← Mistress.to

Privacy Policy

Operator: INM · Effective: April 24, 2026

This Privacy Policy describes how INM("we," "us," or "our") collects, uses, stores, and shares information when you use the Mistress.to website and related services (the "Service"). By using the Service, you agree to this Policy. If you do not agree, do not use the Service.

1. Who we are

Controller: INM, 152 Father Ermanno Crescent. Contact: support@mistress.to.

2. Information we collect

2.1 Account and profile data

When you register or update your profile, we may collect identifiers such as email address, display name, authentication tokens, and preferences you choose to save (for example, nickname, relationship context, location or timezone fields, kink or content preferences, and character configuration choices).

2.2 Google user data

If you choose to sign in using your Google Account, we access and collect certain Google user data through Google API Services, including:

  • Data accessed: Your primary Google email address, your name, and your profile picture URL.
  • Purpose: We use this data solely to create your account, authenticate your identity during sign-in, and personalize your user profile (for example, displaying your name).

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2.3 Chat logs, conversational memory, and continuity data

To operate interactive sessions and maintain character continuity, we store chat-related data in our primary database, including:

  • Chat messages between you and the AI (user and assistant roles), associated with your account and specific conversations;
  • Session and memory fields used for narrative continuity, such as short-term scene summaries, long-term psychological notes, unresolved narrative threads, scene metadata, and related session state;
  • Progression and engagement metrics tied to your account or conversations (for example, scores or tallies used to adapt pacing or pricing mechanics);
  • In-app purchase records for virtual gifts or similar items linked to conversations, and transaction history for token purchases or subscriptions.

This processing is necessary to provide the core Service you request—persistent, personalized adult AI chat—and to secure and improve the platform.

2.4 Technical, usage, and analytics data

We may collect device, browser, IP-derived information, timestamps, diagnostic logs, and analytics events to secure the Service, measure performance, and understand aggregate usage. To provide a seamless experience and improve the quality of our AI companions, we use third-party analytics tools (like PostHog) to understand how users interact with the platform. This includes analyzing feature usage, navigation patterns, and subscription performance. For authenticated users, this data helps us troubleshoot technical issues and personalize your experience. All behavioral data is handled with strict confidentiality and used solely for platform optimization and security.

2.5 Authentication

We use third-party authentication and session services. Those providers process credentials and session data according to their own terms. We receive identifiers and profile fields needed to link your account to the Service.

3. How we use information

We use the information above (including Google user data where applicable) to:

  • Provide, operate, personalize, and secure the Service;
  • Maintain chat history and memory so characters and scenes remain coherent across sessions;
  • Process token deductions, tributes, subscriptions, and related billing events;
  • Detect, investigate, and prevent fraud, abuse, illegal activity, and violations of our Terms;
  • Comply with legal obligations and respond to lawful requests;
  • Communicate with you about the Service, support tickets, and policy changes.

AI and machine learning: We do not use Google user data (such as your email address or name) to train, retrain, or fine-tune any AI or machine learning models.

4. Third-party large language models (LLMs)

When you send messages, our servers construct prompts that include your text and relevant context (such as recent conversation history and stored memory fields) and transmit those prompts to third-party inference providers via API over encrypted connections. The exact provider and model may change over time.

Retention on third-party systems:We do not control those providers' internal logging, training, abuse-monitoring, or retention practices. Prompts and outputs may be temporarily or longer retained by the provider in accordance with their policies, independent of our systems.

We may change providers or models to maintain quality, safety, or availability. When we do, the categories of data disclosed to LLM providers remain substantially the same (prompts containing your inputs and contextual fields needed to generate a reply).

Some features may trigger additional automated analysis calls (for example, background summarization or scoring). Those calls also send relevant text to an LLM API under the same framework.

5. Sharing of information

We share information (including Google user data where necessary to provide the Service) with:

  • Service providers who host infrastructure, databases, authentication, email, analytics (including PostHog), or security tools, solely to process data on our instructions;
  • Payment processors you select at checkout, who collect payment data subject to their own privacy notices;
  • Law enforcement or regulators when required by law or to protect rights, safety, and integrity of users and the public.

We do not share Google user data with third parties for their own independent advertising or marketing purposes. We do not sell your personal information in the traditional sense of exchanging data for money.

6. Retention

We retain account data (including Google-supplied profile fields where you signed in with Google), chat, memory, and transaction data for as long as your account is active and for a reasonable period afterward for security, dispute resolution, and legal compliance, unless you request deletion as described below. Some backups may persist for a limited technical window before rotation.

7. Security and protection

We implement administrative, technical, and organizational measures designed to protect information, including Google user data. This includes encryption of data in transit and industry-standard protections for stored data. No method of transmission or storage is completely secure; you use the Service at your own risk.

8. International transfers

If you access the Service from outside the country where we operate servers, your information may be transferred across borders. We rely on appropriate safeguards where required by law.

9. Your rights, retention, and deletion

Depending on your jurisdiction, you may have rights to access, correct, delete, or export certain personal data, or to object to or restrict certain processing. Many controls are available in your account settings (for example, clearing chat history).

For a comprehensive request—including deletion of your account, associated chat logs, and Google-linked profile data from our active systems—email support@mistress.to from the address on file with your account, with the subject line "Data Deletion Request." We will verify ownership and respond within a reasonable timeframe, subject to legal exceptions (for example, records we must retain for fraud prevention, chargebacks, or lawful investigations).

10. Children

The Service is strictly for adults aged eighteen (18)+. We do not knowingly collect personal information from minors. If you believe we have collected information from a minor, contact us immediately.

11. Changes to this Policy

We may update this Policy from time to time. We will post the revised version and revise the effective date. Material changes may require additional notice where legally required.

12. Effective date

Effective as of May 2, 2026.