Soliloquy Back to site

// Soliloquy · Legal · Privacy

Privacy Policy

Effective February 21, 2026

// Self-service legal · plain English

These pages are written for a solo-operated AI SaaS by the maker, not by a law firm. They are reasonable defaults and should be reviewed by an attorney before any high-revenue inflection (acquisition, funding, enterprise contracts, payment-card storage). Last refreshed February 21, 2026.

1. The short version

Soliloquy is a voice-to-voice AI roleplay tool. To make it work we collect the bare minimum: an account email, what you type or say to a persona, the persona’s reply, and standard billing metadata when you subscribe. We do not sell your data, we do not run ad networks, and we do not train public AI models on your conversations.

2. Who runs Soliloquy

Soliloquy is operated as a sole-proprietor service by an independent maker (“we,” “us,” or “Soliloquy”), based in California, USA. You can reach the maker at support@trysoliloquy.com or on Discord as Azodan.

3. What we collect

3.1 Account data

  • Email address (used to sign in and to send transactional emails).
  • A display name you choose.
  • A securely-hashed password (we never see the plain text).
  • Optional avatar image you upload or generate.
  • Referral code (auto-generated) and, if you joined via a friend’s link, the referrer’s user ID.

3.2 Conversation data

  • The text or audio you submit while talking to a persona, and the persona’s response (text + synthesized audio).
  • Persona definitions you create (name, system prompt, voice settings, memory notes).
  • Session-level metadata: timestamps, duration, scene/context settings, and the language you chose.

Voice input is transcribed to text inside the request. Audio output is generated on-demand and not retained beyond what is needed to deliver the response and stream it back to your browser.

3.3 Billing data

Subscriptions and one-time purchases are processed by Stripe. We do not store your full card number, CVC, or bank credentials. We do store your Stripe customer ID, subscription tier, status, trial state, and the amount/date of completed charges.

3.4 Technical logs

  • IP address (used for rate-limiting login brute-force and for security auditing only).
  • Browser user-agent and basic request metadata.
  • Server logs of errors, latency, and quota usage.

These logs are retained for up to 90 days, then automatically rotated out.

4. Cookies & local storage

Soliloquy uses cookies and your browser’s local storage strictly for the service to function. See our Cookie Policy for the full list. We do not use third-party advertising or analytics cookies.

5. How we use your data

  • To run the service: deliver replies, save your personas, gate your quotas.
  • To send transactional emails: welcome, email verification, password reset, weekly digest (if you opted in), referral notifications, and billing receipts.
  • To prevent abuse and brute-force attacks (per-IP / per-email rate limiting).
  • To improve the product: read aggregate, de-identified usage metrics. We do not read individual conversations except when you explicitly send us one via a bug report.

6. Sub-processors we share data with

To deliver the service we send the minimum-necessary data to:

  • Stripe (payments) — email, name, billing address you supply, subscription state.
  • Resend (transactional email) — your email address and the email body.
  • OpenAI / Anthropic / Google (model providers, via the Emergent universal key) — the conversation text needed to generate a reply. Per the model providers’ enterprise terms, these inputs are not used to train their public models.
  • ElevenLabs (premium voice synthesis on Studio plans) — the text to be spoken and the voice ID. No persistent recording is kept by ElevenLabs.
  • Discord (optional, only if you link a Discord account) — the link token and your Discord user ID.
  • MongoDB Atlas — encrypted-at-rest primary database.
  • Cloudflare — CDN and basic DDoS protection.

We do not sell, rent, or barter your data with anyone. We have no advertising partners.

7. Children

Soliloquy is not intended for users under 13. If you are between 13 and 17, you may use the service only with verifiable consent of a parent or legal guardian, and only with the Adult-Mode (NSFW) toggle off. Adult Mode requires the operator to affirmatively confirm they are 18 or older.

8. Your rights — CCPA, CPRA, GDPR, UK GDPR, LGPD

Depending on where you live, you have rights over the personal data we hold about you. These rights are exercisable free of charge and we will not discriminate against you for using them.

