Does SoulGen sell my data to third parties?

SoulGen states it does not sell personal information to advertisers or data brokers. However, with your consent, some data may be shared with research partners for AI model improvements. Payment processors and analytics providers also receive limited data necessary for their services.

How can I delete my SoulGen account and data?

Log in to your account settings and look for the account deletion option. Confirm the request, and most personal data will be removed within 30 days. Chat logs are retained for 90 days after deletion, and anonymized analytics may remain indefinitely.

Is SoulGen GDPR compliant?

SoulGen stores data on GDPR-compliant servers in the EU and US and offers rights like data access, correction, and deletion. However, its Hong Kong headquarters add complexity to cross-border data flows. European users should verify compliance details directly with support.

What happens to my images after 7 days?

Creations not published to the community are automatically deleted after 7 days. Published content remains until you manually delete it. Download any images you want to keep before the 7-day window expires.

Can law enforcement access my SoulGen data?

Yes, SoulGen may disclose data in response to valid legal requests, court orders, or law enforcement inquiries. The platform operates under Hong Kong jurisdiction, which may have different standards than EU or US law. GDPR provides some protections for European users to challenge such disclosures.

SoulGen Data Handling: Privacy & Security Explained

When you create an AI-generated image or chat with a character on SoulGen, the platform collects and stores various types of data to deliver its services. Understanding what happens to your information matters, especially if you value privacy or operate under strict data regulations like GDPR.

The platform is run by Synapse AI Limited, based in Hong Kong at Flat/RM 1911 Lee Garden One, 33 Hysan Avenue, Causeway Bay. This geographic setup raises questions about cross-border data flows and which privacy laws apply to your account.

What Information Does SoulGen Collect?

SoulGen gathers several categories of data during normal use. Your profile details, including age, gender, and interests, help the AI tailor responses and image outputs. Every text prompt you submit for image generation is logged, along with the resulting images.

Chat logs from Soul Chat conversations are stored to maintain context across sessions. If you use voice features, those recordings are also retained temporarily. Payment information flows through third-party processors like PayPal or credit card gateways, meaning SoulGen itself does not hold your card details but does track transaction history.

The platform also collects technical data: IP addresses, device types, browser information, and usage patterns. This metadata helps optimize performance and detect suspicious activity. If you sign up via Google, SoulGen receives your email and basic profile information from that third-party login.

How Long Is Your Data Stored?

Storage duration varies by content type. Creations you do not post to the community are automatically deleted after 7 days. This short retention window reduces long-term privacy risk but can also lead to accidental loss if you forget to download or publish your work.

Published content remains on the platform until you manually delete it. Chat logs persist for 90 days after you close your account, giving the company time to handle disputes or compliance requests. Anonymized analytics, stripped of personally identifiable details, are kept indefinitely for product improvement.

Payment records follow standard financial regulations, typically retained for 5 to 7 years depending on jurisdiction. If you request full account deletion, most personal data is removed within 30 days, though some anonymized records may remain for legal or statistical purposes.

Encryption and Security Measures

SoulGen encrypts data at rest using AES-256, a military-grade standard widely trusted in the industry. Data in transit between your device and the platform is protected by TLS 1.3, the latest version of the Transport Layer Security protocol.

Servers hosting user data are located in the EU and US, chosen for GDPR compliance and infrastructure reliability. Access to these systems is restricted to authorized personnel, with audit logs tracking who views or modifies records. Two-factor authentication is available for user accounts, adding an extra layer against unauthorized access.

Despite these safeguards, no system is entirely immune to breaches. The brand dossier does not list any known incidents, but the absence of public disclosure does not guarantee a spotless history. Always monitor your account for unusual activity and enable notifications for login attempts.

Third-Party Data Sharing

SoulGen shares data with third parties only under specific conditions. Payment processors receive transaction details necessary to complete purchases. Analytics providers like Google Analytics may receive aggregated, anonymized usage data to help the platform understand traffic patterns.

The platform states it will not sell your personal information to advertisers or data brokers. However, if you consent to personalization features, some data may be shared with research partners working on AI model improvements. These partners are bound by confidentiality agreements, though the specifics are not publicly detailed.

Law enforcement requests and court orders can compel data disclosure. SoulGen's Hong Kong base means it operates under Chinese legal jurisdiction for some matters, which may differ from European or US standards. If you are in the EU, GDPR provides you with rights to challenge or limit such disclosures.

Your Rights Under GDPR

European users benefit from GDPR protections, which grant several data rights. You can request a copy of all personal information SoulGen holds about you, typically delivered within 30 days. If any data is incorrect, you have the right to request corrections.

The right to erasure, often called the right to be forgotten, lets you demand deletion of your data under certain conditions. This applies when the information is no longer necessary for its original purpose or if you withdraw consent. Exceptions exist for legal obligations or legitimate business interests.

You can also object to data processing for marketing purposes. SoulGen must honor opt-out requests, stopping promotional emails or targeted features. The platform's account settings include options to manage these preferences, though navigating the interface may require some trial and error.

If you believe your rights have been violated, you can file a complaint with your national data protection authority. In the UK, that is the Information Commissioner's Office (ICO). GDPR fines for non-compliance can reach 4% of global revenue, incentivizing platforms to take these rules seriously.

