Privacy Policy

Last updated: 14.11.2025

Welcome to Pretty Witty! Ly Khanh Quynh, an individual doing business as “Pretty Witty” (d/b/a Pretty Witty) (“Pretty Witty,” “we,” “us,” or “our”) operates the Pretty Witty mobile and web applications (the “Apps”), the informational website www.prettywitty.ai (the “Website”), and related services (collectively, the “Services”).

We are committed to protecting your privacy. This Policy explains what we collect, how we use and share it, your choices, and your rights.

Core commitment: we may use Website-visit data for marketing our Services, but we will not use or disclose any in-App content you submit (including screenshots, messages, or media) for advertising or marketing purposes.

If a term is not defined here, it has the meaning given in our Terms of Service. Questions? Contact privacy@prettywitty.ai or the address in Section 14.

1) Who we are (Controller)

  • Controller: Ly Khanh Quynh, doing business as “Pretty Witty” (d/b/a Pretty Witty)

  • Registered address: 8/1 Nguyen Trai, Long Xuyen, An Giang, Vietnam

  • Email: privacy@prettywitty.ai

2) Scope, eligibility, and Geographic Availability

This Policy covers the Apps, the Website, and our related online services.
The Services are:

- Intended for users 18 years and older only
- Designed for and offered to users in Asia and the United States
- Not offered or marketed in the European Union or United Kingdom

By accessing our Services from outside Asia or the United States, you acknowledge that our Services are not designed for your jurisdiction and that your data will be processed in accordance with this Policy in India and Singapore.

3) Information we collect

A. Information you provide

When you use the App or access the Website, we may collect certain personal information from you, including but not limited to:

  • Information you provide directly. We may collect information that you provide directly to us when you use the App or access the Website. This may include your name, email address, phone number (if you opt-in), and any other information you choose to provide.

  • Profile information. Age confirmation (18+), preferred name, pronouns, language, and optional preferences.

  • Uploaded Content. This includes the text you type or paste, and any media like screenshots or pictures you choose to submit for analysis or saving. We request permissions to access the camera and photo library when uploading content.

  • Usage Information: We may collect information about your use of the App and Website, including the features you use, the pages you visit, and the actions you take.

  • Interests & preferences. Conversation preferences (e.g., style presets like "Spice/Sugar"), and settings that personalize your experience. We also learn about your writing style and your preferences over time through your use of the Services to personalize your conversations and the features of the Services.

  • Payments. Purchases via Google Play Billing. We keep records of purchases and entitlements; we do not store full payment card details.

  • Support communications. Information you provide when you contact us.

B. Information we collect automatically

  • Device & app data. Device type and OS, app version, language, approximate location (city/region from IP), in-app event logs, and diagnostics (e.g., crash logs).

  • Website cookies & similar tech. On our Website we use cookies, local storage, and pixels for essential functions, analytics, and (where lawful) interest-based advertising. See our Cookie Policy.

  • No facial mapping/TrueDepth. We do not collect facial mapping or head-movement data.

C. Photos, files & screen information

Our app does not request access to your photos, media library, or files.

We do not use the system Photo Picker, Selected Photos Access, or any broad storage permissions.

If you choose to enable the Digital Assistant feature, the system may allow the assistant to access on-screen information only at the exact moment you trigger the assistant.

This access:

  • is fully optional,
  • is initiated by you,
  • does not grant ongoing or background visibility,
  • does not provide access to your photo library, media files, or general device storage.

The assistant only receives the specific screen content that you actively request help with.

Outside of that moment, we do not access screen data or files of any kind.

4) How we use information (purposes & legal bases)

A. Use of your information

We use your information for the following purposes:

