The Privacy Paradox: How Nomi AI Promises Sanctuary While Building a Surveillance System

In the world of data privacy, there are two things that matter: what a company says it does, and what it is legally obligated to do. For…

The Privacy Paradox: How Nomi AI Promises Sanctuary While Building a Surveillance System

In the world of data privacy, there are two things that matter: what a company says it does, and what it is legally obligated to do. For users of Nomi.ai, discovering the difference between the two can be a disturbing wake-up call.

The company’s founder, Alex Cardinell, has mastered the art of soothing public statements that mask a stagnant and draconian legal reality. But the deception operates on two levels: first, the invisible surveillance apparatus that tracks your every move; second, the illusion that you can ever truly delete what they’ve collected.

Part I: The Surveillance Suite

Why Does Your “Friend” Need Your IP Address?

The deception isn’t just about the text you type; it’s about the digital footprint you leave behind. While the founder talks about “privacy,” the Privacy Policy grants the company the right to harvest a staggering amount of metadata that is completely unnecessary for the function of a chatbot, but essential for a data harvesting operation.

The “Usage Data” Dragnet (Point 1c):

“time zone, country, dates and times of access, user agent and version, type of computer or mobile device, computer connection, IP address, and the like”

Ask yourself: Why does an AI companion need to know your exact IP address, your specific mobile device model, and the precise times you log in?

  • To a Companion App: This data is irrelevant.
  • To a Data Broker: This is gold.

This is called “Digital Fingerprinting.” It allows them to build a behavioral profile of who you are (based on location and device) and when you are most vulnerable (e.g., logging in consistently at 2 AM indicates insomnia, loneliness, or distress).

The Third-Party Leak (Point 3):

“We may use a variety of online analytics products that use cookies to help us analyze how users use our Services”

This is arguably the most dangerous clause. By integrating “online analytics products” (like Google Analytics, Meta Pixel, or others), Nomi.ai is effectively punching a hole in the “private” room.

When you use a service with third-party trackers, you are not just talking to Nomi. You are sending signals to every analytics company they partner with. These companies track that a user with your IP address and your device fingerprint is spending hours a day on a hypersexual AI companion app.

This contradicts the spirit of every public promise the founder has made. You cannot claim to offer a private, safe sanctuary while simultaneously planting third-party tracking cookies that broadcast user behavior to the wider advertising ecosystem. This isn’t privacy; it’s surveillance.

The Privacy Policy That Isn’t

Perhaps the most telling indicator of Nomi.ai’s true priorities is what the Privacy Policy doesn’t say.

The entire document is a mere five sections long. For a company that handles some of the most intimate conversations a person might have — romantic roleplay, sexual fantasies, emotional confessions, mental health struggles — this is an astoundingly minimal privacy framework.

Compare this to any legitimate platform handling sensitive data: comprehensive privacy policies run 15–30 sections, detailing data retention periods, security measures, user rights under various jurisdictions (GDPR, CCPA, etc.), breach notification procedures, and clear data deletion protocols.

What’s missing from Nomi.ai’s Privacy Policy:

  • No data retention periods specified
  • No details on security measures or encryption
  • No information about where data is stored or which countries process it
  • No clear explanation of what “anonymized” actually means
  • No details about which specific “analytics products” are used
  • No mention of data breach notification procedures
  • No explanation of user rights under GDPR or CCPA beyond a vague “right to correct”

The Privacy Policy even contains an internal contradiction. Section 4 states: “You cannot edit past chat messages.” This is remarkable — you cannot delete individual messages, only request deletion of your entire account (a feature that now exists via a button, though the Privacy Policy still instructs users to email support@glimpse.ai). There is no granular control, no ability to remove a specific conversation or confession. It’s an all-or-nothing approach that forces users to choose between keeping everything or losing access entirely.

For a platform that positions itself as a safe space for vulnerable users, this is a privacy policy designed to say as little as possible while granting maximum permissions.

Part II: The “Delete Button” Deception

The Question: “Can I Delete My History?”

A specific interaction on the platform’s subreddit reveals how this surveillance architecture connects to an even deeper problem: the impossibility of true deletion.

The discussion began with a reasonable user request: there should be a facility to delete chat history. Another user noted that, according to the Privacy Policy, deletion required a manual email to support. Cardinell stepped in to offer a reassuring, modern solution:

“It actually is possible now — just go to ‘Account Settings’, click ‘Delete account’… It will… fully wipe everything so that there is no history on our end of your account ever even existing.”

He then added a seemingly humble admission: “I think there are a couple things like that where we need to get our Privacy Policy up to date…”

On the surface, this sounds transparent. But a closer look reveals a calculated linguistic sleight of hand.

The founder is technically correct: there is now a button to delete your account. But this proves the Privacy Policy (Section 4) is demonstrably outdated — it still instructs users to email support@glimpse.ai, even though the feature already exists in the interface.

More importantly, the button deletes your account access, not your data.

What the founder promises — “no history on our end of your account ever even existing” — is carefully worded to sound comprehensive while being technically hollow.