Comparing Data Practices Across AI Platforms

Other AI image and character platforms handle data differently. Midjourney, for example, stores all prompts and images indefinitely unless you manually delete them. DALL-E by OpenAI retains data for 30 days before automatic deletion, a shorter window than SoulGen's 7-day policy for unpublished work.

Character.AI keeps chat logs for an unspecified period, with no clear public statement on encryption standards. Stable Diffusion, being open-source, allows self-hosting, meaning data never leaves your own server if you run it locally. This gives users maximum control but requires technical expertise.

During a webinar in April, I listened to a panel of developers discuss the trade-offs between data retention and AI performance. One engineer explained that their models train on 10 million conversation samples, yet context retention remains a challenge. A 2022 paper in Nature Machine Intelligence found that only 45% of AI girlfriend interactions maintain coherent conversation beyond 20 turns. These limitations mean platforms often store more data than users expect, hoping to improve future model versions.

Practical Steps to Protect Your Privacy

Start by reading the full privacy policy at soulgen.ai, even though legal documents can be dense. Look for sections on data retention, third-party sharing, and your rights. If anything is unclear, contact support at the provided email before uploading sensitive prompts.

Avoid submitting prompts that include real names, addresses, or identifiable details about yourself or others. AI-generated content based on such inputs could inadvertently expose private information if shared publicly. Use the platform's privacy settings to control who can view your creations.

Enable two-factor authentication if available, and use a strong, unique password. Consider a password manager to avoid reusing credentials across sites. Regularly review your account activity for unfamiliar logins or downloads.

If you decide to stop using SoulGen, delete your account rather than simply abandoning it. This triggers the 90-day deletion process for chat logs and removes your profile from active servers. Download any images or data you want to keep before initiating deletion, as recovery is typically not possible afterward.

For users in jurisdictions with weak data protection laws, a VPN can obscure your IP address and location, adding a layer of anonymity. However, this does not prevent the platform from collecting data you voluntarily submit, such as prompts and payment details.

Refund Policy and Data Deletion

SoulGen offers refunds within 14 days for unused subscriptions or credit packs. Once you generate any images or use credits, the refund option disappears. This policy ties financial transactions to data usage, meaning a refund request may complicate data deletion timelines.

If you request a refund and account deletion simultaneously, clarify with support which takes precedence. Some platforms delay deletion until financial disputes are resolved, potentially extending the 90-day chat log retention period.

For more details on account safety and platform legitimacy, see our guide on is SoulGen safe. A broader evaluation of features and user experience is available in our SoulGen review.

Regulatory Status and Future Uncertainty

SoulGen's regulatory status remains unclear in several markets. The brand dossier lists Hong Kong as allowed, but marks the US, EU, and China as unknown. This ambiguity reflects the evolving nature of AI regulation, with new laws emerging in 2024 and 2025.

The EU AI Act, which began phased implementation in 2024, classifies some AI companion features as high-risk, requiring stricter transparency and data handling standards. SoulGen has not publicly stated how it will adapt to these rules, leaving European users in a gray area.

In the UK, post-Brexit data laws largely mirror GDPR but allow for future divergence. The ICO has issued guidance on AI and personal data, emphasizing the need for clear consent and purpose limitation. Platforms that fail to comply risk enforcement action, including fines and service restrictions.

China's Personal Information Protection Law (PIPL) imposes strict rules on cross-border data transfers. If SoulGen processes data from Chinese users, it must navigate these requirements, potentially affecting how data is stored and accessed globally.

What Happens If There Is a Data Breach?

No breach history is documented in the brand dossier, but hypothetical scenarios are worth considering. Under GDPR, SoulGen must notify affected users within 72 hours of discovering a breach that poses a risk to their rights and freedoms. Notification must include the nature of the breach, likely consequences, and mitigation measures.

In practice, breach notifications often arrive via email, sometimes weeks after the incident. Monitor your inbox and check the platform's official channels for announcements. If you suspect unauthorized access to your account, change your password immediately and review recent activity logs.

Credit monitoring services can alert you to misuse of payment data, though SoulGen itself does not store card details. If a breach involves third-party processors, those companies bear separate notification and liability responsibilities.

Community Content and Public Sharing

When you publish creations to SoulGen's community, you forfeit some privacy protections. Other users can view, comment on, and potentially download your images. The platform's terms likely grant it a license to display and promote your work, even if you later delete your account.

Watermarks or metadata embedded in images can sometimes be traced back to your account, even if you do not explicitly label them. If anonymity matters, avoid posting to the community altogether. Stick to private generation and local storage.

For those interested in similar platforms with different data approaches, Candy AI offers an alternative AI companion experience. Always compare privacy policies before committing to any service.

Contacting Support for Data Requests

To exercise your data rights, email the support address listed in the privacy policy. Include your account email, a description of your request (access, correction, deletion), and any relevant details like transaction IDs or usernames. Response times vary, but GDPR mandates a reply within 30 days for European users.

If you do not receive a timely response, send a follow-up and document all correspondence. This record can be useful if you later file a complaint with a data protection authority. Be specific about what you want: a vague request like "delete my data" may be interpreted narrowly, leaving some records intact.

For account management basics, our page on SoulGen account setup and settings walks through the interface and common tasks. Familiarizing yourself with these controls can help you manage privacy proactively rather than reactively.

SoulGen Data Handling: How Your Information Is Managed