Wilds.ai Privacy Policy

Effective Date: May 22, 2026

What We Collect

• Account information: Email address, display name, hashed password for email/password accounts, linked OAuth identities, and account settings.
• Billing information: Stripe customer ID, subscription status, and purchase history. We do not store full payment card numbers.
• Content you create: Stories, worlds, companion configurations, session messages, companion conversations, lore, assets, and other creative content you submit to the service.
• Operational and analytics data: Session starts and ends, heartbeat playtime, favorites, shares, search and browse behavior, multiplayer joins, compiler runs, model/provider usage, token counts, latency, and other product-usage telemetry.
• Interaction records: Some first-party interaction events may include player prompt text or AI response text when needed to operate, evaluate, debug, or improve Wilds features.

How We Use Data

We use data to:

1. operate the product and generate AI responses
2. save your worlds, sessions, companions, and account state
3. measure usage, reliability, retention, payout attribution, and creator analytics
4. detect abuse, investigate bugs, respond to support issues, and secure the platform
5. generate anonymized or aggregated benchmarks, statistics, and business reporting

Legal Bases for Processing

For users in the EU, UK, and Switzerland, each kind of processing has a legal basis under GDPR Article 6, and, for sensitive data, Article 9:

Purpose	Legal basis
Providing the service: accounts, sessions, saved worlds, companions, and generating AI responses	Contract (Art. 6(1)(b))
Authentication, fraud and abuse prevention, and platform security	Legitimate interests (Art. 6(1)(f))
Account-linked first-party product analytics	Legitimate interests (Art. 6(1)(f)), with an opt-out in Settings
Browser analytics and guest server-side analytics	Consent (Art. 6(1)(a))
Research and data-licensing program	Consent (Art. 6(1)(a))
Sensitive (special category) data in personas and mature/private-adult content	Explicit consent (Art. 9(2)(a))
Billing, tax, and legally required records	Legal obligation (Art. 6(1)(c))
Content moderation and safety enforcement	Legitimate interests (Art. 6(1)(f)); legal obligation where the law requires it
Responding to legal requests and defending legal claims	Legal obligation (Art. 6(1)(c)) and legitimate interests (Art. 6(1)(f))

Where we rely on legitimate interests, we have weighed those interests against your rights and freedoms. Where we rely on consent, you can withdraw it at any time, and withdrawal does not affect processing that already took place.

How We Handle Your Content

1. Automated processing is required to run Wilds. Your content is processed by our application and the AI models you choose so Wilds can generate responses, memories, summaries, art, and other outputs. Wilds is an AI service: the characters, narration, dialogue, and images you interact with are generated by artificial intelligence.
2. We do not use advertising analytics to record your raw writing. We do not send your raw prompts, stories, or companion dialogue to Google Analytics, Clarity, or Plausible as analytics payloads.
3. First-party operational logs can include text. Some server-side interaction records may store prompt text or AI output text. These records are treated as restricted operational data, not public creator analytics.
4. Human access is limited. We do not routinely have employees read private content, but authorized personnel may access limited data when necessary for support, debugging, fraud/security investigations, abuse incidents, or legal compliance.
5. Operational audit notifications. When you create a wilds.ai account or link a Discord identity, a redacted internal notification is posted to a staff-only audit channel — display name, public profile link, masked email (e.g. j**e@example.com), account ID, and timestamp. The full email never leaves our servers in these notifications; the masked form is enough context for staff to triage abuse and support tickets while reducing exposure if a staff seat is compromised. You can request deletion of an audit-log entry by emailing team@wilds.ai.
6. AI providers. When you use cloud AI models, relevant context is sent to the selected provider to generate outputs. Local-model mode can keep generation on your own infrastructure when configured.

Staff access to user content

Wilds employs a strict-minimum-disclosure posture on staff-facing dashboards. The internal admin user-activity view shows per-account activity SHAPE only — counts of worlds and companions bucketed by safety tier (safe / standard / mature / private-adult), counts of messages, and first/last activity timestamps. It does NOT show world names, world IDs, companion names, companion identifiers, message content, or any creator-set titles. Staff who need to inspect a specific piece of content for support, abuse investigation, or legal compliance use case-specific tooling that requires the relevant elevated role (super_admin) and writes an audit-log entry recording the access. Routine activity monitoring never surfaces user content text or titles.