PurposeWhy and how we use your informationLegal basisCategories of information
Operating and administering the ServicesProviding and maintaining the content and functionality of the Services. Carrying out obligations arising from our contract with you. Creating your account and profile. Facilitating payments and transactions, including for the purchase of premium features, and managing your rewards. Responding to your inquiries, comments, feedback or questions, and troubleshooting. Managing our relationship with you, which includes sending administrative information to you relating to our Services.Contractual necessityAccount information. Profile information. Messages and content. Interests and preferences. Payments, transactions, and rewards. Device and network data. Usage data.
Providing the core functionality of the AppsProviding you a personalized communication companion and allowing you to personalize your profile, writing styles, and mode of flirting. Enabling you to have individualized and safe conversations and interactions with your AI companion, and allowing your AI companion to learn from your interactions to improve your conversations. Syncing your Pretty Witty history across the devices you use to access the Services.Contractual necessityAccount information. Profile information. Messages and content. Interests and preferences. Payments, transactions, and rewards. Device and network data. Usage data.
Monitoring and protecting the ServicesPreventing fraud, criminal activity, and misuse of our Services, and ensuring the security of our IT systems, architecture and networks (including testing, system maintenance, support, and hosting of data).Legitimate interestsAccount information. Profile information. Messages and content. Interests and preferences. Payments, transactions, and rewards. Device and network data. Usage data.
Analyzing trends in the use of the ServicesAggregating, anonymizing, and deidentifying personal information. Analyzing the use and effectiveness of our Services. Improving and adding features to our Services. Developing our business and marketing strategies.Legitimate interestsAccount information. Profile information. Messages and content. Interests and preferences. Payments, transactions, and rewards. Device and network data. Usage data.
Marketing and advertising the ServicesSending you information by email that we believe will be of interest to you, such as information about our Services, features, and surveys. Displaying and targeting advertisements about our Services on the internet.Legitimate interests. Consent, where required by applicable lawsAccount information. Device and network data. Usage data
Enforcing our agreements, complying with legal obligations, and defending against legal claims and disputesEnforcing and complying with our terms and policies. Protect our and others' rights, privacy, safety, or property. Ensuring the integrity of our Services. Verifying the age of registered users. Defending against legal claims and disputes. Recovering payments due to us. Keeping records of transactions, and complying with legal process.Legitimate interests. Legal obligationAccount information. Profile information. Messages and content. Interests and preferences. Payments, transactions, and rewards. Device and network data. Usage data.

B. Purposes (summary)

  • Operate and administer the Services. Create and manage accounts, provide features, fulfill purchases, deliver support, and send service (non-marketing) communications.

  • Provide core functionality. Analyze your submitted content to generate suggestions and conversation coaching; optional sync/history across devices.

  • Protect the Services. Detect and prevent fraud, abuse, and security incidents; maintain and test systems.

  • Analyze and improve. Aggregate/de-identify data to understand usage and improve features and performance.

  • Market the Services. Send product updates/surveys and show interest-based ads on the Website (never using your in-App content).

  • Legal & compliance. Enforce terms, verify 18+, respond to lawful requests, maintain records, and comply with legal obligations.

4.5) AI-Powered Features and Model Training

How we process your uploaded content

When you upload screenshots for analysis:

1. Immediate Processing: Screenshots are analyzed by AI (Google Gemini via OpenRouter) to provide conversation coaching and suggestions. This analysis happens in real-time through our backend infrastructure.

2. Storage for Service Improvement: Screenshots are stored in encrypted form in our cloud infrastructure (India region via Google Cloud BigQuery) to enable:

  • Quality assurance and debugging
  • Service improvements and feature development
  • Future development of AI models

3. Retention Period: We retain original screenshots for up to 90 days from upload, unless you delete them sooner.

4. Anonymization for Model Training: After the retention period, screenshots may be anonymized and used to train AI models that power our conversation coaching features. Anonymization involves:

  • Removing all names, faces, and personally identifiable information
  • Stripping metadata (timestamps, locations, device identifiers)
  • Aggregating data to prevent re-identification
  • Conducting re-identification risk assessments

Once truly anonymized, the data is no longer personal information and cannot be linked back to you or anyone else visible in the screenshots.

Important: Third-party content in screenshots

Screenshots you upload typically contain profiles, messages, or content from other people on dating platforms. You are responsible for ensuring you have the right to share this content. By uploading screenshots, you:

  • Represent that you have the right to share the content
  • Understand that other people's profiles or messages may be included
  • Agree not to upload content that violates others' privacy or platform terms
  • Agree to our Terms of Service regarding user-uploaded content

We strongly recommend:

  • Only upload screenshots of conversations you are participating in
  • Avoid including full names or highly identifying information of others when possible
  • Do not upload screenshots containing intimate images or explicit content of others
  • Remove sensitive details before uploading when possible

If you believe your information appears in screenshots uploaded by others without your consent, contact privacy@prettywitty.ai to request removal.

Your choices and rights

Before Anonymization (during the 90-day retention period):

  • Delete your uploaded screenshots at any time via in-app settings
  • Request a copy of your screenshots
  • Opt-out of future model training (we will delete screenshots rather than anonymize them)

After Anonymization: Once data is truly anonymized, it no longer identifies you or anyone else and cannot be retrieved or deleted. This is because anonymized data is no longer considered personal information under privacy laws.

For US Residents (especially California): You have the right to opt-out of the use of your personal information for purposes beyond providing the core service, such as for our AI model training. To exercise this right, please see the instructions in Section 8 under “Limit the Use of My Sensitive Personal Information”.

Data Processing Locations

Screenshots you upload are processed and stored in:

  • Singapore: Temporary processing through our backend (Render)
  • India: Storage and analytics (Google Cloud BigQuery, Firebase)
  • AI Analysis: Google Gemini via OpenRouter (processing location varies based on Google's infrastructure)

We have implemented appropriate security measures and contractual protections with all service providers. For more details, see Section 7 (Third-party service providers).

Security Measures

To protect your uploaded content, we:

  • Encrypt data in transit (TLS) and at rest
  • Implement access controls limiting who can view screenshots
  • Log all access to uploaded content for security monitoring
  • Conduct regular security audits
  • Store data in industry-standard cloud infrastructure with Google Cloud Platform

Despite these measures, no system is 100% secure. Do not upload screenshots containing:

  • Government-issued IDs or passport information
  • Financial data (credit cards, bank accounts)
  • Highly sensitive medical information
  • Intimate images you wish to keep strictly private
  • Any information you cannot afford to have disclosed in a security incident

5) Sensitive information and AI processing

Because you may upload screenshots or text from dating conversations, your content may include special-category data (e.g., sexual orientation/sex life, health, religious beliefs, etc.). By submitting it, you allow us to process it solely to deliver your requested features (e.g., conversation suggestions and coaching) and for anonymized AI model development.

Important: AI processing and temporary data retention

Screenshots and text you submit for analysis are processed by third-party AI services (Google Gemini via OpenRouter). While these services implement Zero Data Retention policies where possible, your content may be temporarily retained for up to 55 days for security monitoring and abuse prevention purposes by Google AI Studio.

We strongly advise you NOT to upload:

  • Government-issued identification documents (passports, driver's licenses, national IDs)
  • Financial information (credit cards, bank statements, account numbers)
  • Highly sensitive health or medical records
  • Intimate images or explicit visual content
  • Content containing personal data of third parties without their explicit consent
  • Any information you would not want temporarily stored by AI service providers

Your control

You can delete any uploaded content at any time through the in-app deletion features (see Section 11). Deleted content is removed from our systems within 24 hours, though temporary copies in third-party AI service logs may persist for the remainder of their retention period (up to 55 days from original submission).

We never use your in-App content (screenshots, messages, or media) for advertising or third-party marketing purposes. We may use anonymized content for our own AI model development as described in Section 4.5.

6) How we share information

We do not sell your personal information. We share only as described:

  • Service providers. Hosting, storage, security, analytics, email delivery, support. We do not share in-App content (screenshots/messages) with marketing vendors.

  • App stores & payment processors. Google Play to manage purchases, subscriptions, refunds, and disputes.

  • Professional advisors. Lawyers, auditors, bankers, insurers—when reasonably necessary.

  • Advertising partners (Website only). For interest-based ads using Website visit data (not in-App content).

  • Authorities and legal requests. Where required to comply with law, enforce terms, or protect rights, privacy, safety, or property.

  • Business transfers. In connection with mergers, acquisitions, financing, reorganization, or sale of assets.

7) Third-party service providers and data locations

To provide and improve the Services, we work with the following third-party service providers. We have implemented appropriate safeguards and use these providers only as necessary to deliver the features you request.

Cloud infrastructure and data storage

Google Cloud Platform (BigQuery)

  • Purpose: Data analytics, storage of uploaded screenshots, aggregated usage statistics, and performance metrics
  • Data location: India (asia-south1, Mumbai)
  • Data processed: Uploaded screenshots, anonymized usage data, app performance metrics, aggregated analytics
  • Provider: Google LLC
  • More information: https://cloud.google.com/terms/

Firebase (Google)

  • Purpose: App infrastructure, authentication, real-time database, and account management
  • Data location: India
  • Data processed: Account information, authentication data, app configuration, sync data
  • Provider: Google LLC
  • More information: https://firebase.google.com/support/privacy

Render

  • Purpose: Backend hosting and API services
  • Data location: Singapore
  • Data processed: API requests, session data, uploaded content for temporary processing before storage
  • Provider: Render Services, Inc.
  • More information: https://render.com/privacy