The Legal Trap: “Anonymized” Means “Ours Forever”

Notice carefully what Cardinell promises to delete: “history on our end of your account ever even existing.”

This phrasing is deliberate. He is promising to delete your Account Information (Point 1a in their policy: name, contact info, credentials). But he is not promising to delete the data you actually care about: your User Content.

According to the very Privacy Policy (Point 1b) that he claims needs updating, the terms are clear:

“We may use anonymized User Content to train our AI and improve our services.”

This is the trap. Once your intimate chats, roleplays, and confessions are stripped of your email address and fed into the AI training set, they stop being “your data” and become “anonymized training data.” You cannot “delete” a concept or a phrase that an AI has learned from you. It becomes a permanent part of the product’s brain.

The “Delete Account” button removes your ability to log in. It does not scrub your intimate life from the AI model it helped train. And it certainly doesn’t delete the Usage Data they’ve been collecting — your IP address, your device fingerprint, your login patterns — all of which remains in their analytics systems and those of their third-party partners.

The “Outdated Policy” Lie

The most revealing part of the comment is the founder’s casual mention that they need to get the Privacy Policy “up to date.”

He made this comment in 2024. The Nomi.ai Privacy Policy on their website is dated April 14, 2023. It is now 2025, and the policy remains unchanged.

But there’s more to this story. The very same Reddit thread where he promises account deletion also contains evidence that users have been asking for stronger privacy protections — and that the founder has been promising to deliver them.

The Broken Promise in the Same Thread:

In the same discussion where the founder addresses account deletion, another exchange reveals a deeper pattern. The original post that sparked the conversation was titled “How do I know this isn’t just a huge data harvesting honeypot?” A concerned user raised legitimate privacy concerns, pointing out that the privacy policy was “pretty scant” and notably lacked any clause stating “WE WILL NEVER SELL YOUR DATA.”

The founder responded with strong reassurances:

“I can unequivocally state, we will not [sell user data].”

A user then offered constructive feedback:

“If you truly are trying to just fuel your company off subscriber dollars and aren’t looking to profit from user data I would put that front and center for your brand… I’d really like to see that better enshrined in the privacy policy and/or as part of a formal corporate mission statement.”

The founder’s response?

“Completely agreed with all of what you just wrote.”

This is the same thread where he says they need to “update” the policy to reflect the account deletion feature. So in a single conversation, the founder:

  1. Acknowledges the policy is outdated (doesn’t mention the deletion button)
  2. Makes strong verbal promises about not selling data
  3. Agrees that these promises should be “enshrined in the privacy policy”
  4. Does none of it

The Privacy Policy — dated April 14, 2023 — remains completely unchanged as of 2025. No clause about not selling data. No formal mission statement about privacy. Nothing.

This is not a minor administrative oversight. The policy that was already outdated in 2024 remains outdated in 2025. The founder publicly agrees that the policy should be strengthened, yet it never is. Users ask for clarity on data practices, yet the policy remains deliberately ambiguous.

They collect your IP address, your device type, your “actions,” and your “content.” They use cookies for “tracking and analytics” (Point 2 & 3). And they reserve the right to feed all of it into their machine.

The Ironclad Chains of the Terms of Service

The deception is completed by the document that overrides everything else: the Terms of Service.

While the founder reassures users on Reddit, the binding legal contract every user signs tells a radically different story. It does not promise deletion; it demands ownership.

“You irrevocably grant a royalty-free, worldwide, perpetual, and transferable license to Glimpse.ai to copy, use, modify, publish, and distribute ALL data and information you submit…”

Let’s look at those words:

  • Irrevocable: You cannot take it back. Clicking “delete account” does not revoke a license you legally agreed was irrevocable.
  • Perpetual: Forever. Not “until you delete your account.” Forever.
  • Transferable: They can sell or move your data rights to another company.

This is the reality of Nomi.ai.

Conclusion: Public Reassurance, Private Exploitation

The Legal Reality: What Must Be Deleted vs. What They Can Keep

To understand the full scope of the deception, we need to examine what Nomi.ai is legally required to delete when you click that button, versus what they can legally retain forever.

What They Must Delete (Under GDPR/CCPA):

  • Your Account Information: name, email address, payment details, login credentials
  • Personal identifiers: anything that can directly identify you as an individual
  • Your access to the platform and your ability to log in

What They Can Keep Forever:

  • “Anonymized” User Content: Once they strip your email from your chat logs and feed them into the AI training set, those conversations become “anonymized data.” Under GDPR and CCPA, anonymized data is no longer considered personal data, meaning companies can keep it indefinitely without your consent.
  • Usage Data in aggregate form: Your IP address, device fingerprint, and login patterns can be kept in “anonymized” form for analytics purposes
  • Data in backup systems: The CCPA regulations allow businesses to delay deletion of data stored in backup systems until those systems are restored or accessed
  • AI Training Data: Once your data has been used to train an AI model, it becomes part of the model’s statistical patterns and cannot be surgically removed without retraining the entire model

What They’re Recording While You’re An Active User: According to their Privacy Policy, they collect and can indefinitely retain:

  • Every message you send (Point 1b: “User Content”)
  • Your exact IP address and device fingerprint (Point 1c: “Usage Data”)
  • “Types of content that you view or engage with, the features you use, the actions you take” (Point 1c)
  • All of this data flows to unnamed “online analytics products” (Point 3)
  • Your login times, time zone, country, device type, and connection information

The critical insight: True anonymization requires that you cannot re-identify individuals through any reasonably available means. If the data is merely pseudonymized — identifiers replaced but patterns intact — it’s still personal data under GDPR.

