How LORDLY collects, uses, discloses and handles your Personal Data for the Services. Date of Revision: May 10, 2026.
LORDLY ("LORDLY", "we", "us" or "our") is the Controller for the processing implemented through this website accessible at https://baabe.ai/ and/or any affiliated website to which visitors or users may be redirected (the "Services"). LORDLY has its address at 8 Rue De Monceau, CS 48756, 75380, PARIS CEDEX 08, France. The Services are an online chat application that uses artificial intelligence algorithms to generate virtual and fictional characters (the "AI Companions"), with whom you as a user of the Services ("you") can chat and exchange messages. The Services also include, but are not necessarily limited to, other media such as images, videos and voice notes. Parts of the Services may require you to create a user account and/or become a paid subscriber. This Privacy Notice explains how we collect, use, disclose and handle your Personal Data for the Services and, as applicable, your rights under the European Union's General Data Protection Regulation 2016/679, and Directive 2002/58/EC concerning the Processing of Personal Data and the protection of privacy in the electronic communications sector ("ePrivacy Directive") (together "EU GDPR"), the UK Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 ("PECR") (together "UK GDPR"), or the Federal Act on Data Protection 235.1 ("FADP"), as well as non-European data protection laws (including but not limited to the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA") and the Virginia Consumer Data Protection Act), collectively referred to as "Applicable Data Protection Law". By using the Services, you agree that you have read and understood our Privacy Notice, as well as our Cookies Notice, which is incorporated here by reference.
Terms not otherwise defined in this Privacy Notice or in the GDPR shall have the following meaning: "Content": the information that you provide in order to register as a User and/or in the course of using our Services. Such information includes your Personal Data, inputs in the course of conversations with AI Companions, and outputs in response to same. "Consent": any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or a clear affirmative action, signifies agreement to the Processing of Personal Data relating to you. "Controller": the natural or legal person, alone or jointly with others, who determines the purposes and means of the Processing of Personal Data and for the purposes of the Services (LORDLY). As used herein, the definition of "Controller" includes "Business" as defined under CCPA. "Data Subject": an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly. As used herein, the definition of "Data Subject" includes "Consumer" as defined under CCPA. "Performance of our Services": the actions necessary for us to provide our Services. "Personal Data": any information relating to Data Subjects, such as name, address, marital status, date of birth, gender, spoken languages, photos, account number, your location data. "Processing": any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. "Subscription": an arrangement between LORDLY and you to enable you to benefit from and/or use the Services. "User", "you" and "your": collectively a person that has visited or is using the Services. "Visitor": anyone who is browsing the Services without a registered account and/or valid Subscription.
As we are committed to respecting your privacy, Services will always be provided in accordance with the most relevant legal basis. If you do not or cannot provide us with the required data, we may not be able to provide the Services to you.
