If you’re asking whether Candy AI is safe and private, you’re really asking three separate questions that get tangled together: Is the company a scam? Is the connection secure? And does it quietly keep, mine, or train on the intimate things you type? Those are not the same question, and the honest answer to each is different. This page walks through what Candy AI’s own published terms and privacy policy say, where your messages physically live, what the real 12-month cost looks like, and how a self-hosted or zero-retention setup changes the math. No fearmongering, no invented breaches — just the structure of how cloud companion apps work and what that means for you.
What Candy AI’s policy actually says
Start with the source of truth: the company’s own privacy policy and terms of service, which you should read in full before trusting any review (including this one). As of writing, here is the architecture that any cloud AI companion — Candy AI included — necessarily operates under, and which their published documents describe:
- Storage duration. Your chats are stored server-side. Cloud companion apps keep your conversation history so the model has memory and context between sessions — that’s the product working as designed. Candy AI’s policy describes retaining personal data for as long as your account is active and for a period afterward to meet legal and operational needs. The practical takeaway: messages persist on their infrastructure until you delete the account and the retention window lapses, not the moment you close the tab.
- Training. This is the line to read most carefully, because it changes over time and by jurisdiction. Cloud apps commonly reserve the right to use aggregated or de-identified usage data to improve their services. Whether that includes your specific chat content for model training depends on the exact wording in force when you sign up and on any opt-out you’re offered. Don’t assume; read the current clause. If you can’t find an explicit “we do not train on your conversations” statement, treat the door as open.
- Content license. Most platforms that host user-generated content — text and any images you create — grant themselves a broad license to host, store, reproduce, and process that content so the service can function. That’s normal and necessary to run a cloud product. It is also broader than many users assume when they’re typing something they’d never want associated with their name.
The point isn’t “Candy AI is uniquely bad.” It’s that the cloud architecture itself forces these terms to exist. We cover the general pattern across the category in our AI companion privacy guide.
Where your NSFW chats physically live
When you send a message, it leaves your device, travels over the internet, and lands in a database on servers the company controls — typically cloud infrastructure (AWS, GCP, or similar) plus third-party subprocessors for analytics, payments, and content moderation. Each of those is another party with technical access to, or metadata about, your activity.
For ordinary chat that’s unremarkable. For an AI girlfriend or uncensored companion, it means your most private conversations sit in someone else’s database, governed by their retention schedule, their access controls, their breach exposure, and their lawful-disclosure obligations. “Delete” in a cloud product usually means marked deleted in the active store — backups and logs can linger. None of this is malicious; it’s just how server-side products work. We unpack the threat model in detail in are AI girlfriend apps safe and private.
The 12-month cost and lock-in math
Subscription companion apps are priced monthly to make the number feel small. Run it out. The figures below are typical paid-companion pricing (a category average), not Candy AI’s verbatim price sheet — check the current tiers on their own pricing page, since they change:
| Plan | Monthly | 12 months |
|---|---|---|
| Typical premium companion subscription (~$13/mo) | ~$13 | ~$156 |
| Higher tiers / image add-ons (~$25/mo) | ~$25 | ~$300 |
Beyond the dollars, there’s lock-in. Your characters, personas, memory, and chat history live inside their walled garden. Cancel, and you typically lose access to all of it — there’s rarely a clean export. You’re renting the relationship and the data. If that framing bothers you, the AI companion with no subscription route is worth understanding before you commit a year of payments.
Is it ‘safe’? Security vs privacy are different questions
Conflating these is the single most common mistake.
- Security asks: is the connection encrypted, is the company competent, will they get breached? A mainstream paid app very likely uses HTTPS/TLS and standard cloud security. By that measure it is reasonably “safe” — about as safe as any SaaS holding sensitive data, which is to say safe until it isn’t, because breaches happen to careful companies too.
- Privacy asks: who can see, keep, or use my data by design, when everything works correctly? Here a cloud companion is structurally weaker — not because anyone is acting in bad faith, but because your intimate text is stored on infrastructure you don’t control, under terms you don’t write.
A service can be genuinely secure and still not private. For sensitive use, privacy is the property that matters, and it’s the one cloud architecture can’t fully give you. More on that distinction in our AI data privacy guide.
Candy AI vs running your own
| Factor | Cloud companion (e.g. Candy AI) | Local AI companion |
|---|---|---|
| Where chats live | Company servers + subprocessors | Your own machine only |
| Recurring cost | ~$13–25/mo, ongoing | $0 after hardware you own |
| Training risk | Per their policy / opt-out | None — nothing leaves your device |
| Censorship | Platform content filters | You choose the model |
| Data on cancel | Typically lost / locked in | Stays yours, forever |
| Setup effort | Zero | One install + a model download |
The trade is real: local asks for a bit of setup and a capable-enough GPU. If you’re weighing it, local AI vs cloud AI lays out the full comparison.
Why a local app makes ‘doesn’t save your chats’ structurally true
Any cloud service claiming “we don’t save your chats” is asking for trust — you can’t verify it, and the policy can change with a version bump. A local app makes the same claim structurally true: the model runs on your computer via a runtime like Ollama, the API listens only on loopback (127.0.0.1:11434), and your messages are processed by a model file sitting on your own disk. Nothing transits the internet because there’s no server to send it to. You can confirm this yourself — disconnect from Wi-Fi and the companion still talks back.
That’s the difference between a promise not to retain your data and an architecture where retention by anyone else is impossible. Privacy stops being a policy you hope holds and becomes a property of where the computation physically happens.
The two honest alternatives
There are two clean ways off the cloud-companion treadmill, depending on whether you have a GPU and the patience for a one-time setup:
- Local (own machine). Run an uncensored open-weight model on your own hardware with Ollama. One
curl -fsSL https://ollama.com/install.sh | sh, oneollama run <model>, and your conversations never leave the box. You own it outright — no subscription, no retention, no filters you didn’t choose. This is the maximal-privacy path for anyone with a decent GPU. - Hosted (no hardware needed). Not everyone has the hardware or the appetite for setup. The middle path is a hosted companion — instant access, no GPU required. If you take this route, judge the retention posture on what the provider commits to in writing rather than on any slogan, since a hosted service stores your data on infrastructure you don’t control.
Both beat the standard rent-and-store model’s worst defaults. Which fits you comes down to one question: do you want to own the privacy outright, or trade some of that ownership for convenience?
How to migrate your characters/personas off
You don’t have to lose your character work. To move on cleanly:
- Export by hand. Open each character and copy its persona description, personality traits, scenario, and greeting into a plain text file. Most cloud apps don’t offer a real export, so this manual step is usually unavoidable — do it before you cancel, while you still have access.
- Rebuild as a system prompt. Those fields map almost directly onto a local model’s character card or system prompt. Tools in the open ecosystem read this format natively.
- Save your memory beats. Skim your history for the facts that made the relationship feel continuous — names, preferences, running jokes — and seed them into the new persona.
- Cancel last. Only after everything is exported should you close the account and end the billing.
If Candy AI’s policy left you uneasy, you’ve got two honest exits: run an uncensored companion entirely on your own machine with Ember, where “your chats never leave your computer” is a fact of the architecture, not a marketing line — or skip the hardware with Freya, our hosted option, when you’d rather trade some control for instant access without the standard rent-and-store defaults.