Privacy Policy
Last Updated: February 20, 2026
1. Introduction
Welcome to Kira AI (“Kira,” “we,” “us,” or “our”), operated by Elsa Research. This Privacy Policy explains how we collect, use, store, and protect your information when you use our voice-based AI companion application at xoxokira.com (the “Service”).
By using Kira, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Voice and Audio Data
When you use Kira’s voice features, your microphone audio is streamed in real-time to our servers and forwarded to third-party processors for transcription and response generation. We do not permanently store raw audio recordings. Audio is processed in real-time and discarded after transcription.
2.2 Visual Data (Camera and Screen Share)
If you choose to use Kira’s vision features, we capture images from your camera or screen at periodic intervals (approximately every 15 seconds) and when you speak. These images are:
- ·Downscaled and compressed before transmission
- ·Sent to OpenAI’s API for visual understanding
- ·Used only during your active session to enable Kira to see and react to your environment
- ·Not permanently stored after the session ends
You can enable or disable vision features at any time during a conversation. Camera and screen share require explicit permission through your browser.
2.3 Conversation Data and Memory
Kira maintains a memory system to provide a personalized, ongoing relationship. This includes:
- ·In-conversation context: During a session, Kira maintains a rolling summary of your conversation to keep track of what you’ve discussed.
- ·Cross-session memory: After each conversation, Kira extracts key facts and stores them in a structured memory system. These facts are organized into categories including: your identity (name, background), preferences (interests, likes, dislikes), relationships (people you mention), emotional patterns, shared experiences with Kira, life context (work, school, goals), and opinions you’ve expressed. Each fact is weighted by emotional significance to help Kira recall what matters most to you.
- ·Conversation transcripts: Text transcripts of your conversations are stored to enable the memory system and conversation history features.
2.4 Account Information
If you create an account, we collect:
- ·Email address (via Clerk, our authentication provider)
- ·Display name (if provided)
- ·Authentication tokens and login history
2.5 Payment Information
If you subscribe to Kira Pro, payment is processed entirely by Stripe. We do not store your credit card number, bank account details, or other sensitive financial information on our servers. We receive only your subscription status, billing period, and payment confirmation from Stripe.
2.6 Usage Data
We track daily and monthly usage time to enforce free-tier limits and fair-use caps. This includes session duration and connection timestamps.
2.7 Device and Browser Information
We collect basic technical information to deliver the Service, including browser type, device type (mobile or desktop), and screen resolution. This is used for rendering the Live2D avatar correctly and debugging technical issues.
2.8 Local Storage
We use your browser’s local storage to persist:
- ·Guest identifiers (random anonymous IDs)
- ·Voice preference settings
- ·Visual mode preferences (avatar vs. orb)
- ·Debug and crash recovery data
This data stays on your device and is not transmitted to our servers unless needed for session continuity.
3. How We Use Your Data
We use your information solely to provide and improve the Kira experience:
- ·Deliver the Service: Process your voice input, generate AI responses, render the avatar, and enable vision features.
- ·Personalization: Store memories and preferences so Kira can maintain a continuous relationship across sessions.
- ·Usage management: Track session time for free-tier limits and Pro fair-use caps.
- ·Technical operation: Debug issues, prevent abuse, and maintain service stability.
- ·Communication: Send account-related emails (e.g., subscription confirmations, password resets) through Clerk.
We do not:
- ·Sell your personal data to third parties
- ·Use your conversations to train AI models (our third-party providers’ policies govern their own data handling — see Section 5)
- ·Display advertising or share data with advertisers
- ·Profile you for marketing purposes beyond the Kira service
4. Guest User Data
When you use Kira without creating an account:
- ·We assign a random anonymous identifier stored in your browser’s local storage.
- ·This identifier allows Kira to remember context from your previous conversations and track daily usage limits.
- ·Guest conversation data and extracted memories are stored for up to 30 days and then automatically deleted.
- ·This data is not linked to your name, email, or any personally identifiable information.
- ·If you later create an account, your guest conversation history and memories are automatically transferred to your new account to preserve continuity.
- ·To delete your guest data at any time, clear your browser’s local storage for xoxokira.com. This removes the anonymous identifier and disconnects you from any stored conversation history.
5. Third-Party Services
We use the following third-party services to operate Kira. Each processes your data according to their own privacy policies:
| Service | Purpose | Data Shared |
|---|---|---|
| Groq | AI conversation processing (Llama 3.3 70B) | Conversation text |
| OpenAI | Vision processing and memory extraction | Images (if vision enabled), conversation text for memory facts |
| Deepgram | Real-time speech-to-text | Audio stream |
| Microsoft Azure | Text-to-speech (voice generation) | Kira’s response text |
| Clerk | Authentication and account management | Email, name, login activity |
| Stripe | Payment processing | Payment and subscription details |
| Vercel | Web hosting | Standard web request data |
| Render | Voice server hosting | WebSocket connection data |
| Supabase | Usage tracking database | Usage minutes, anonymous identifiers |
We require all third-party providers to handle your data securely, but we encourage you to review their individual privacy policies for details on their data practices.
Important: Neither Groq nor OpenAI use your conversations or data submitted through their APIs for model training. Data sent to these services is processed in real-time and not retained beyond the API request. Deepgram and Azure similarly process audio and text in real-time without permanent storage.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Guest conversation data and memories | 30 days, then auto-deleted |
| Registered user conversation data | Retained until you delete your account |
| Registered user memories | Retained until you delete your account |
| Voice audio | Not stored — processed in real-time and discarded |
| Camera/screen images | Not stored — processed in real-time and discarded during session |
| Payment records | Retained per Stripe’s policies and legal requirements |
| Usage tracking data | Retained while your account is active |
7. Data Security
We implement reasonable security measures to protect your information:
- ·All data is transmitted over encrypted connections (HTTPS/WSS)
- ·Authentication tokens are verified on every WebSocket connection
- ·WebSocket connections enforce origin allowlists and payload size limits
- ·Per-connection rate limiting prevents abuse
- ·API keys and secrets are stored server-side and never exposed to clients
- ·Payment processing is handled entirely by Stripe’s PCI-compliant infrastructure
No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
8. Your Rights and Choices
All Users
- ·Delete your account: Registered users can delete their account and all associated data (conversations, memories, usage records) at any time from Profile settings. Deletion is immediate and permanent.
- ·Control vision features: Camera and screen share are always opt-in and can be disabled at any time.
- ·Control voice input: You can mute your microphone at any time during a conversation.
- ·Clear guest data: Clear your browser’s local storage for xoxokira.com to remove your guest identifier and disconnect from stored data.
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- ·Right to Know: You may request details about the personal information we collect, use, and disclose.
- ·Right to Delete: You may request deletion of your personal information.
- ·Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
- ·Right to Opt-Out of Sale: We do not sell personal information, so this right does not apply.
To exercise these rights, contact us at info@elsaresearch.co. We will respond within 45 days.
European Users (GDPR)
If you are located in the European Economic Area, you may have additional rights including access, rectification, erasure, data portability, and the right to object to processing. Our servers are located in the United States. By using the Service, you consent to the transfer of your data to the US. To exercise your rights, contact us at info@elsaresearch.co.
9. Children’s Privacy
Kira is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided personal information to us, please contact us at info@elsaresearch.co and we will promptly delete that information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date at the top of this page and, where feasible, notify you through the Service or via email. Your continued use of Kira after changes are posted constitutes acceptance of the updated policy.
11. Contact Us
For privacy questions, data requests, or concerns:
Email: info@elsaresearch.co