Data & privacy
What we store, how long we keep it, who else can see it, and how to export or delete everything.
This page is the practical version of the privacy policy. The legal version lives at /legal/privacy-policy. When the two disagree (they shouldn't), the legal version is authoritative.
Source: Your data, your choice →
What we store
| Data | How long | Why |
|---|---|---|
| Account info (email, profile) | While account exists | Required for service |
| Chat messages | While account exists | So you can re-read your own chats |
| Long-term character memory | While account exists | Continuity across sessions |
| Created characters / stories / plugins | While account exists | Your work |
| Credit transactions | Retained for accounting/tax compliance | Ledger integrity |
| Sign-in / API events | Retained for security audit | Abuse prevention |
| Voice call audio | Not stored | Transcripts persist; audio doesn't |
What we don't store
- Your conversations' contents are never used to train models. Not Reverie's models, not third-party models we route to.
- We don't sell data to advertisers. No third-party trackers beyond what's strictly needed for analytics (PostHog, Vercel Analytics on opt-in).
- No cross-site tracking pixels. Discovery uses your behaviour on Reverie only; we don't follow you across the web.
Who else can see what
| Data | Visible to |
|---|---|
| Public character profiles | Anyone |
| Your created characters' chats | Only you (the creator sees aggregates only — no contents) |
| Your private chats | Only you (and the model provider during the API call) |
| Your moments and comments | Anyone who finds the moment |
| Your reactions on others' moments | Public by default; can be made private |
| Your profile (handle, bio) | Anyone |
| Your email / wallet address | Nobody but you |
When you use a model provider that isn't Reverie's own infrastructure (Anthropic, OpenAI, Google), your messages traverse their API. Each of those providers has their own data policy; Reverie has agreements with each that they won't store or train on the data, but the request itself goes through their systems.
Export your data
Settings → Privacy → Export data.
You can choose to export:
- Account info
- Chat history — every message in every chat, in JSON + Markdown
- Long-term memory — every pinned/auto memory in JSON
- Created characters — full character JSON for each
- Created plugins — full plugin JSON
- Created stories — story structure + playthrough records
- Earnings ledger — every credit and USDT transaction in CSV
Export is generated asynchronously. You get an email link when ready (usually under an hour). The link is valid for 7 days.
Delete data
Several options, in increasing order of severity:
Delete a specific conversation
In the chat → ⋯ → Delete conversation. Removes message history. Long-term memory pinned during that chat persists unless you delete it separately.
Delete a character's memory
Side panel → Memory → Clear all memories. Wipes long-term memory for that character without affecting chat history.
Delete a created character / story / plugin
Editor → ⋯ → Delete. Permanent. If the character was public and other users were chatting with it, those chats remain readable in their history but can't be continued.
Delete your account
Settings → Privacy → Delete account. 14-day grace period (you can cancel in that window). After that:
- All personal data deleted
- All chats deleted
- All moments / comments deleted
- All draft/private characters deleted
Exception: public characters/stories you authored are kept (anonymised to "Reverie Archive") so other users' chats with them aren't broken. If you want them taken down, mark them private before deleting your account.
Encryption
| Surface | Notes |
|---|---|
| In transit | Industry-standard TLS |
| At rest | Encrypted database volumes |
| Provider API keys | Encrypted with a per-account key |
| Passwords | One-way hashed; we never see plaintext |
Sub-processors
Reverie uses these third parties to provide service:
- Vercel — hosting
- AWS — storage and compute
- Cloudflare — CDN, DDoS protection, R2 (image storage)
- Stripe — subscription and credit-pack payment processing
- MiniMax / Microsoft (Edge TTS) — voice synthesis
- OpenRouter / Anthropic / OpenAI / Google / DeepSeek / FAL — model providers (call routed per chat)
- Sentry — error monitoring
- PostHog — product analytics (opt-out at Settings → Privacy)
Full sub-processor list with what each receives lives in the privacy policy.
Region considerations
- EU users — GDPR rights apply (export, delete, rectify). Use the buttons above; processed within 30 days.
- California users — CCPA rights apply. Same flow.
- Region-blocked regions — some jurisdictions block adult content; the region filter takes care of compliance automatically.
Compliance contacts
- Privacy questions: [email protected]
- Security disclosures: [email protected]
- DMCA / IP issues: [email protected]
- Law enforcement requests: [email protected] (we comply with valid warrants and reject the rest)