Features Pricing About
Log In Get Started Free
Legal

Privacy Policy

Last updated: April 21, 2026 Reviewed quarterly

At Gossip AI ("we," "us," "our"), your privacy is paramount. This Privacy Policy explains in detail what information we collect when you use our platform at gossipai.io, how we use and protect that information, and your rights regarding your personal data. We encourage you to read this policy thoroughly.

01Information We Collect

We collect several categories of information to provide and improve our Service:

1.1 Account Information

When you register, we collect your email address, display name, chosen username, and password (stored in encrypted/hashed form using Django's PBKDF2 algorithm). You may optionally provide a profile photo, bio, interests, and AI personality notes.

1.2 Chat & Messaging Data

All messages you send and receive are stored to maintain your chat history and provide the Service:

  • AI chat messages (your messages and AI responses)
  • Direct messages between you and other users
  • Group chat messages in groups you participate in
  • System messages (join/leave notifications, role changes)

1.3 Media & Files

Photos, videos, voice notes, and documents you upload through DMs and group chats are stored on our servers. File metadata (name, size, type) is also recorded.

1.4 Gossip Mode Data

When you use Gossip Mode, we store:

  • The gossip task details (who initiated, who is the target, context provided)
  • Task status and progress (pending, approaching, in progress, resolved)
  • AI-generated approach messages sent to the target
  • The initiator's identity is stored securely but is never shared with or revealed to the target user

1.5 Usage & Analytics Data

We collect usage data to operate and improve the Service:

Data TypePurpose
Daily message countsEnforce subscription plan limits
Login timestampsSecurity and re-engagement notifications
Feature usage patternsProduct improvement (aggregate only)
Subscription statusBilling and feature access
Token usageAI cost management

1.6 Device & Technical Data

We collect browser type, operating system, and Web Push notification subscription tokens. We do not collect device identifiers, location data, or contact lists.

1.7 Payment Information

Subscription payments are processed through Flutterwave. We store transaction reference IDs and payment status. We never store credit card numbers, bank account details, or other sensitive payment credentials on our servers.

02How We Use Your Information

  • Provide Core Service: Store and deliver messages, maintain chat history, process AI conversations, manage your account and subscriptions
  • Gossip Mode: Facilitate anonymous check-ins while ensuring the initiator's identity remains protected
  • Groups: Enable group creation, membership management, role assignment, and AI integration in group conversations
  • Notifications: Send push notifications for new messages, friend requests, group invites, gossip updates, and re-engagement reminders
  • Billing & Access Control: Process payments, manage plan features, enforce message limits and feature restrictions per subscription tier
  • Security: Detect and prevent fraud, abuse, spam, and unauthorized access
  • Improvement: Analyze aggregate usage patterns to improve features, performance, and user experience

03How We Share Your Information

We do not sell, rent, or trade your personal data to third parties. We share data only in these limited circumstances:

  • AI Processing (Anthropic): Your chat messages are sent to Anthropic's Claude API for AI response generation. Anthropic processes this data according to their own privacy policy and data handling agreements.
  • Payment Processing (Flutterwave): Subscription and payment data is shared with Flutterwave to process transactions securely.
  • Push Notifications: Web Push subscription tokens are shared with browser push services (via the standard Web Push Protocol) to deliver notifications to your device.
  • Legal Compliance: We may disclose data if required by law, valid court order, subpoena, or to protect the safety and rights of our users or the public.

04Gossip Mode — Privacy Guarantees

Gossip Mode is designed with privacy as its foundational principle. We guarantee the following:

  • The AI never reveals who initiated a gossip check-in to the target user, under any circumstances
  • AI-generated approach messages contain zero identifying information about the initiator
  • The target user sees a friendly AI check-in — they cannot determine who prompted it
  • Initiators can view the status of their gossip tasks but cannot read the target's private responses
  • We internally track gossip task relationships solely for service operation, abuse prevention, and improving the feature

05Data Storage & Security

We take data security seriously and implement industry-standard protections:

  • Hosting: Our platform is hosted on Heroku (Salesforce) with PostgreSQL databases on Amazon Web Services (AWS RDS)
  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
  • Password Security: Passwords are hashed using Django's PBKDF2 algorithm with SHA256 — we never store plaintext passwords
  • Media Storage: Uploaded files are stored securely with access controls preventing unauthorized access
  • Access Controls: Internal access to user data is restricted to essential personnel only

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security of your data and encourage you to use strong, unique passwords.

06Data Retention

  • Active Accounts: Data is retained as long as your account remains active
  • Chat History: Stored based on your subscription plan. You can delete individual chats at any time
  • Account Deletion: When you delete your account, personal data is removed within 30 days
  • Backups: Encrypted backups may retain data for up to 90 days after deletion
  • Aggregate Data: Anonymized, aggregate analytics data may be retained indefinitely
  • Legal Holds: Data may be retained longer if required by law or pending legal proceedings

07Your Rights

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Correction: Update or correct inaccurate or incomplete information through your profile settings or by contacting us
  • Right to Deletion: Request deletion of your account and all associated data
  • Right to Data Portability: Request your data in a machine-readable format (available on Premium plan)
  • Right to Opt-Out: Disable push notifications, adjust notification frequency, or opt out of re-engagement messages
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances

To exercise any of these rights, contact us at hello@gossipai.io. We will respond to all legitimate requests within 30 days.

08Children's Privacy

Gossip AI is not intended for and should not be used by children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has created an account, we will promptly delete the account and all associated data. If you believe a child under 13 is using our Platform, please contact us immediately.

09Cookies & Tracking Technologies

We use minimal cookies and tracking technologies:

  • Session Cookies: Django session cookies for authentication and maintaining your login state
  • CSRF Tokens: Security tokens to prevent cross-site request forgery attacks
  • Push Subscription: Browser-stored data for Web Push notification delivery

We do not use third-party tracking cookies, advertising cookies, analytics trackers (like Google Analytics), or any form of cross-site tracking. Your browsing activity on Gossip AI stays on Gossip AI.

10International Data Transfers

Our servers are hosted in the United States (via Heroku/AWS). If you access the Platform from outside the US, your data may be transferred to and processed in the US. By using the Platform, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers.

11Third-Party Links & Services

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of third parties. We encourage you to read the privacy policies of any third-party services you interact with.

12Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, or legal requirements. Material changes will be communicated via email or prominent in-app notification at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.

13Contact Us

For privacy-related inquiries, data access requests, concerns, or complaints, please contact us:

Get in touch

Email: hello@gossipai.io

Website: gossipai.io

We take all privacy concerns seriously and will respond to inquiries within 30 days.