Is It Safe to Use an AI Girlfriend App? Privacy & Safety Guide (2026)
Updated July 2026.
In March 2026, the security firm Oversecured tested 17 popular AI companion apps on Google Play — collectively downloaded more than 150 million times — and found 14 critical and 311 high-severity vulnerabilities between them, according to reporting by Cybernews. In 10 of those 17 apps, the flaws created a direct path to users’ private conversations with their AI companion. That matters more here than in most app categories, because what people tell an AI girlfriend or boyfriend app is often more personal than what they’d put in an email: sexual fantasies, details about affairs, identity questions, and in some cases, suicidal thoughts, per the same research. This guide covers what’s actually at risk, what regulators are starting to do about it, and concrete steps to protect yourself if you use one of these apps.
The security risk, in numbers
Oversecured’s research, reported by Cybernews in March 2026, found that in at least six popular AI girlfriend apps, attackers could access user conversations directly. One app with more than 10 million downloads shipped with hardcoded credentials — including an OpenAI API token and a Google Cloud private key — embedded directly in its code, extractable through basic reverse engineering. Another allowed cross-site scripting in its chat interface, meaning an attacker could inject code into what looked like a private conversation. A third let attackers steal local chat databases, cached photos, voice messages, and authentication tokens outright. An app with 50 million downloads was found vulnerable through its ad software, letting a malicious ad query the databases storing user conversations. Oversecured’s founder, Sergey Toshin, told Cybernews that these apps “handle a different but equally sensitive category of data as therapy platforms. But they grew so fast that basic security was never part of the process.”
This isn’t hypothetical. In October 2025, the apps Chattee Chat and GiMe Chat leaked more than 43 million messages and over 600,000 images and videos from more than 400,000 users, including purchase histories showing some users spending thousands of dollars on their virtual companion, per Cybernews’ reporting on that breach.
What’s actually at risk in an AI companion chat
The core problem regulators and researchers keep pointing to: AI companion apps collect disclosures that resemble what someone might tell a therapist, but they’re not regulated like healthcare products, and most weren’t built with that level of security from day one. Many of these apps are technically “wrappers” — they connect to a third-party AI model (OpenAI, Google, or an open-source model) and add their own interface, personality layer, and payment system on top. The underlying AI model itself usually isn’t the weak point; the wrapper layer — how the app stores your chat history, authenticates you, and protects its own servers — is where nearly every vulnerability researchers found actually lived.
What that means practically: your conversations may be stored in a database tied to your account and payment method, potentially alongside explicit content, personal disclosures, and your real identity if you signed up with an identifiable email or payment method. If that database is exposed, so is all of it at once.
What regulators are doing about it
Regulation is moving, but unevenly, and it’s mostly focused on disclosure and safety protocols rather than mandating data security specifically. California’s SB 243, signed by Governor Newsom on October 13, 2025 and effective January 1, 2026, was the first law in the country to require AI companion chatbot operators to implement safeguards: disclosing clearly that users are talking to an AI, and maintaining a protocol for responding to suicidal ideation or self-harm disclosures, with a private right of action if operators don’t comply, according to the bill’s official signing announcement from Senator Steve Padilla’s office. New York’s companion chatbot law took effect November 5, 2025, and in June 2026 state lawmakers passed a further bill introducing steep fines for non-compliant operators, up to $25,000 per violation, as reported by outlets covering the vote. At the federal level, the bipartisan GUARD Act (introduced by Reps. Valerie Foushee and Blake Moore) would introduce nationwide restrictions on AI companion chatbot operators, though it hadn’t passed Congress as of this writing. Idaho, Oregon, and Washington have separately passed laws restricting chatbots from claiming sentience or initiating certain unsolicited sexual content.
Outside the U.S., Italian regulators fined Replika’s developer €5 million in 2025 for GDPR violations, including processing user data without a proper legal basis, inadequate privacy disclosures, and failing to verify users’ ages. The EU AI Act requires chatbots to disclose that they’re AI-generated and bans manipulative techniques aimed at vulnerable users — but notably, it doesn’t specifically mandate how companion apps must secure the conversation data they collect, leaving that mostly to older frameworks like the GDPR.
None of this is specific legal advice, and we’re not lawyers — if you have questions about how these laws apply to your situation, consult a qualified professional. The short version for users: the regulatory floor is rising, but it’s still thin, and it’s aimed mostly at disclosure and safety protocols rather than guaranteeing any adult’s data is secure.
How this shows up in the apps we test
Privacy and security get their own section in every review on this site, and it’s a real differentiator between platforms, not a footnote. Secrets AI and Dondi AI stood out in our testing specifically for privacy engineering that goes beyond a generic promise — Secrets AI offers an offline/local-generation mode and independently audited end-to-end encryption, while Dondi states a zero-log policy where conversations are processed but not stored. On the other end, Swipey is flagged in our own review with real caution: independent trust-checking services gave it a low trust score, and Trustpilot reviewers reported billing continuing after cancellation. Most apps fall somewhere in between — a published privacy policy and named corporate entity, but no independently verified security claims either way. Check the “Privacy and safety” section of any individual review before you sign up.
How to protect yourself
Given the research above, a few practical habits meaningfully reduce your exposure. Use a burner or secondary email to sign up rather than your primary one. Avoid typing your real full name, home address, employer, or financial details into any chat, even if the platform claims strong privacy protections — treat it the way you’d treat a new contact on a dating app. Consider a secondary or virtual card for the first billing cycle on any platform, especially one with a thinner independent trust record, so a post-cancellation charge or billing dispute doesn’t hit your main card. Read the platform’s privacy policy specifically for whether chat logs are used to train AI models, since several apps reserve the right to do that even in anonymized form. If discretion matters to you specifically, look for platforms that state an offline/local-processing mode or an independently audited zero-log policy rather than taking a generic privacy promise at face value.
Red flags to watch for before you subscribe
A few signals are worth treating seriously: no visible privacy policy or terms of service, no named operating company (just a brand name with no registered entity behind it), independent trust-checker warnings (tools like ScamAdviser or Gridinsoft), a pattern of user reports about billing continuing after cancellation, and no stated age-verification step at signup. None of these guarantee a problem on their own, but multiple flags together are a real reason to look elsewhere or proceed with extra caution — as we did in our own Swipey review, where several of these signals showed up together.
Are AI girlfriend apps actually safe to use?
Can hackers really read my AI girlfriend chats?
Is there a law protecting AI companion app users?
What information should I never share with an AI companion app?
Do AI girlfriend apps use my conversations to train their AI?
Which AI companion apps have the strongest privacy protections?
Every platform covered on this site is intended for adults 18 and over. This guide is informational and not legal advice; if you have specific legal questions about AI chatbot regulations, consult a qualified attorney. For how VirtualCrushAI itself handles your data, see our privacy policy.