Privacy policy

Pompara is an 18+ AI conversation product. We collect the minimum data needed to run your account, keep your conversations continuous, and bill you when you upgrade. We do not collect, store, or re-share date-of-birth, biometric, or age-verification image data.

This page describes our practices. If anything here conflicts with a contract you signed with us, the contract wins.

• Account data. Your email, your authentication method (Google sign-in or email/password), and a hashed password if you use email/password. We use Firebase Authentication.
• Chat history. Messages you send and receive, per-character, with timestamps. Used to run the product (your characters can't remember you without it) and to improve future responses with rate-limited training.
• Credit ledger. Purchase, refund, and consumption history for paid credits. Used for billing reconciliation.
• Age-verification flag. A boolean (verified or not) plus the method used (MNO check, open banking, credit card 3DS, Yoti face estimation, document) and the verification provider's reference ID. We do not retain the underlying date of birth, selfie, document image, or biometric template.
• Operational telemetry. Browser type, region, error logs. No third-party advertising cookies.

• Date of birth.
• Government-issued ID images or photocopies.
• Biometric scans, including face-age-estimation selfies.
• Credit card numbers — Stripe handles those, we see a token.
• Tracking pixels, third-party ad cookies, or cross-site identifiers for advertising purposes.

This non-retention posture satisfies Texas HB 1181 and Louisiana Act 440, which both require that age-verification providers and the covered platforms behind them do not retain verification artefacts after the verification completes.

• You. You can request a full export at any time via hello@pompara.com.
• Our infrastructure providers. Google Cloud (Firebase, Firestore, Cloud Functions), Stripe (billing), Yoti and OneID (age verification — and they do not retain data either).
• Our model providers. Anthropic, OpenAI, xAI (Grok) and Mistral, under their respective enterprise data terms. None of them train on your conversation data.
• No one else. We do not sell or rent personal data.

Chat history is retained until you delete your account or request erasure. On deletion, your chat history is purged within 30 days. Backups roll off within 90 days.

The credit-ledger and tax-relevant billing records are retained for the period required by tax law in the jurisdictions where we operate (currently 7 years in the UK and US).

If you're in the UK, EU, California, or other regions with comprehensive privacy law, you have the right to access, correct, export, and delete your personal data. Request all of these by emailing hello@pompara.com from the email on your account.

Pompara is an 18+ product. We do not knowingly collect any data from anyone under 18. If you believe a minor has created an account, contact us and we will remove it and purge associated data.

We update this policy as the product evolves. Material changes will be announced by email to active account holders at least 30 days before they take effect.