Privacy Policy

Account Information

• Creators: Email address, social login identifiers, display name, profile photo, handle (provided via Clerk authentication)
• Fans: Phone number (verified via one-time passcode), age verification status

Messaging Data

• Message content sent and received via SMS, iMessage, and RCS
• Message metadata (timestamps, delivery status, channel type)
• Media descriptions generated from images sent by fans (the images themselves are not stored)

AI Processing Data

• AI interaction logs (model used, response timing, token counts)
• Safety filter results and content moderation decisions
• Creator feedback on AI-generated responses

Payment Data

• Payment transaction records (processed by Stripe; we do not store card numbers)
• Purchase history for gated content

• Deliver SMS messages between Creators and Fans
• Generate AI responses that reflect each Creator's configured persona
• Extract and store conversational context to improve AI response quality over time
• Process payments and deliver purchased content
• Provide analytics to Creators (aggregate metrics only; no raw PII in dashboards)
• Detect and prevent abuse, including prompt injection and harassment
• Comply with legal obligations

• Phone numbers are displayed in masked format in Creator dashboards
• All API communications use TLS encryption
• Row-level security policies restrict database access to authorized users
• PII is automatically redacted from application logs
• Webhook endpoints verify cryptographic signatures before processing
• Memory items are accessible only through the creator-fan ownership chain

• Active accounts: data retained for the duration of the account
• Opted-out relationships: conversation data retained for 90 days, then permanently deleted
• Memory items with expiration dates: automatically removed after expiry
• AI interaction logs: retained for 90 days on a rolling basis
• Payment records: retained as required by applicable financial regulations

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to be forgotten")
• Opt out of AI-generated messaging at any time
• Export your data in a portable format
• Object to processing based on legitimate interests

To exercise these rights, contact us at privacy@withrose.com

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have additional rights including the right to know what personal information is collected and how it is used, the right to delete personal information, and the right to opt out of the sale of personal information. Rose does not sell personal information.

Per California SB 1001, Rose discloses that messages on this platform may be generated by artificial intelligence. See our Terms of Service for the full AI disclosure.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your data rights, contact us at privacy@withrose.com