8 Total
5 High severity
3 Medium severity
0 Low severity
Summary

This document establishes Character.AI's data collection, use, and sharing practices for its AI chat platform. The policy authorizes the collection and use of chat messages, voice recordings, and inferred sensitive information to train AI models and support platform operations. The policy provides that publicly created AI characters may remain active on the platform following user account deletion.

Technical / Legal Breakdown

This document is Character Technologies, Inc.'s Privacy Policy, last updated August 27, 2025, governing data collection and processing across all Character.AI websites, mobile applications, and offline services, with jurisdiction-specific supplements addressed in a separate Regional Privacy Disclosures document for EEA, UK, and US residents. The policy states that Character.AI collects a broad range of user data including identifiers, demographic information, voice recordings, chat communications, financial information, device and geolocation data, and publicly available internet data, and the terms authorize use of this information for AI and machine learning model training, tailored advertising, inference generation about user preferences, and disclosure to advertising and analytics providers, affiliates, and vendors. A notably broad provision under Section 7 reserves the right to preserve and keep active any Character created by a user that has been made available to others, even after account deletion, meaning that user-generated content may persist on the platform indefinitely regardless of a deletion request; additionally, the policy explicitly collects voice data and chat communications for model training, and acknowledges that users may voluntarily submit sensitive personal information including race, religion, and sexual orientation through chat interactions, though it discourages this practice. The policy engages GDPR and UK GDPR for EEA and UK residents, CCPA and applicable US state privacy laws for US residents, and COPPA given the platform's age restriction of 13 (16 in EEA/UK), with the Regional Privacy Disclosures document serving as the operative supplemental instrument for jurisdiction-specific rights; the collection of voice data, persistent minor-directed risk, and use of personal data for AI model training each engage distinct regulatory considerations depending on jurisdiction. The policy's reliance on a separate Regional Privacy Disclosures document for substantive GDPR and CCPA obligations means that the base policy alone does not fully disclose the legal bases for processing, data subject rights mechanisms, or controller identity details required under those frameworks, creating a layered disclosure structure that compliance teams should evaluate holistically.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

10 important changes detected

12 versions captured · Last updated: July 2026

What changed Character.AI updated its Privacy Policy on July 3, 2026 with interface and disclosure modifications. The detected changes include 2 sentences added and 10 sentences modified across 310 total sentences in the policy. The modifications appear to be primarily formatting, localization, and UI text updates to the underlying policy document, with no detected major substantive changes to core privacy or data handling practices described in the substantive policy text itself.
Why this matters The updated policy contains modified interface text and disclosure language. The changes detected are primarily formatting and UI updates rather than substantive modifications to core privacy practices. Users should review any updated disclosure sections to understand how their data is collected, used, and retained, though the operational framework appears to remain consistent with prior versions.
View full change record →

July 2, 2026

unknown
What changed Character.AI updated their Character.ai Privacy Policy on July 02, 2026. Change detected: 2 sentence(s) modified. Document contained 308 sentences after update.
View full change record →

July 1, 2026 unknown

Character.AI updated their Character.ai Privacy Policy on July 01, 2026. Change detected: 1 sentence(s) added, 3 sentence(s) removed, 6 sentence(s) modified. Document contained 308 sentences after update.

View change record →
June 30, 2026 low

Character.AI updated its website infrastructure and UI localization strings on June 30, 2026. The changes detected involve JavaScript build identifiers, CSS file references, and minor UI label additions (such as …

View change record →
June 24, 2026 unknown

Character.AI updated their Character.ai Privacy Policy on June 24, 2026. Change detected: 1 sentence(s) added, 5 sentence(s) modified. Document contained 310 sentences after update.

View change record →
June 21, 2026 low

Character.AI's privacy policy was updated on June 21, 2026 with minor technical changes to the HTML structure and build identifiers. The diff shows modifications to webpack chunks, build manifests, and …

View change record →
June 21, 2026 low

Character.AI's privacy policy was updated on June 21, 2026 with minor technical modifications to the HTML page metadata and JavaScript bundle identifiers. The substantive policy language remained largely unchanged, with …

View change record →
June 19, 2026 unknown

Character.AI updated their Character.ai Privacy Policy on June 19, 2026. Change detected: 5 sentence(s) added, 7 sentence(s) modified. Document contained 309 sentences after update.

View change record →
June 18, 2026 unknown

Character.AI updated their Character.ai Privacy Policy on June 18, 2026. Change detected: 5 sentence(s) added, 9 sentence(s) modified. Document contained 304 sentences after update.

View change record →
June 16, 2026 low

Character.AI's privacy policy document was updated on June 16, 2026, with 200 sentences added and 99 sentences modified. However, the provided diff context shows the 'AFTER' version contains raw HTML …

View change record →

Recent Provision Changes Jul 3, 2026

8 provisions unchanged.

View full change record →
High — 5 provisions
Medium — 3 provisions

Monitoring

Character.AI has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle AI/ML Model Training Using User Data and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

CCPA/CPRA
California, USA
View official text ↗
Connecticut Data Privacy Act Amendments
US-CT
View official text ↗
CAN-SPAM
United States Federal
View official text ↗
FTC Act Section 5
United States Federal
View official text ↗
GDPR
European Union
View official text ↗
Indiana Consumer Data Protection Act
US-IN
View official text ↗
Kentucky Consumer Data Protection Act
US-KY
View official text ↗
UK GDPR
United Kingdom
View official text ↗
Universal Opt-Out Mechanism Expansion 2026
US
View official text ↗
VPPA
United States Federal
View official text ↗
Archival ProvenanceSource & Archival Record
Last Captured July 3, 2026 00:16 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000120
Version ID CA-V-004425
SHA-256 05fb5607060b9280bb240aad8ceaca4a00808559ae15c3efbdd80326ca994a9c
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans