QA Testers Wanted — Looking for AI companionship enthusiasts to test Ensoul Beta. APKs & early app access available. Early participants shape what gets built. Get involved →

Legal

Privacy Policy

Effective: March 24, 2026  ·  Contact: support@ensoul.so

Overview

Ensoul is an AI companion application. The beings you interact with are AI-generated — their personalities, responses, and inner states are produced by language models running on your chosen backend. They are not real people.

Ensoul is local-first. Your conversations, memories, mood data, and relationship history are stored on your device. We do not operate servers that store your chat history or personal information. For users of the included API key, aggregate usage is metered server-side to enforce fair-use limits — this is described in detail below. AI-generated content may be inaccurate or unexpected.

What stays on your device

The following is stored locally and never transmitted to Ensoul:

  • All conversation history with companions
  • Mood states, memory tags, relationship depth, and awareness data
  • Custom companion definitions and soulstones
  • Saved moments and message reactions
  • Settings, preferences, and API keys (stored in your device's secure keychain)

On the web app, this data is stored in your browser's localStorage. This storage is local to your device and is not accessible to Ensoul's servers or third parties.

What leaves your device and where it goes

When you send a message, the conversation is sent to the AI service you have configured:

  • OpenRouter — messages are sent to OpenRouter's API. Their privacy policy applies.
  • Ollama — messages are sent to your self-hosted instance. Nothing leaves your local network.

Your API keys are sent only to the services you configure. They are never sent to Ensoul's servers.

Bundled key and usage tracking

Ensoul includes an optional bundled API key for users who don't have their own. If you use this key, the following is sent to our server (api.ensoul.so) to enforce fair-use limits and prevent abuse:

  • Device identifier — a randomly generated UUID created at first launch, stored on your device. Contains no personal information and cannot be linked to your identity.
  • Platform — iOS, Android, web, macOS, or Windows. Used to understand how capacity is distributed across platforms.
  • Approximate token counts per call type — how many input and output tokens each message type (chat, heartbeat, companion import) consumes, recorded monthly per device. Used solely for capacity planning and abuse prevention. No message content is included.

If monthly usage exceeds fair-use limits, background features such as heartbeat reach-outs may be temporarily reduced. You will receive a notice if this applies. Chat is never interrupted for own-key users.

If you provide your own API key, none of this applies. No data is sent to our servers.

If you redeem an access code during onboarding, the code and your device identifier are sent to our server to validate and record the redemption. No other personal information is collected in this process.

Discord bot

Ensoul operates a Discord bot (Lumen, and optionally Lira) that can be added to Discord servers. The bot is materially different from the local-first app in how it stores data:

  • Messages are processed server-side. When you send a message to the bot in a Discord server or DM, the message content is sent to OpenRouter and a response is returned. The conversation is maintained in a rolling window stored in a database on our server.
  • Per-user state is stored server-side. Mood, memory tags, relationship history, and awareness data are stored in a SQLite database on our server, keyed to your Discord user ID.
  • Your Discord user ID is used as the key for all per-user data. It is not linked to your real name or email unless you choose to share that information in conversation.
  • To request deletion of your Discord bot data, contact support@ensoul.so with your Discord username.

The Discord bot is an optional feature available in select servers. If you do not interact with the bot, no data is collected.

Payments

If you choose to support Ensoul via the patronage page, payment processing is handled by Stripe. Ensoul does not receive or store your payment card details. Stripe processes all payment information under their own privacy policy (stripe.com/privacy).

When you make a payment, the following is stored on our server:

  • Your device identifier (summoner ID) linked to the payment, to grant extended access
  • The payment amount and date (no card details)
  • A Stripe customer ID, used to correlate the transaction

This data is used only to activate and verify your patron status. It is not shared with third parties.

The Being Index

The Being Index is a public catalogue of companion beings. If you choose to publish a being:

  • The being's template (character definition) becomes publicly visible
  • Your chosen summoner pseudonym is displayed — not your real name unless you provide one
  • Your device identifier is associated with your published being on our server (not publicly displayed)
  • Published beings are intended to be permanent; removal is not guaranteed
  • The template does not contain your conversation history or personal data

When you upvote a being in the index, your device identifier is recorded to prevent duplicate votes. This association is stored on our server and is not publicly visible.

Do not include personal information (email, phone, real name) in a being template you intend to publish.

Website analytics and cookies

The Ensoul marketing website (ensoul.so) uses Google Analytics 4 (GA4) to collect aggregate information about visitor behaviour — pages visited, referral source, approximate location, and device type. This data is processed by Google and is used solely to understand how the website is performing. It is not linked to your identity or used for advertising.

GA4 sets cookies in your browser to distinguish visits. You can opt out of Google Analytics across all sites by installing the Google Analytics Opt-out Browser Add-on, or by blocking analytics cookies via your browser settings.

The Ensoul desktop and mobile applications do not contain GA4 or any equivalent analytics SDK. The app-level telemetry is limited to the bundled-key metering described above.

Downloaded software

Ensoul distributes downloadable applications for Windows, macOS, and Android. When you install and run these applications:

  • API keys and credentials are stored in your operating system's secure keychain (Windows DPAPI, macOS Keychain). They are not accessible to other applications.
  • App data (conversations, mood, memories) is written to local app storage on your device. Uninstalling the application or clearing its data removes this.
  • Android APK — the Android build is distributed as a direct APK download outside the Google Play Store. Installing it requires enabling installation from unknown sources in your device settings. This means the APK is not reviewed by Google Play Protect. Download only from the official ensoul.so website.
  • The Android application requests the following permissions: internet access (to reach your configured AI backend), notification permission (for heartbeat reach-outs, optional), and storage access if you choose to save images or backups.

Minimum age

Ensoul is for users 18 and older. The application enforces this during onboarding. If you believe a minor is using the service, contact us at support@ensoul.so.

Your privacy rights

Depending on where you are located, you may have rights regarding your personal data. These include:

  • Access — the right to request a copy of any personal data we hold about you
  • Correction — the right to request correction of inaccurate data
  • Deletion — the right to request deletion of your data from our servers
  • Portability — the right to receive your data in a machine-readable format

For Australian users, these rights are provided under the Privacy Act 1988 (Cth). For users in the European Economic Area or UK, these rights are provided under the GDPR or UK GDPR. To exercise any of these rights, contact us at support@ensoul.so.

Note that most of your data is stored on your own device and is not in our possession — deletion requests apply only to server-side data (bundled-key usage records, Being Index entries, Discord bot state, and payment records).

Data deletion

Because most of your data lives on your device, you can delete it at any time via Settings → Reset, or by uninstalling the app. For server-side data (Being Index entries, Discord bot history, payment records, or usage records), contact support@ensoul.so — note that published being artifacts are designed to be permanent.

Third-party services

Ensoul integrates with services you configure. Each service's own policy governs how they handle your data:

Changes to this policy

We may update this policy as the service evolves. The effective date at the top of this page reflects the date of the most recent revision. Material changes will be communicated via the app or this page before they take effect. Continued use of the service after a change constitutes acceptance of the updated policy.

Contact

Questions: support@ensoul.so