| Purpose of the Processing | Categories of Personal Data | Legal Basis |
|---|---|---|
| Account creation Managing your registration to our Services. | • Email address (mandatory registration field) • Encrypted password (mandatory registration field) • Nickname / screenname • User gender • First and last name (including via third-party login, e.g. Google SSO) • Creation date/time and signup provider (e.g. Google, Discord, Email) • Results of any third-party age estimation or identity verification process, user-ID and associated metadata | Consent; necessity for the performance of a contract; compliance with our legal obligations. |
| Account management | • Currency (based on detected country) • Country and/or city (detected from IP address / zipcode) • Token balance • Last account update date and time • Current and last sign-in date, time and IP • Sign-in count | Our legitimate interest in addressing your queries. |
| Provision of the Services Customisation of AI Companions; image generation; interactive chat; voice call. | • User preferences regarding AI Companions (ethnicity, age, eye colour, hair type, body type, personality, voice, occupation, type of relation — none of which relate to a living natural person). Note: where such preferences may constitute sensitive personal data under applicable law, we will ask for your consent. • User prompts voluntarily entered to generate Content, to the extent they contain Personal Data • Output generated in response to your input, to the extent it contains Personal Data • Where voluntarily provided: your Discord username | Consent; necessity for the performance of a contract. |
| Support of the Services Service emails, technical support, customer responses. | • Supporting data entered via the "Contact us" window (email address and free-text fields) • Device information (mobile/desktop), browser type • Content as needed when technical issues are investigated • Cookies (as detected by us) | Our legitimate interest in addressing your queries and technical issues. |
| De-identification and/or anonymisation of data Improve and develop our services; conduct internal research; perform quality assurance and data analysis. | Information associated with you, including exchanges with AI Companions (prompts, requests, outputs), may be aggregated, anonymised, and/or de-identified. Aggregated and/or de-identified information may be shared with third parties. | Our legitimate interest in providing the best Service possible and improving our Services. The legitimate interests of Data Subjects to practise data minimisation and privacy by design. |
| Improvement and Development of Services and Technology; Research • Train and develop our AI models and moderation technologies • Prepare datasets for further training (may include human review of de-identified interactions) • Conduct internal research, e.g. to develop new product features | • Aggregated, anonymised, and/or de-identified interaction data (including exchanges with AI Companions) • For internal research: users' interactions with the platform • For user surveys: account, usage, and/or other data specifically consented to in connection with voluntary survey participation | Our legitimate interest in providing the best Service possible and improving our Services. The legitimate interests of Data Subjects to practise data minimisation and privacy by design. |
| Quality Assurance (QA) and Statistical Analysis • Querying data to ensure content generation tools are working as intended • Analysing de-identified/aggregated data to monitor usage trends | Content data are randomly queried in order to perform quality assurance. | Our legitimate interest in providing the best Service possible, and detecting errors and/or misuse of the platform. |
| Debugging and Technical Analysis Monitoring the platform to detect anomalies or security vulnerabilities. | Log files including users' interactions with the platform, user-IDs, and timestamps. Log files are automatically deleted after 30 days. | Our legitimate interest in improving our Service, debugging, detecting and responding to errors, misuse, and security threats. |
| Payment processing Processing by payment service providers for subscriptions, tokens, and refunds. Emerchant Pay (EMP) and TrustPay (TP) Volt Coingate UpGate | Emerchant Pay / TrustPay: first/last name, email, card brand, last 4 digits, transaction date/time, type, amount, currency, BIN country, IP, recurring billing type, response code, refund type. Volt: email, bank name, account details (sort code, number, type), balance/currency, order reference, transaction date/beneficiary, amount/currency, IP, browser type/version, OS, refund type. Coingate: shopper email, crypto wallet address, IP, country, order reference, transaction date/time, amount/currency, refund type. UpGate: IP, browser/language, user agent, email, payment token (card/type), BIN card/scheme, data ID, card expiry, customer name, last 4 digits, BIN country/bank, payment method (card, Apple Pay, GPay). | Payment service processing: Necessity for the performance of a contract. Payment orchestration: legitimate interest in optimising payment processing. |
| Direct Marketing Marketing emails to opted-in users; affiliate marketing programme questionnaire. | • Email address (mandatory registration field) • First and last name • Account number • Website or traffic source URL • Whether email was opened or not • Data from affiliate marketing programme questionnaire free fields | Our legitimate interest in improving our Services (direct marketing for similar products and Services) or consent (third-party marketing). |
| Analytics (other than cookies) Customer surveys, marketing campaigns, market analysis. | • Account number • Email address • Answer provided by the User | Consent. |
| Safety and moderation • Moderation of the Services (problematic behaviour, abuse reports) • Human review of flagged content • Enforcing our Policies • Reporting to law enforcement where appropriate | • Requests and prompts to the AI models • Content reviewed by human moderators; action taken in response • Metadata (time/date sent, originating IP address) • Account data and history • In appropriate cases: information required by local authorities or to facilitate investigation of unlawful activity, including CSAM | Necessity for compliance with legal obligations; necessity for the performance of a contract; legitimate interest in preventing misuse of our Services. |
| Legal & Accounting Record keeping; invoice recovery; compliance with court orders; management of Data Subject requests. | Supporting data (contact data, payment data, credentials). | Necessity for compliance with legal obligations. |
| Complying with lawful requests from authorities, court orders, and exercising/defending our legal rights. | Supporting data (contact data, payment data, credentials) and/or any information within the scope of lawful legal requests or processes. Any data relating to an apparent potential legal dispute. | Compliance with our legal obligations; our legitimate interest in defending our rights. |
We may send you marketing about our Services, other information in the form of alerts, newsletters and invitations to events or functions which we believe might be of interest to you, or in order to update you with information which we believe may be relevant to you (such as commercial news). We may communicate this to you according to the contact channels you provided and your stated preferences, including by email or other digital channels. If you do not wish to receive marketing information from us, you can unsubscribe by: a. clicking on the 'Unsubscribe' or subscription preferences link in a direct marketing email that you have received from us; or b. contacting us using the contact details specified in Section 11 below. Please note that opting-out of marketing communications will not affect the sending of communications related to the Services themselves.
