Privacy Policy
Last updated: May 26, 2026
Introduction
Welcome to Ditto (“we”, “our”, or “us”). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI assistant service and website.
Ditto is actively developing enhanced privacy and security features. While we strive to protect your data, some advanced protections such as end-to-end encryption are planned for future releases and are not currently available.
Important Privacy Notice
Please note that Ditto currently does not support end-to-end encryption or private memory storage. Your data is stored securely on our servers but is accessible to authorized personnel and processed by third-party AI providers. We are actively working to enhance privacy protections in future updates.
Information We Collect
Personal Information
We may collect the following personal information:
- Account information (email address, username)
- Profile information you choose to provide
- Communication preferences
- Payment information (processed securely through third-party providers)
- In-app privacy acknowledgements and consent choices
Sensitive Personal Content
Your conversations, prompts, journal entries, mood logs, imported notes, files, photos, audio attachments, voice recordings, transcripts, live voice audio, saved memory, and connected-app results may contain sensitive personal information, including health-related details, relationship information, and other private data. We treat this information with the highest level of care and protection available.
Usage Information
We automatically collect certain information when you use our service:
- Conversation data and messages
- Device information and browser type
- IP address and location data
- Usage patterns and interaction data
- Technical logs, session metadata, and performance metrics
- Usage analytics that may be associated with your account
- Model choices, AI feature settings, and data-retention notice acknowledgements
How We Collect Information
We collect information in the following ways:
- Directly from you when you create an account, type messages or prompts, upload files or photos, record or attach audio, use live voice, save memories, update settings, or contact us
- Automatically when you use Ditto, including device information, logs, session metadata, usage analytics, and security events
- From connected apps, files, or services only when you choose to connect, import, or use those sources with Ditto
- From service providers that support Ditto, such as payment processors, hosting providers, analytics providers, customer support tools, and AI providers needed to deliver the features you request
How We Use Your Information
We use your information to:
- Provide and improve our AI assistant service
- Personalize your experience and maintain conversation context
- Process payments and manage subscriptions
- Communicate with you about service updates
- Ensure security and prevent fraud
- Comply with legal obligations
- Conduct research and development to improve our AI capabilities
- Send selected content to AI providers when needed to generate responses, transcribe audio, generate or play speech, process attachments, use live voice, apply memory context, or use connected-app results in a request
Third-Party AI Processing
To provide AI-powered features, Ditto sends selected data to third-party AI service providers when you ask Ditto to respond, transcribe, speak, use live voice, process an attachment, or use connected context. The data sent may include:
- Messages and prompts
- Photos, files, and audio you attach
- Voice transcripts and live voice audio
- Memory context and connected-app results used in a request
- Model choices, tool settings, and technical metadata needed to route and complete the request
The third-party AI providers that receive this data depend on the feature or model you choose. Providers may include OpenAI, Anthropic, Google/Gemini, xAI, Mistral, Cerebras, OpenRouter, and providers routed through OpenRouter. OpenRouter-routed requests may be processed by OpenRouter and the upstream model provider used for the selected model.
We use third-party AI processing to generate assistant responses, transcribe audio, generate or play speech, understand attached files and images, route requests to the selected model, and maintain the context needed for the feature you request. On iOS, Ditto asks for your permission before sending personal data to third-party AI services for the first time.
We require third-party AI providers that process personal information for Ditto to protect that information under contracts, product terms, data-processing terms, or other safeguards designed to provide the same or equal level of protection described in this Privacy Policy. The selected model’s separate data-retention notice may also apply.
Data Security
We take data security seriously and implement industry-standard measures to protect your information. However, advanced features such as end-to-end encryption are currently under development and not yet available. We continuously evaluate and improve our security practices.
Our current security practices include:
- Encryption of data at rest using cloud provider defaults
- Secure data transmission (HTTPS/TLS)
- Access controls and authentication measures
- Secure data storage and processing infrastructure
- Regular security assessments and monitoring
Current limitations: Conversations are not end-to-end encrypted, and authorized personnel may access your data for service operations and support. Access controls are being continuously enhanced.
Data Sharing
We do not sell your personal information or share it for advertising purposes. We may share your data only in the following circumstances:
- With your explicit consent
- With third-party AI providers, including OpenAI, Anthropic, Google/Gemini, xAI, Mistral, Cerebras, OpenRouter, and providers routed through OpenRouter, to enable the AI feature or model you request
- With service providers who assist in our operations (under strict confidentiality agreements)
- To comply with legal requirements or protect our rights
- In connection with a business transfer or merger
When we share personal information with third-party AI providers or other service providers, we share only the information needed for the requested service and require protections designed to provide the same or equal level of protection described in this Privacy Policy.
Your Rights
You have the right to:
- Access your personal information
- Correct or update your data
- Delete your account and associated data
- Export your data
- Opt-out of certain data processing activities
- File a complaint with relevant authorities
To exercise these rights, please contact us at privacy@heyditto.ai. We will respond to your request within 30 days. Some data may be retained for a limited period to comply with legal requirements or maintain service integrity.
Data Retention
We retain your information only as long as necessary to provide our services and comply with legal obligations. You may request deletion of your data at any time; however, some data may be retained for a limited period to comply with legal requirements or to maintain service integrity.
Conversation data may be retained to maintain context and improve our AI capabilities, but you can request deletion at any time through your account settings or by contacting support.
International Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data during international transfers, including standard contractual clauses and other legal mechanisms as required.
Data Breach Notification
In the event of a data breach that may affect your personal information, we will notify affected users and relevant authorities as required by applicable law, typically within 72 hours of discovery.
Children’s Privacy
Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
Updates to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email and by posting the new policy on our website with an updated “Last updated” date. Your continued use of our service after such changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us at:
Email: privacy@heyditto.ai
Website: heyditto.ai