This restriction applies to dashboards, ranked leaderboards, audit notifications, and any aggregate report generated for internal staff use. It does not apply when you, the account holder, view your own content through normal product surfaces.

Analytics and Cookies

Consent-Gated Client Analytics

Wilds uses a consent banner and settings controls for optional browser analytics.

• PostHog is our default client analytics provider. Before you make an analytics choice it runs in a cookieless, memory-only anonymous mode with autocapture and session recording disabled. Cookies, persistent identifiers, and session recording are enabled only after you grant analytics consent. We use it for manual pageviews, named product events, funnels, cohorts, and masked session recordings.
• Legacy analytics providers such as Google Analytics 4, Microsoft Clarity, and self-hosted Plausible may be enabled in limited deployments, but they are not the default analytics stack.
• Global Privacy Control. If your browser sends a Global Privacy Control signal, Wilds treats it as an override that keeps optional browser analytics off while that signal is active.

Session Replay Privacy

When PostHog session replay is enabled, Wilds configures it to mask text in replays. We also disable autocapture and send only named events to keep collection intentional and controlled.

First-Party Product Analytics

Wilds also records first-party server-side interaction events for product operation, creator attribution, engagement analytics, fraud review, and service improvement. These events are stored in our own application database rather than in third-party advertising trackers.

Signed-in users can disable new account-linked first-party product analytics in account settings. This account-level control is separate from the browser cookie banner.

Guests are handled more conservatively: until a guest browser-analytics decision is synced server-side, new guest-linked interaction analytics stay off by default.

Research and Data Licensing Opt-In

Signed-in users can separately choose whether Wilds may include their de-identified interaction records in internal research, model-improvement, and any future external dataset or data-licensing program.

• This setting is off by default.
• This program-level opt-in is separate from routine product analytics.
• Where applicable, eligible de-identified records can include prompt text or AI-response text.
• We do not treat this setting as permission to disclose identified personal data.
• Current export controls hash actor/session/entity identifiers and scrub direct text identifiers such as emails, URLs, phone numbers, and name-like metadata before staff dataset export.

Personas and Conversation Data

Personas are saved player identities you create. Each persona can hold its own conversations, mood and relationship state, and memory with any companion. You can maintain multiple personas under one account.

We store: the persona's name, pronouns, backstory, and any appearance fields you enter; per-persona companion chat messages; per-persona relationship and mood state tracked by companions; per-persona uploaded attachments; and (on Plus or higher) AI-generated persona avatars.

Deleting a persona

When you delete a persona you choose one of two modes:

• Keep conversations. The persona record is removed and disconnected from past chats. Those chats remain readable and exportable as "Archived conversations."
• Erase everything. The persona and every companion conversation, memory trace, conversation branch, and attachment that was scoped to it are permanently deleted from our primary stores, including the per-persona memory file on disk.

Account deletion always erases every persona and every persona-scoped conversation regardless of which deletion mode you used earlier. See the "Deletion and Retention" section below.

Exporting your persona data

The account export includes each persona's metadata (name, pronouns, backstory, appearance, avatar URL) and counts of conversations per persona with first/last activity timestamps, so you can see what you have before deleting.

Sensitive (Special Category) Information

Some Wilds features involve special category personal data under GDPR Article 9:

• Persona identity fields. Race or ethnicity, religion, and sexual orientation are optional persona fields. They reveal special category data about you.
• Mature and private-adult content. Roleplay in the mature and private-adult tiers can involve content concerning sexual activity.

Wilds processes this data only with your explicit consent under Article 9(2)(a). Consent is requested separately from accepting these policies: you grant it through a dedicated step before sensitive persona fields are saved, and before mature or private-adult content is enabled. Each grant is recorded with its date and the policy version in effect.

