Is Your AI Chat Private? How Chato Protects Your Conversations

Most AI companion apps quietly store everything you say in the cloud. Chato is built differently. Here's exactly what happens to your messages — the full, unromanticized version.

AI companion apps have an awkward privacy problem. Users tell them things they'd never tell a human — intimate thoughts, confessions, creative scenarios, private roleplay. And in most apps, every one of those messages is saved on company servers indefinitely.

That's fine if you trust the company forever. It's less fine if the company gets breached, sold, or changes its policy later. Chato is designed around the assumption that your conversations should belong to you, not us.

What stays on your device

Everything important. Specifically:

• Every chat message you send and every AI reply you receive
• All AI friend profiles you create — their names, personalities, backstories, avatars
• Story Mode content and chapters
• App preferences and settings
• Your PIN / passcode (encrypted via iOS Secure Storage / Keychain)
• Subscription status

All of this is stored using iOS's encrypted local storage. It never gets uploaded to a cloud. If you lose your phone, that data is gone — which is a real trade-off we'll be honest about in a moment.

What gets sent to servers (and why)

We can't generate AI responses on your device — current language models are too large to run locally. So when you send a message, that message has to travel to an AI provider to be processed. Here's the exact flow:

• Your message is sent over HTTPS to our secure proxy (Firebase Cloud Functions)
• The proxy forwards it to xAI (Grok) to generate the AI response
• The response comes back to you
• None of this is stored on our servers

The proxy exists so we can authenticate requests, check rate limits, and keep our API keys secure — not to log your messages. xAI has its own privacy policy governing what they do with API requests; we recommend reading x.ai/privacy if that matters to you.

PIN lock and Face ID

Even if your chats are on your device, that's not fully private if someone else can pick up your phone and open Chato. We added a PIN lock and Face ID unlock:

• Set a private passcode that's separate from your phone unlock
• Use Face ID for one-tap access
• The app can be set to re-lock instantly when backgrounded
• Passcode is encrypted in iOS Keychain — we can't recover it if you forget it

Privacy overlay

When you switch apps, iOS takes a screenshot for the app switcher. This is a minor privacy leak — someone browsing your recent apps could see the last thing you were chatting about. Chato automatically replaces the app-switcher preview with a blank overlay when backgrounded, so nothing is visible there.

What we don't do

Things other AI apps sometimes do that we don't:

• We don't require account creation or email
• We don't track your chat content
• We don't build behavioral profiles
• We don't sell data to advertisers
• We don't train AI models on your conversations

Trade-offs of on-device storage

On-device privacy is genuinely private — but it comes with real trade-offs:

• No cloud sync. Your chats don't follow you between devices. If you buy a new iPhone, your chat history doesn't auto-transfer.
• No backup by default. If your phone is lost, stolen, or factory-reset, the chats are gone. iCloud backup can help if enabled (Apple-encrypted), but we don't push to any other backup service.
• No recovery if you forget your PIN. The whole point of local encryption is that we can't bypass it.

Users who prioritize convenience over privacy are sometimes better served by cloud-based apps. We're upfront about this trade-off.

Website vs app

This privacy model applies to the Chato iOS app. The marketing website at chato.formbases.com uses standard web analytics (Google Analytics) to count visitors — that's separate from the app and doesn't affect how your in-app conversations are handled.

Summary

If "private AI chat" matters to you, the things to actually check for in any AI companion app are:

• Where are chats stored — device or cloud?
• What data leaves the device, where does it go, and is it retained?
• Is there a lock screen on the app itself?
• Does the company require account creation?

Chato's answers: device only, only-in-transit to AI provider (not retained), yes with PIN/Face ID, no account required. That combination is unusual in this category.