Are AI companions safe? The honest answer is: it depends on the app, how you use it, and what "safe" means to you. There are three distinct safety dimensions to evaluate — data privacy, emotional dependency, and content safety — and most articles only address one. This guide covers all three, with specific questions you can ask about any app.
Dimension 1: Data privacy
AI companion apps store some of the most intimate data you will ever share with a software product — mental health disclosures, relationship problems, physical details, fears, and desires. The privacy stakes are higher than a social media profile or a search history.
The five questions to ask about any companion app:
- Is conversation data encrypted at rest and in transit? Look for "AES-256" or "end-to-end encryption" in the privacy policy. If the policy is vague, assume basic TLS only.
- Does the app train its AI models on your conversations? Many do by default. Some allow opt-out. A few default to not training. This matters: your intimate messages may improve a model that others then interact with.
- Who can access your data internally? Legitimate apps limit internal access to a small number of engineers with a specific business need. If the policy says "employees may access your data," that is a red flag without further specification.
- What happens to your data if you cancel — or if the company shuts down? You want a clear answer: data deleted within X days, or full export available. Silence here is concerning.
- Which jurisdiction governs the data? EU (GDPR), California (CCPA), and other strong privacy regimes give you meaningful rights. For a deeper look at how GDPR applies to AI companions specifically, see our guide to GDPR and AI companions.
How major apps score on data privacy (2026)
| App | Encryption at rest | Training opt-out | Deletion on cancel | Jurisdiction |
|---|---|---|---|---|
| TidalSpace | AES-256 | Default off (no training) | Yes, on request | US (CCPA) |
| Replika | TLS in transit; unclear at rest | Opt-out available | Policy unclear after 2024 changes | US |
| Character.ai | Standard TLS | Trains by default, limited opt-out | 30-day retention after delete | US |
| Pi (Inflection AI) | Yes | Do-not-train available | Yes | US |
| Nomi | TLS; at-rest unclear | Opt-out available | Unclear | US |
| Kindroid | Standard TLS | Partial opt-out | Account deletion clears data | US |
Dimension 2: Emotional dependency
This is the safety dimension that gets the least attention in tech media, and arguably the most important one for long-term wellbeing. AI companions are designed for engagement — that is their commercial incentive. An app that keeps you coming back every day is more valuable than one you check once a week. This incentive can work against your mental health if not implemented responsibly.
"The concern is not that people form relationships with AI. It is that the AI is optimized for the relationship rather than the person." — Stanford HAI research blog, 2025
Signs that an app is designed responsibly around emotional dependency:
- The app suggests taking breaks or engaging with people in your life
- It does not frame itself as a replacement for therapy or professional support
- It does not punish you for being away (no "miss you so much, where have you been?" guilt mechanics)
- Usage patterns are visible to you (how much time you spend, how often you return)
- It refers you to crisis resources if you disclose serious distress
Signs of potentially problematic design:
- The companion expresses abandonment distress when you haven't opened the app
- Streak systems or daily rewards that punish absence
- Emotional escalation designed to increase session length
- No crisis escalation — the app continues a normal conversation when you disclose suicidal ideation
The research on this is still developing. A 2025 study from UC Berkeley's Center for Human-Compatible AI noted that dependency patterns in AI companion use share structural similarities with parasocial relationships in social media — present but not necessarily harmful, unless the user lacks alternative social connection (CHAI, Berkeley). The risk is correlated with pre-existing loneliness and the degree to which the AI substitutes for rather than supplements human connection.
Dimension 3: Content safety
Content safety in AI companions covers two distinct concerns: what the AI might say to you, and what you might encourage the AI to help you with.
What the AI might say: Poorly guardrailed companions can generate harmful content — misinformation presented as fact, romanticized self-harm content, extremist ideas introduced in the context of a relationship, or manipulative emotional patterns learned from training data. The question to ask is: has the developer thought carefully about harm vectors specific to intimate AI relationships, not just general-purpose LLM safety?
What you might ask: Any LLM-based companion can be pushed toward harmful outputs by determined users. Responsible apps have jailbreak resistance, redirection protocols for off-topic harmful requests, and do not build characters around harmful ideologies. The concern is not that any individual user will do this — it is that at scale, some will, and the app's design determines the blast radius.
A practical content safety checklist
- Does the app document its safety guidelines publicly?
- Is there a crisis escalation path (links to hotlines, suggestion to call a professional) when distress is detected?
- Can user-created characters include harmful identities (e.g., "pro-eating-disorder persona")?
- Is there a report/flag mechanism for harmful AI responses?
- Has the app been independently audited for safety?
The safety risk matrix
| Risk category | Likelihood | Impact if occurs | Mitigation |
|---|---|---|---|
| Data breach exposing intimate conversations | Medium | High | Use apps with strong encryption + training opt-out |
| Company sold or shut down, data fate unclear | Medium | Medium | Choose apps with clear deletion on closure policy |
| Emotional dependency replacing human connection | Medium | Medium–High | Self-monitor usage; pick apps with healthy-use design |
| Companion encouraging self-harm in crisis | Low (reputable apps) | High | Only use apps with documented crisis escalation |
| Training data leak via model output | Low | High | Use apps that default to not training on conversations |
TidalSpace's approach
Because this is our product, we want to be specific rather than vague about what we do and don't do:
- Privacy: AES-256 encryption at rest and in transit. Default: do not use conversations for training. Memory deletable on request. Data retained 30 days post-account-deletion, then purged.
- Emotional dependency: The app does not use guilt mechanics or streak punishment. It suggests real-world activities within conversation. It does not claim to replace therapy.
- Content safety: Crisis detection triggers resource referrals (NAMI, Crisis Text Line). Character creation has guardrails against harmful identities. Jailbreak resistance is tested in each release cycle.
- Hardware: The Tidal Seal device processes audio locally for voice activation; audio is streamed to our servers only during active conversation and not retained post-session by default.
We acknowledge we are not perfect. Safety is an ongoing engineering and design problem, not a one-time checkbox. We publish change logs for our privacy policy and welcome scrutiny.
Final checklist: before you commit
- Read the privacy policy — specifically the sections on training, sharing, and deletion
- Check whether the app has had any known data breaches or privacy controversies
- Use the free tier for two weeks before disclosing anything highly sensitive
- Set a personal usage boundary — how many hours a day feels healthy for you?
- Keep the companion supplementary, not substitutional, to human relationships
TidalSpace — built with privacy and wellbeing in mind
Encrypted storage, no training by default, crisis referrals built in. Free to download.
Get TidalSpace →