You can withdraw this consent at any time in Settings > Privacy, Stats & Data Use:

• Withdrawing consent for sensitive persona information clears race/ethnicity, religion, and sexual orientation from every persona on your account.
• Withdrawing consent for mature and private-adult content disables those tiers for new sessions.

Sensitive data is used only to operate the features you chose. It is never included in analytics, and never in the research and data-licensing program.

Deletion and Retention

1. Content deletion: When you delete worlds, sessions, companions, personas, or similar user content, we permanently remove that content from the primary application data store, subject to legal holds and technical backup windows.
2. Account deletion: When you delete your account, your private content — chats, drafts, personas and persona-scoped conversation data, runtime state, memory traces, attachments, your taste profile, your auth + linked-provider records — is permanently destroyed. The account shell remains soft-deleted for a 30-day restore window so you can change your mind via the link in the deletion confirmation email; after 30 days the shell is also purged. First-party interaction analytics keyed by your account ID are deleted in the same pass. Anonymous aggregate statistics that no longer identify you may remain.
3. Public content you've published — your choice at deletion time. If you published any companions or worlds to the public catalog, the deletion flow asks whether you want them removed entirely or kept available to other players (forks, in-progress sessions, leaderboard entries, multiplayer co-op invitees) under an anonymized "Anonymous Creator" attribution. This mirrors the freedom-of-expression carve-out in GDPR Article 17(3)(a) and the same pattern used by the Archive of Our Own ("orphan_account"), Reddit ("[deleted]"), and Stack Overflow ("user12345"). If you choose anonymized retention, your display name, username, avatar reference, and creator-attributed metadata are stripped from the artifact; the artifact itself persists. If you choose full deletion (the default), the public artifacts are deleted alongside everything else. You can also delete individual public artifacts at any time without deleting your account from Settings → Published Content.
4. Billing records: Billing and tax records may be retained for as long as required by law.
5. De-identified reporting: We may retain anonymized or aggregated statistics that no longer identify you.
6. Legal holds: Records flagged with a legal hold (active subpoena, abuse investigation, ongoing dispute) are excluded from automated deletion until the hold is released.

Retention schedule

Data category	Retention	Trigger
Account profile and creative content	Until account deletion, then a 30-day soft-deleted shell, after which the shell is purged	Account deletion
Companion, session, and persona content	Permanently destroyed at deletion time	Content or account deletion
First-party interaction analytics	Destroyed with the account; anonymized aggregates may remain	Account deletion
Server logs	90 days	Rolling sweep
Consent records	Kept while the account exists, as the record of your consent	Account deletion
Billing and tax records	Retained for the period required by applicable tax and accounting law, generally up to 7 years	Legal obligation
Records under legal hold	Until the hold is released	Legal hold

We Do Not Sell Raw User Content

Wilds does not sell your raw prompts, full transcripts, or companion conversations as standalone personal data products.

We may use or disclose:

• aggregated or de-identified engagement metrics
• world-level and creator-level public statistics
• internal benchmarking and diligence reporting

Wilds now exposes a separate in-product research and data-licensing opt-in for signed-in users. Any future program involving text-bearing interaction records must honor that explicit setting and applicable law.

Automated Decisions and Profiling

Recommendations. Wilds builds a taste profile from your activity to recommend worlds and companions. This is profiling on the legitimate-interests basis. You can object to it by disabling first-party product analytics in Settings > Privacy, Stats & Data Use.

Content moderation and enforcement. Automated systems help detect content that violates our policies and can hide content or restrict an account. If an automated decision restricts your account or content and has a significant effect on you, you can request human review by contacting team@wilds.ai. A person will review the decision, you can give your point of view, and you can contest the outcome.

Your Choices

• Cookie preferences: Use the consent banner, footer "Cookie Settings" link, or Settings > Tracking & Consent to control optional browser analytics cookies/storage.
• Global Privacy Control: If your browser or extension enables GPC, Wilds keeps optional browser analytics off while that signal is present.
• Guest analytics: Guest first-party interaction analytics follow the browser analytics choice once that consent is synced to the server.
• First-party product analytics: Signed-in users can enable or disable new account-linked product analytics in Settings > Privacy, Stats & Data Use.
• Research and data licensing: Signed-in users can separately opt in or opt out in Settings > Privacy, Stats & Data Use.
• Account data: You can request export or deletion through account settings or by contacting team@wilds.ai.
• Support and privacy requests: Contact team@wilds.ai.