We will get your express opt-in Consent before we share your Personal Data with any company outside LORDLY for marketing purposes. You can ask us or third parties to stop sending you direct marketing messages at any time by logging into the Services or third parties' websites and adjusting your marketing preferences, or by following the opt-out links on any marketing message sent to you by such third parties.
We generally only disclose your Personal Data to third parties: • for the provision of Services to you; • if we or the third party have a legitimate interest for the disclosure; • if we have your consent; or • where required to fulfil a legal obligation. We may share your information with the following categories of recipients (sharing your information may entail transferring your data outside the European Union, including but not limited to the United States): a. Service providers to deliver the Services: payment service providers; hosting service providers; email marketing tools providers; affiliate partner tools; moderation tool providers; and other tools or technologies that support our AI Services, including at our discretion third-party LLM providers and/or hosters. Please note that these third parties may receive the content of your messages exchanged with our chatbot. b. Professional advisers where necessary to obtain advice or assistance, including lawyers, accountants, IT or public relations advisers. c. Legal and regulatory authorities, as required by applicable laws and regulations. d. Our staff, as needed for them to carry out their work. e. In the event of a restructuring, sale, or change of control, your data may be transferred to any successor, acquirer, or purchaser as part of that transaction. f. Analytics: We may share aggregated, de-identified information publicly and with our affiliates, subsidiaries, and partners. We will not disclose, sell, trade, or otherwise transfer your Personal Data to any third parties without your Consent (where required) or unless otherwise stated in this Privacy Notice. If LORDLY merges with, or is acquired by, another company or organisation, or sells all or a portion of its assets, your Personal Data may be disclosed to our advisers, any prospective purchaser or any prospective purchaser's adviser, and may be among the assets transferred. However, Personal Data will always remain subject to this Privacy Notice.
We retain your Personal Data for as long as your account is in existence or necessary to fulfil the purposes for which we collect it or as needed to provide you with the Services, except if required otherwise by law. However, when you terminate your account, we will still retain your Personal Data for a period of time. We generally retain: a. Personal Data relating to your Account: for three years after your last Account activity, to address potential customer inquiries and/or permit further use of the platform, or until you request deletion of your Personal Data, in which case we delete Personal Data relating to your Account without undue delay. b. Financial and transactional data: ten years from their date of issuance (in accordance with our obligations under applicable tax and accounting laws). c. Marketing data: until you withdraw your Consent, or for a maximum period of two years after your last platform interaction. d. Personal data subject to a mandated retention period or relevant to legal disputes: in accordance with any legally mandated retention periods, or in connection with apparent potential or ongoing legal disputes, for as long as necessary to defend or exercise our legal rights. Retention periods may be changed from time to time based on business or regulatory requirements. In such cases, we will update this Privacy Notice accordingly.
