enforcement records — retained as long as necessary for safety, fraud-prevention, and legal-defense purposes, including records under the DMCA repeat-infringer policy required by 17 U.S.C. §512(i).
  • Diagnostic and crash data — retained no longer than 13 months in identifiable form.
  • Legal hold — Personal Data subject to a litigation hold, regulatory investigation, or law-enforcement preservation order is retained for the duration of the hold.

7. Your privacy rights

Subject to applicable law, you have the rights described below. To exercise any of them, email privacy@character.app or use the in-app controls in Settings. We will respond within the time required by law (generally 30 days under GDPR; 45 days under CCPA, extendable once). We will not discriminate against you for exercising these rights.

7.1 EEA, UK, and Switzerland (GDPR & UK GDPR)

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure / "right to be forgotten" (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21), including objection to processing based on legitimate interests and to direct marketing
  • Right to withdraw consent at any time, without affecting prior processing (Art. 7(3))
  • Right to lodge a complaint with your local supervisory authority (Art. 77). For UK users, the ICO (ico.org.uk).

7.2 California (CCPA / CPRA)

California residents have the rights to:

  • Know what categories of Personal Information we collect, the sources, the business or commercial purposes, and the categories shared.
  • Access specific pieces of Personal Information we hold about them (twice in 12 months).
  • Delete Personal Information we hold, subject to legal exceptions.
  • Correct inaccurate Personal Information.
  • Opt out of sale or sharing of Personal Information. charactr does not sell Personal Information and does not share it for cross-context behavioral advertising.
  • Limit use of sensitive Personal Information. charactr does not use sensitive Personal Information for purposes beyond those permitted under Cal. Civ. Code §1798.121(d).
  • Non-discrimination for exercising these rights.

Authorized agents may submit requests on your behalf with verifiable proof of authorization. We do not offer financial incentives in exchange for Personal Information.

7.3 Other U.S. states

Residents of states with comprehensive privacy laws — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Iowa, Indiana, Tennessee, Texas, Oregon, Montana, Delaware, New Hampshire, New Jersey, Minnesota, and Maryland — have rights substantially similar to those described above (right to access, correct, delete, opt-out of targeted advertising and sale, and appeal). Submit requests via privacy@character.app.

7.4 Other jurisdictions

Residents of Canada (PIPEDA), Brazil (LGPD), South Africa (POPIA), Australia (Privacy Act), Japan (APPI), and other jurisdictions with applicable privacy laws have rights consistent with those frameworks. Contact us at privacy@character.app.

8. International data transfers

charactr is operated from the United States. Personal Data may be transferred to, stored in, and processed in the United States and other countries where we or our sub-processors operate. Where required, we rely on the European Commission's Standard Contractual Clauses (2021), the UK International Data Transfer Addendum (or UK IDTA), and the Swiss FDPIC's recognition of those clauses to provide appropriate safeguards. Where the European Commission has issued an adequacy decision (e.g., the EU-U.S. Data Privacy Framework), we may rely on that mechanism if applicable. A copy of the relevant transfer mechanism is available on request.

9. Security

We implement administrative, technical, and physical safeguards designed to protect Personal Data against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit (TLS), encryption at rest for sensitive fields, access controls, audit logging, segregated environments, and personnel training. No method of transmission or storage is perfectly secure; we do not warrant absolute security.

10. Children

The Service is intended for users 17 and older. We do not knowingly collect Personal Data from anyone under 13 (the U.S. COPPA threshold) or, in the EEA/UK, anyone under the digital-consent age applicable to them. If we learn that we have collected Personal Data from a child, we will delete it. Parents and guardians may contact privacy@character.app to request review.

11. Cookies and similar technologies

charactr.com and charactr.xyz use a small number of essential cookies and similar technologies (e.g., browser local storage) to operate the Service and remember your preferences. We use limited analytics cookies to measure aggregate performance. We do not use cookies for cross-context behavioral advertising. For full detail and your choices, see our Cookie Notice.

12. AI-generated content disclosure

Outputs created with charactr are AI-generated. We label outputs as AI-generated within the Service and embed provenance metadata in shareable exports. This supports our compliance with the EU AI Act Article 50 (effective August 2, 2026), New York S.8420-A (effective June 9, 2026), California SB 243, and other applicable transparency laws. See the AI & Content Policy for what is and isn't permitted on the Service.

13. Apple Privacy Nutrition Labels (iOS app)

The data categories disclosed in the Apple App Store Privacy Nutrition Label for the charactr iOS application correspond to the categories set out in Section 2 of this Policy. The complete mapping:

13.1 Data Linked to You

The following data is collected and linked to your charactr account identity:

  • Contact Info — Email Address (account creation, communications).
  • User Content — Other User Content (characters you create, scene scripts, prompts, voice and visual references, recorded audio, storyboards, rendered scenes); Customer Support communications.
  • Identifiers — User ID; Device ID (Apple IDFV).
  • Usage Data — Product Interaction (which features you use, generation requests, in-app actions).
  • Diagnostics — Crash Data; Performance Data.
  • Purchases — Purchase History (App Store transaction receipts; we do not see your card number).

13.2 Data Not Linked to You

None. All data we collect is account-bound while your account is active.

13.3 Data Used to Track You

None. charactr does not track you across apps or websites owned by other companies, and does not use the App Tracking Transparency framework. We do not use the IDFA. We do not share data with data brokers or for cross-context behavioral advertising.

13.4 Data Not Collected

  • Precise or coarse location.
  • Health, fitness, biometric, or genetic data.
  • Financial info beyond Apple-provided purchase confirmations.
  • Browsing or search history outside the Service.
  • Sensitive info (race, sexual orientation, religion, etc.) unless you voluntarily place it in user content.
  • Contacts list, call history, SMS, photos library, microphone access outside features you explicitly use.

13.5 Third-party AI providers (Apple Guideline 5.1.2(i))

charactr discloses data sharing with named third-party AI providers as required by Apple App Review Guideline 5.1.2(i). The provider categories and named example providers, what is sent to each, and our data-handling commitments are set out on the AI Providers & Disclosure page. The active provider used for any individual generation is surfaced in-app at the point of generation, and explicit user permission is requested before personal data is sent to a third-party AI provider for the first time.

14. Changes to this Policy

We will update this Policy when our practices change or when required by law. We will post the updated version here and update the "Effective" date. For material changes, we will provide additional notice (e.g., in-app notification or email).

15. Contact

privacy@character.app for any privacy question, request, or complaint.