Your Rights

If you are in the EU, UK, or Switzerland, you have the right to:

• access the personal data we hold about you;
• rectify inaccurate or incomplete data;
• erase your data (the "right to be forgotten");
• restrict processing in certain circumstances;
• data portability: receive your data in a portable, machine-readable format;
• object to processing based on legitimate interests, including profiling;
• withdraw consent at any time, where processing is based on consent;
• lodge a complaint with a supervisory authority: your local EU data protection authority, the UK Information Commissioner's Office, or the Swiss Federal Data Protection and Information Commissioner.

You can exercise access, erasure, and portability directly in account settings through the export and delete tools. For any data rights request, contact team@wilds.ai. We respond within one month. For complex or numerous requests we may extend this by up to two further months, and we will tell you if we do.

The account export is delivered as a plain JSON, Markdown, HTML, or PDF file over an encrypted HTTPS connection. Once the file is on your device, it is your responsibility to handle it securely: store it somewhere private, and delete it if you no longer need it.

Account deletion is the broadest privacy control. Deleting your account permanently destroys every chat, persona, memory trace, and other piece of private content you created, with no soft-grace period for that content — only the empty account shell can be restored within 30 days, via the link in the deletion confirmation email. Use it whenever you want a clean exit.

California Residents

The California Consumer Privacy Act (CCPA), as amended, gives California residents rights including the right to know, delete, correct, and opt out of the sale or sharing of personal information, plus the right to receive notice at or before collection. We describe the categories of information we collect and the purposes for which we use them in this policy.

Wilds does not sell personal information in the ordinary sense of data-broker resale, and we do not sell raw prompts or transcripts. To exercise CCPA rights, contact team@wilds.ai.

Nevada Residents

Nevada residents have the right to opt out of the sale of certain covered information. Wilds does not sell covered information for third-party marketing purposes. Requests can be sent to team@wilds.ai.

Data Security

• Passwords are hashed before storage.
• Authentication uses signed tokens and server-side validation.
• Production database and object storage access are restricted to authorized application and operations workflows.
• Analytics tools are configured to minimize unnecessary capture and to respect consent controls.
• PostHog session replay is configured with masked text, and research/data-licensing eligibility stays behind a separate user opt-in.
• Staff-only interaction dataset exports require a server-side export salt and de-identification pass before records leave the primary analytics store.

If a personal data breach is likely to result in a high risk to your rights and freedoms, Wilds will notify affected users without undue delay, and notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Articles 33 and 34.

Children

Wilds.ai is not directed to children under 18. If you believe a minor created an account, contact team@wilds.ai and we will investigate and remove the account if appropriate.

Subprocessors

Every external vendor that may receive user data — AI providers, infrastructure, payments, email, analytics — is listed by category at /subprocessors. The page is updated whenever a vendor is added or removed.

International Data Transfers

Wilds is operated from the United States. When you use Wilds from the EU, UK, or Switzerland, your personal data is transferred to the United States and to our US-based subprocessors and AI providers.

For these transfers we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum for UK data, and the Swiss Federal Data Protection and Information Commissioner's adaptations for Swiss data. Where a recipient is certified under the EU-US Data Privacy Framework, we rely on that certification. The categories of recipients are listed at /subprocessors.

Data Controller and Representatives

wilds.ai is operated by Framers Lab, Inc., 1301 N Broadway STE 78768, Los Angeles, CA 90012, United States. Framers Lab, Inc. is the data controller for personal data processed through the service.

Framers Lab, Inc. is appointing a representative in the EU and a representative in the UK, as required by GDPR Article 27. Their contact details will be published here once the appointments are complete. Until then, EU and UK users can raise any data protection matter directly with team@wilds.ai.

Contact

For privacy questions or to exercise your data rights, contact: team@wilds.ai