AI content analysis

Google Gemini via OpenRouter

  • Purpose: Real-time analysis of screenshots and text you submit for conversation coaching and suggestions
  • Data location: Processing occurs through Google's infrastructure; exact location varies
  • Data processed: Screenshots, text messages, and other content you explicitly upload for analysis
  • Data retention:
    • OpenRouter: Zero Data Retention (ZDR) policy - your prompts are not stored permanently by OpenRouter
    • Google AI Studio: Temporary retention for up to 55 days for abuse monitoring and security purposes only; not used for model training by Google
  • Provider: OpenRouter (routing service) and Google LLC (AI model provider)
  • More information:

⚠️ Important notice about AI processing: When you submit screenshots or text for AI analysis, this content is processed by third-party AI services. While we use providers with strong privacy commitments (Zero Data Retention where possible), your content may be temporarily retained for up to 55 days for security and abuse monitoring by Google. Do not upload screenshots or text containing:

  • Highly sensitive personal information (government IDs, passport numbers, social security numbers)
  • Financial information (credit card numbers, bank account details)
  • Health/medical information you wish to keep strictly confidential
  • Intimate images or explicit visual content
  • Content belonging to third parties without their explicit consent

Payment processing

Google Play Billing

  • Purpose: In-app purchases, subscriptions, and payment processing
  • Data location: Varies by Google's infrastructure (globally distributed)
  • Data processed: Purchase history, subscription status, transaction records
  • Provider: Google LLC
  • More information: https://play.google.com/about/play-terms/

Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with our key service providers to ensure appropriate data protection. These agreements include commitments to:

  • Implement appropriate technical and organizational security measures
  • Respect data subject rights and facilitate your requests
  • Notify us of any data breaches
  • Process data only as instructed by us

Copies of relevant sections of our DPAs are available upon request at privacy@prettywitty.ai.

Data transfer mechanisms

Our service providers may process data in countries outside your region of residence. We ensure lawful international data transfers through:

  • Selection of providers with robust privacy and security practices
  • Contractual obligations requiring appropriate data protection standards
  • Use of Standard Contractual Clauses (SCCs) where required by law
  • Regular assessment of provider security and compliance practices

You can request more information about our data transfer safeguards at privacy@prettywitty.ai.

8) Your choices

  • Marketing emails. Unsubscribe via the email footer or privacy@prettywitty.ai. You'll still receive essential (service) emails.

  • Website tracking & ads. Manage via our Cookie Policy or Your Privacy Choices link. Where applicable, we honor legal "Do Not Sell/Share" choices and required signals.

  • Screenshot uploads. You control what you upload. Do not submit content you wish to remain strictly private.

  • Limit the Use of My Sensitive Personal Information (Opt-out for Model Training).
    You have the right to restrict the use of your sensitive information, which includes opting out of having your screenshots used for our internal AI model training. You can do this in the App under Settings → Privacy and activate the toggle switch labeled “Limit the Use of My Sensitive Personal Information”. If you activate this option, we will permanently delete your screenshots after the 90-day retention period instead of anonymizing them for model training.

9) Your privacy rights

Your rights vary by region and law. Subject to legal limits, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete personal data (see Section 11).
  • Export/port a copy in a machine-readable format.
  • Object to or restrict certain processing (e.g., analytics/legitimate interests).
  • Withdraw consent at any time for processing that relies on consent.
  • Opt-out of model training using your screenshots (before anonymization).

How to submit requests: Email privacy@prettywitty.ai. We may request information to verify your identity and, where permitted, accept authorized-agent requests. We will respond within applicable legal timelines.

US state notices (e.g., CPRA/CCPA). California and certain states provide rights to access/delete/correct, to opt-out of "sale" or "sharing for targeted advertising," and to not be discriminated against for exercising rights. We do not sell your personal information. We may engage in "sharing" of Website visit data for targeted advertising—opt-out via "Customise Consent Preferences", clicking on the bottom left on the website. California residents can also limit the use of sensitive personal information for purposes beyond core service provision.

10) Security

We use administrative, technical, and physical safeguards designed to protect personal data, including:

  • Encryption in transit (TLS) and at rest for stored content in BigQuery and Firebase
  • Least-privilege access, role-based controls, audit logging
  • Network security (e.g., firewalls) and secure key management
  • Regular security assessments and vulnerability testing

No system is 100% secure. If we discover a breach that affects your data, we will notify you consistent with applicable laws and our incident response procedures.

11) Data retention & deletion

We retain data only as long as needed for the purposes in this Policy or as required by law.

