Last updated: 2026-04-10 · Draft, pending legal review
Account data: email address, optional display name, hashed password, subscription tier, created/updated timestamps, last-login timestamp. Usage data: count of replies generated per day (for rate limiting), last active timestamp, feature preferences. Viewer memory: the chat conversation snippets, notes you write about viewers, and AI-generated conversation summaries — stored on our server so the AI can recall them across sessions. Payment data: crypto transaction records, USDT wallet addresses (derived from a master HD wallet) associated with your subscription. Email verification tokens, password reset tokens.
We do not record or store: your camera feed, microphone, screen contents, passwords for third-party platforms (Chaturbate, Stripchat, Fansly), browsing history outside supported platforms, IP addresses beyond basic rate-limit and abuse prevention logs, or any personally identifiable information beyond email. The browser extension reads chat text from the currently-active tab only, on supported platforms only.
Your chat snippets are sent to the xAI Grok API to generate reply variants. xAI may process these snippets per their own policies. We do not store chat content longer than necessary for operation, and we do not use it for training models. Viewer memory is stored per-user and never shared across accounts. Payment data is used only for subscription management. Email addresses are used for transactional messages (verification, password reset, payment confirmations). We do not send marketing emails.
xAI (Grok API) — AI model provider. TronGrid (USDT payment verification). Brevo (transactional email delivery). Statbate Premium API (public viewer statistics enrichment — we query public cam-platform data, we do not share your data with them). All third-party requests are made from our server, never directly from the browser extension.
You can delete any viewer profile, any conversation history, any note, and your entire account at any time from your dashboard. Account deletion removes all associated data within 7 days. Payment records are retained for tax compliance per applicable jurisdiction. Uninstalling the browser extension removes all local extension data immediately.
All traffic to our server is encrypted via HTTPS. Passwords are hashed with bcrypt. JWT tokens are short-lived (1 hour) with refresh tokens (30 days). We use rate limiting and brute-force protection on login endpoints. We do not store credit card details — all card payments (if available) are handled by external payment processors.
Questions about this policy or your data: @galatea_owner on Telegram or email support@galatea.chat.
Galatea is a text tool for adult performers. You must be 18 years or older to use this service, and you confirm you are of legal age in your jurisdiction.