8.1 Your rights, no matter where you live

  • Access — get a copy of the personal data we hold about you.
  • Correction / rectification — ask us to fix data that’s wrong or stale.
  • Deletion / erasure — ask us to delete your account, personas, and conversations.
  • Portability — receive a machine-readable copy (JSON) of your data.
  • Opt out of optional processing — turn off product analytics, marketing emails, and 12-hour absence notifications via Settings → Privacy & Data.
  • Non-discrimination — we will not deny service, charge different prices, or degrade quality because you exercised a right.

8.2 California residents (CCPA & CPRA)

California gives you the rights above plus the right to know what categories of personal information we have collected, how we used it, and the categories of third–party recipients. Here’s our current disclosure:

  • Categories we collect: identifiers (email, IP, user ID), commercial information (Stripe customer ID + subscription state), internet activity (request logs), user content (personas, conversations, voice transcripts).
  • Categories we do not collect: precise geolocation, biometric identifiers, genetic data, immigration status, union membership, financial-account credentials.
  • Sale or sharing for cross-context behavioral advertising: None. We have not sold or shared personal information in the last 12 months and have no plans to.
  • Sensitive personal information: we do not use it for purposes other than what the law allows (delivering the Service, security, abuse prevention).

To exercise any California right, click “Export my data” or “Delete my account” on the in-app Privacy & Data page, or email privacy@trysoliloquy.com. You may also designate an authorized agent — we will verify their authority before acting.

8.3 European Economic Area, UK & Switzerland (GDPR / UK GDPR)

If you are in the EEA, UK, or Switzerland, our legal bases for processing are:

  • Contract (Art. 6(1)(b)) — to deliver the Service you signed up for.
  • Legitimate interest (Art. 6(1)(f)) — to prevent abuse, secure the platform, and improve product quality in aggregate.
  • Consent (Art. 6(1)(a)) — for optional marketing emails, the 12-hour absence notification feature, and the Adult-Mode toggle.
  • Legal obligation (Art. 6(1)(c)) — tax retention, CSAM reporting under applicable law.

Additional GDPR rights: right to object (Art. 21), right to restrict processing (Art. 18), right to lodge a complaint with your local supervisory authority. Soliloquy does not use automated decision-making with legal or similarly significant effect on you under Art. 22.

International transfers: data is processed in the United States. Where Standard Contractual Clauses are required, our sub-processors (Stripe, Resend, Cloudflare, MongoDB Atlas, etc.) operate under the European Commission’s 2021 SCCs.

8.4 Brazil (LGPD), Canada (PIPEDA), other jurisdictions

The same access / correction / deletion / portability rights apply. Email privacy@trysoliloquy.com; we will reply within 15 business days.

8.5 How to exercise your rights

  • In-app, instantly: open Settings → Privacy & Data and click Export my data or Delete my account.
  • By email: privacy@trysoliloquy.com. Include the email tied to your account; we’ll verify before acting.
  • Response time: 7 business days for access / export, 30 days for full deletion (some records are retained per law — see § 8.6).

8.6 What we have to keep after deletion

Even after you delete your account, we are legally required to retain certain records:

  • Stripe transaction records — 7 years for tax / accounting under US IRC § 6001.
  • Abuse-review evidence — if your account was flagged for hard-policy violations (CSAM solicitation, threats, fraud), the flag record is retained for safety and law-enforcement cooperation.
  • Aggregate, de-identified usage metrics — not linkable to you.

Everything else — personas, conversations, voice samples, profile, referral data — is wiped within 30 days.

9. Security

We use industry-standard practices: bcrypt password hashing, HTTPS everywhere, HTTP-only secure session cookies, server-side rate-limiting, and encrypted MongoDB Atlas. Soliloquy is run by a single maker; despite our best efforts we cannot guarantee absolute security. Please do not put real secrets, medical data, financial credentials, or other regulated data into persona conversations.

10. International transfers

Soliloquy operates from the United States. If you use the service from outside the US, your data will be transferred to and processed in the US, which may have different data protection rules than your home country.

11. Changes to this policy

We will update the “Effective” date above and post a notice in the cockpit when material changes are made. Continued use after the effective date constitutes acceptance of the updated policy.

12. Contact

For privacy questions, requests under CCPA/GDPR, or general curiosity, email support@trysoliloquy.com or message Azodan on Discord.

Made with Emergent