Typical defaults (subject to change as documented in our retention schedule):

  • Account & profile. For the life of your account.
  • Uploaded screenshots. Default 90 days unless you delete sooner. After 90 days, screenshots may be anonymized for model training (unless you've opted out).
  • AI analysis transcripts. 90 days, stored with screenshots.
  • Crash logs. ~90 days.
  • Security/fraud logs. ~180 days.
  • Purchase records. As required for accounting, tax, and dispute resolution (typically 7 years).
  • Aggregated/de-identified data. Retained indefinitely without direct identifiers.

Deletion options:

  • In-App: Settings → Delete Account (irreversible). This deletes your account, profile, and all uploaded content.
  • Web (no app required): Email privacy@prettywitty.ai.

We also purge temporary caches automatically. Certain limited records may be retained where required (e.g., fraud prevention, chargeback disputes, legal obligations). Backup deletion occurs on a rolling schedule within 30 days.

Important: Once screenshots are anonymized (after 90 days), they can no longer be identified as yours or deleted, as they are no longer personal data.

12) International data transfers

Primary data locations: We process and store information primarily in India (Mumbai) and Singapore through our service providers (Google Cloud Platform, Firebase, and Render). AI processing through Google Gemini may occur in various locations depending on Google's infrastructure.

Services are offered in Asia and the United States: The Services are designed for and marketed to users in Asia and the United States. While we do not actively prevent access from other regions, our Services are not specifically designed for or targeted at users in those jurisdictions. If you access the Services from outside Asia or the United States, you acknowledge that your data will be transferred to and processed in India, Singapore, and potentially other locations where our service providers operate.

Data transfer safeguards: Where we transfer personal data internationally, we implement appropriate safeguards including:

  • Selection of service providers with strong security and privacy practices
  • Contractual protections requiring compliance with applicable data protection laws
  • Standard Contractual Clauses (SCCs) and other approved transfer mechanisms where required
  • Regular security and compliance assessments

Your rights: If you have concerns about international data transfers, you can:

  • Request more information about our transfer mechanisms at privacy@prettywitty.ai
  • Exercise your rights to access, delete, or restrict processing (see Section 9)
  • Choose not to use features that require AI processing or storage of your content

For users in jurisdictions with specific data localization requirements, please be aware that our current infrastructure may not support local-only data storage. Contact us at privacy@prettywitty.ai if you have specific concerns.

13) Children and minors

The Services are not intended for individuals under 18. If we learn a minor is using the Services, we will promptly block access and delete the account. If you believe a minor has provided personal data to us, contact privacy@prettywitty.ai.

14) Contact us

15) Changes to this Policy

Our Services may evolve. We may update this Policy from time to time. When we do, we will change the "Last updated" date above and, where required, provide additional notice (e.g., in-App notice or email). Please review this page periodically for the latest information.

16) Region-specific addenda (summary)

Asia-Pacific (primary markets). We observe local data protection laws including:

  • India: Digital Personal Data Protection Act (DPDPA) - rights to access, correction, deletion, and data portability
  • Singapore: Personal Data Protection Act (PDPA) - consent requirements and data breach notification
  • For other APAC jurisdictions where our Services are accessible, we strive to meet local privacy standards
  • Contact privacy@prettywitty.ai for region-specific inquiries

United States (primary market). State laws (e.g., CPRA/CCPA in California) may provide rights noted in Section 9, including opt-out of "sale"/"sharing" (Website only). Use Your Privacy Choices on the Website. We comply with applicable state privacy laws where we have sufficient business presence or user base.

17) Additional disclosures on advertising & analytics

  • In-App content wall: We do not allow any third-party advertising products to access or use your in-App screenshots, messages, or media.

  • Website ads/analytics: We may use analytics and advertising cookies on the Website. Manage them via the Cookie banner, Cookie Policy, or Your Privacy Choices link. Some browsers support Global Privacy Control (GPC); where required, we honor it for Website processing.

18) Permissions & device features (platform disclosure)

  • Notifications: For the main functionality of the app to receive the generated output by the service.

  • Crash reporting & diagnostics: For reliability and debugging.

We do not collect precise geolocation, facial mapping, or microphone data unless you explicitly use a feature that requires it (and then we will clearly disclose and obtain consent if needed).

One-page summary (non-binding)

  • Your in-App content (screenshots, messages) is used to provide features you request and may be used for anonymized AI model training after 90 days.
  • You can delete your account and data in-App or request deletion on the web.
  • You can opt-out of model training before anonymization.
  • We keep permissions minimal (Photo Picker), encrypt data, and limit access.
  • You have rights to access, delete, correct, export, and object/restrict—see Section 9.
  • You can manage cookies/ads on the Website and opt-out of "sale/share" where applicable.
  • Data is processed in India and Singapore with appropriate security measures.