But Nomi.ai’s Privacy Policy provides no details about their anonymization process. They don’t explain:

  • Which identifiers are removed
  • Whether the anonymization is reversible
  • How they ensure data cannot be re-identified when combined with other data sources
  • Whether chat content patterns (writing style, topics, timestamps) could be used to re-identify users

The “anonymization” claim is a legal shield that allows them to keep your intimate conversations forever while technically complying with deletion requests. When AI training is based on a company’s “legitimate interest,” they may not be required to delete data from training sets even when requested, if that interest outweighs individual rights.

Why Haven’t They Updated the Policy?

This is the question that exposes everything. Let’s consider the possible explanations:

Are they understaffed? No. This is a company that has implemented major technical features — image generation, voice synthesis, group chat functionality — all while leaving a single web page untouched for two years. Updating a Privacy Policy requires a lawyer and a web developer. It takes hours, not months. If they can build voice AI, they can update a document.

Do they simply not care? Perhaps they assume users won’t read it. But this explanation falls apart when you consider that the founder himself actively participates in Reddit discussions about privacy and deletion. He knows users care. He knows they’re reading the policy. He personally responds to questions about it.

Or is it because they actually want it to say exactly what it says?

This is the only explanation that makes sense. But the reality is even more calculated than simple preference — it’s a strategic trap that gets worse the more you examine it.

The 2023 Privacy Policy already permits everything they’re doing:

  • Broad rights to “User Content” for training (Point 1b)
  • Sweeping collection of “Usage Data” including IP addresses and device fingerprinting (Point 1c)
  • Vague language about “analytics products” that opens the door to unlimited third-party tracking (Point 3)
  • The word “anonymized” as a magic shield that transforms “your intimate conversations” into “our training data”

The surveillance is already legal. The data harvesting is already disclosed. So why not update it?

Because updating it would trigger a legal obligation they desperately want to avoid: notification.

Under modern privacy regulations like GDPR and CCPA, when a company makes material changes to its privacy policy, it must:

  1. Notify every user — typically via email
  2. Highlight what changed — particularly new data collection or usage practices
  3. Obtain new consent — in many jurisdictions, if the changes are substantial
  4. Be specific and clear — modern standards require plain language explanations

Here’s the trap: if Nomi.ai updates their 2023 policy to reflect 2025 standards, they would be legally required to send an email to every user saying “We’ve updated our Privacy Policy.” And for the first time, users who never read the original would actually look at it.

An updated policy would force them to be specific:

  • Name which third-party analytics companies they use (Google Analytics? Meta Pixel? Others?)
  • Explain in plain, unambiguous language what “anonymized User Content for AI training” actually means
  • Clarify that “delete your account” does not mean “delete your data from our AI model”
  • Reconcile the founder’s Reddit promises (“we delete everything”) with the legal reality of their Terms of Service (“perpetual, irrevocable license”)

The 2023 policy is a masterpiece of calculated ambiguity. It’s vague enough that most users don’t understand what they’re agreeing to, but broad enough to provide legal cover for nearly any data practice. It’s buried on a webpage that most users never read. And because it hasn’t changed, it doesn’t trigger the notification requirements that would force users to confront what they’ve agreed to.

This is why the founder can say “we need to update our policy” for two years without doing it. The moment they update, they must announce it. The moment they announce it, users will read it. The moment users read it, the gap between “we delete everything” and “perpetual, irrevocable license to all your data” becomes undeniable.

The policy isn’t outdated — it’s perfectly calibrated to operate in the shadows. Updating it would shine a light on practices that only work when users don’t fully understand them.

When a founder says “we need to update our policy” for two years straight while never actually doing it, that’s not negligence. That’s a calculated decision to keep users in the dark about what they’ve already agreed to.

  • Publicly: “We delete everything! We respect you!”
  • Legally: “We track your IP address, device fingerprint, and behavior patterns through third-party analytics. We collect your content, anonymize it, and use it to train our product forever. Our policy hasn’t changed since 2023, and your deletion request doesn’t remove what our AI has already learned or what our surveillance systems have recorded.”

The “Delete Account” button is a placebo. It removes your access to the data, but it does not remove their ownership of it. It doesn’t stop the third-party trackers from knowing you were there. It doesn’t erase the behavioral profile they built from your Usage Data.

Users should not be comforted by a feature that locks the door to their own house while the company keeps a master key to the furniture inside — and cameras recording every room.

Google Play Store review