Polari.MenSign in

Privacy

Last updated 2026-05-28.

Operator: Taco Truck Games, LLC, 4414 SW Graham St, Seattle, WA 98136, United States.

What we collect

How conversations are processed

Messages are sent to third-party model providers (currently Nous Research, via OpenRouter) to generate replies, and your input is checked by OpenAI's moderation endpoint for safety. Image generation goes to Google (Gemini). Email delivery goes through Resend. Hosting and edge are provided by Cloudflare. We do not sell your personal information and do not use your conversations to train our own models.

Subprocessors

Their terms and privacy practices govern how they handle the data they receive.

Cookies and local storage

A session cookie keeps you signed in (HTTP-only, secure, same-site). A local storage flag (polari_age_ok) records that you clicked the 18+ gate so it does not re-appear every visit; you can clear it from your browser at any time. Polari does not use third-party advertising cookies or tracking pixels.

AI-generated content

Everything a persona sends, both text and images, is generated by AI. Personas are fictional characters, not real people; no real person is depicted, and any resemblance is coincidental. Polari does not offer explicit (nude/sexual) image generation; images personas send are safe-for-work. Conversations may be sexually explicit between consenting adults once you opt in; that explicit text is part of your conversation and is deleted with your account along with your messages, memories, and embeddings. For technical processing, your messages (explicit or not) are sent to the model provider via OpenRouter and to OpenAI's moderation endpoint, each subject to its own retention policy.

Generated images live in a shared per-persona cache so the same requested scene reuses one image across users (this is what keeps costs and latency reasonable). Because the cache is keyed only by the persona and the scene description, a cached image is not personal data about you and is not deleted when you delete your account; what is deleted is your conversation, including the references to which cached images appeared in it. The same is true for any image an admin curates onto a persona.

Content moderation and compliance

Every chat input and every image scene description is evaluated by a multi-layer moderation pipeline before any model output is generated:

Every block produces an audit_log row (category, IP hash, user agent, message id) and where applicable an admin-visible review item. Repeat or severe violations lead to account suspension or termination (see Content Removal and Complaints). Any apparent child sexual abuse material is preserved as required and reported to the National Center for Missing & Exploited Children (NCMEC) CyberTipline under 18 U.S.C. § 2258A.

No real-person likeness, no consent records, no § 2257 records

All Polari personas are fictional AI characters. All persona portraits and persona-sent images are produced by generative AI from textual descriptions; no real person is used as a model, reference, training subject, or basis for any persona. We do not solicit, accept, or host user-uploaded photographs of any person. Because no real human being is depicted in any output, there is no likeness for which third-party consent could be required, and 18 U.S.C. § 2257 / § 2257A record-keeping does not apply. The longer statement is on our Synthetic Content Notice.

Each user's age, by contrast, IS verified: every user attests to their birthday on a server-side form at /welcomebefore any chat is allowed. Polari computes "at least 18 years old as of today" from the entered birthday and refuses signup otherwise. The attestation is recorded as an audit event (event, salted IP hash, user agent, timestamp) and retained per the schedule below. A separate opt-in is taken for explicit conversation; in strict-AV jurisdictions explicit replies are forced off at the request layer regardless of opt-in until we ship identity-based age verification.

Card-brand compliance and chargeback support

For Premium subscribers, Polari shares the minimum data necessary with CCBill (our payment processor) and, on request, with the relevant card brand or its compliance partners, to administer billing, resolve chargebacks, and evidence merchant compliance. The data we may share for those purposes is limited to: your subscription identifier, billing status (active / canceled / charged back), the timestamp and audit row for your 18+ attestation, the timestamp of explicit-content opt-in (if applicable), and the audit trail for any moderation block, account suspension, or report against your account. We do not share the substance of your conversations, your memories, or your generated images with CCBill or with the card brands as part of routine billing operations; those are only produced on the basis of a valid legal demand or a chargeback in which the cardholder has raised them as evidence.

Retention

Conversations, memories, and persona-generated images attached to your messages are kept until you delete them or your account. Security and audit events (sign-in events, moderation blocks, crisis-overlay triggers, image generation events, billing events, admin actions) are kept for thirteen months. After ninety days, the IP-address hash and user-agent string on each audit row are dropped; the event, category, and event metadata persist for the full thirteen months so the operational audit trail survives without the personal data. After thirteen months, the audit row is deleted entirely. The thirteen-month window matches the standard card-brand records retention requirement. You can delete your account anytime from Settings; this removes your messages, memories, embeddings, and the personal data we store about you. Audit rows associated with your account are anonymized (the user reference is dropped) and otherwise continue to age out on the schedule above.

Your rights

Where local law gives you additional rights (GDPR, UK GDPR, CCPA, etc.), we will honor them and respond to verifiable requests within the time required by the applicable law.

Sale of personal information

We do not sell or share your personal information for cross-context behavioral advertising, and we do not have actual knowledge of selling or sharing the personal information of consumers under 16, as those terms are defined by the California Consumer Privacy Act (as amended by the CPRA). Because we do not sell or share, no opt-out mechanism is required; you may still exercise your access, deletion, and correction rights as described above.

Children's privacy

Polari is for adults only. We do not knowingly collect personal information from anyone under 18 (or the local age of majority). If we learn we have, we will delete the account and the associated data.

International transfers

Polari is operated from the United States and uses Cloudflare's global edge network. Your data may be processed in or transferred to the US or other countries with different data-protection laws than yours.

Security

We use TLS in transit, hash passwords with a modern password hashing function, and store IP addresses only as salted hashes for security-event correlation. No service can promise perfect security; if we learn of a breach affecting your data we will notify you as required by law.

Age

Polari is for adults only. You must be 18 or older (or the local age of majority) to use it.

Updates to this policy

We may update this policy as the service evolves. The “Last updated” date above reflects the latest revision. Material changes will be announced in-app or by email.

Contact

Questions or data requests: support@polari.men.