LORDLY does not provide Services or collect Personal Data from anyone under 18 years of age or equivalent minimum age depending on jurisdiction. Our Services are intended for use only by adults who are at least 18 years of age, or the age of majority in the jurisdiction in which they reside and/or access the Services. If we learn that our Services have been improperly and in violation of our Policies accessed by an underaged individual, we will take steps to delete the information as soon as possible and block such User. Please also refer to our Underage Policy.
The Services may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the Privacy Notice of every website that can be accessed through the Services.
9.1 Right to Access — You have the right to request a copy of your Personal Data that we hold, including information about: the purposes of the Processing; the categories of Personal Data; the recipients or categories of recipients; the envisaged retention period; the right to request rectification, erasure, or restriction; the right to lodge a complaint with a supervisory authority; where Personal Data are not collected from you, any available information as to their source; and the existence of automated decision-making. 9.2 Right to Rectification — You have the right to obtain from us without undue delay the rectification of inaccurate Personal Data concerning you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the Personal Data you provide to us. 9.3 Right to Erasure — You can request that we erase your Personal Data where: it is no longer needed for the purposes for which it was collected; you have withdrawn your Consent and there is no other legal ground for Processing; following a successful right to object; it has been processed unlawfully; or to comply with a legal obligation. We are not required to comply where Processing is necessary for compliance with a legal obligation, for the establishment, exercise or defence of legal claims, or for performance of a contract. 9.4 Right to Restriction of Processing — You may request that we suspend the Processing of your Personal Data where: you want us to establish the data's accuracy; our Processing is unlawful and you request restriction instead of erasure; we no longer need it but you need us to hold it to establish, exercise or defend legal claims; or you have objected to our Processing and we need to verify whether we have overriding legitimate grounds. 9.5 Right to Portability — You can ask us to provide you with the Personal Data you provided in a structured, commonly used, machine-readable format, or ask to have it transferred directly to another Controller, where the Processing is based on Consent or performance of a contract and is carried out by automated means. 9.6 Right to Withdraw Consent — You have the right to withdraw your Consent at any time and free of charge. The withdrawal of Consent shall not affect the lawfulness of Processing based on Consent before its withdrawal. If you withdraw your Consent, we may not be able to provide our Services to their full extent. 9.7 Right to Object — You can object to any Processing of your Personal Data based on our legitimate interests if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms, or for the establishment, exercise, or defence of legal claims. 9.8 Right to Object to Direct Marketing — You can request that we change the manner in which we contact you for marketing purposes at any time and free of charge, either by clicking the 'Unsubscribe' link in a direct marketing email or by contacting us using the details in Section 11 below.
You can ask to obtain a copy of, or reference to, the safeguards under which your Personal Data is transferred outside of the European Union, the United Kingdom or Switzerland, as applicable, redacted of any terms unrelated to data protection.
You have a right to lodge a complaint with your local supervisory authority (a list of European Union national data protection authorities can be found at edpb.europa.eu, and the United Kingdom's Information Commissioner's Office contact details may be found at ico.org.uk). If you have concerns about how we are Processing your Personal Data, we ask that you please attempt to resolve any issues with us first. If you have any questions, concerns, or complaints regarding this Privacy Notice, or if you wish to exercise your rights related to your Personal Data, you can reach us at: Privacy Team Email: [email protected] Mailing Address: LORDLY, 8 Rue De Monceau, CS 48756, 75380 Paris Cedex 08, France Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. We have appointed a Data Protection Officer under Art. 37 GDPR, who may be reached at [email protected].
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We may revise this Privacy Notice from time to time to take account of changes in our practices or of new applicable data protection law. If we modify our Privacy Notice, we will post the revised version on the Services with an updated revision date. Where such changes are substantial, we will also notify you by other means prior to the changes taking effect, such as by sending you an email notification or through the Service. By continuing to use our Services thirty days after such revisions are in effect, you will be deemed to accept and agree to the revisions and to abide by them.
Last updated: May 2026 · LORDLY · 8 Rue De Monceau, 75380 Paris, France