Skip to content
Legal

Privacy Policy

This Privacy Policy explains how Riley Ventures LLC d/b/a Acme Studio (AfterDark.ai) collects, uses, discloses, and otherwise processes personal information in connection with our Services, and the rights and choices you have with respect to your personal information.

Effective
April 22, 2026
Last updated
April 22, 2026

1. Who We Are

The Services are provided by Riley Ventures LLC, a Florida limited liability company doing business as Acme Studio, with a principal place of business at 1615 S Congress Ave, Ste 103, Delray Beach, FL 33445. For the purposes of the EU General Data Protection Regulation and the UK General Data Protection Regulation, Riley Ventures LLCis the “controller” of personal data processed in connection with the Services.

2. Scope

This Policy applies to personal information we collect through: (a) the afterdark.ai website and any subdomains; (b) our mobile or desktop applications; (c) our APIs and developer tools; (d) customer support channels; and (e) marketing communications and events. It does not apply to the practices of third parties that we do not own or control, including third-party services you choose to link or use through the Services.

3. Information We Collect

3.1 Information You Provide

  • Account data: username, email address, hashed password, date of birth or age-attestation, and optional profile information.
  • Age and identity verification data: where required by law or our Age Verification Policy, identity-verification vendors we engage may collect government-ID images, selfie biometrics, and device signals. We retain only the result of verification and a cryptographic audit token; we do not retain copies of your ID unless compelled by law.
  • Content you submit (“User Content”): prompts, characters, settings, story drafts, images you upload, comments, feedback, bug reports, and any other content you enter or upload.
  • Payment information: handled by our payment processors (for example, Stripe). We receive a token representing your payment method, the last four digits of the card, expiration, country, and transaction status. We do not receive or store full card numbers.
  • Communications: records of messages you send us for support, complaints, safety reports, or business inquiries.

3.2 Information Collected Automatically

  • Device & connection: IP address, approximate location derived from IP, user-agent, device type, OS, browser, language, referrer, and device identifiers.
  • Usage: pages and features used, buttons clicked, generation counts, approximate session duration, time zone, error logs, and performance telemetry.
  • Cookies and similar technologies: strictly necessary cookies (session, security, age-gate), functional cookies (preferences), and limited analytics cookies. We do not use advertising cookies on the Services to build interest-based profiles.
  • Safety signals: content classifier outputs, moderation outcomes, blocked prompts, and similar data used to prevent abuse of the Services.

3.3 Information from Third Parties

  • Identity / age verification vendors that confirm your age and, where required, identity, and return a pass/fail result and associated audit data.
  • Payment processors that confirm transactions and chargeback status.
  • Fraud and abuse prevention partners that provide risk scoring and device-reputation data.
  • Single sign-on and social-login providers (if you choose to sign in with a supported provider) that share your email, name, and identifier.

3.4 Sensitive Information

Because our Services are intended for adult fantasy content, the prompts, characters, and stories you create may reveal information about your sexual orientation, practices, or preferences, which several jurisdictions classify as “sensitive personal information.” We treat private Inputs and private Outputs accordingly: they are stored separately from advertising systems, are not used to build advertising profiles, and are accessible only to you and to authorized personnel and providers bound by strict confidentiality obligations and on a need-to-know basis.

You may limit our use of sensitive personal information at any time in your account settings or by contacting privacy@afterdark.ai.

4. How We Use Information

We use personal information for the following purposes and, where the EU GDPR or UK GDPR applies, on the legal bases indicated:

Provide the Services
Create and operate your account, generate requested Outputs, deliver features, respond to your requests, and make the Services work as intended. (Contract; necessary for performance of the contract with you.)
Age & identity verification
Confirm that you are an adult and that your account complies with applicable state and federal law. (Legal obligation; legitimate interest in preventing access by minors.)
Safety, security & integrity
Detect, investigate, and prevent fraud, abuse, unauthorized access, policy violations, CSAM, NCII, and other harms; enforce our Terms and Guidelines. (Legal obligation; legitimate interest in protecting users, the public, and the Services.)
Customer support
Respond to questions, bug reports, complaints, and appeals. (Contract; legitimate interest.)
Improve the Services
Measure usage, debug, build new features, and evaluate model quality and safety on aggregated or de-identified data. (Legitimate interest.)
Marketing (opt-in)
Send you product updates, release notes, and offers when you opt in. You can unsubscribe at any time. (Consent.)
Compliance & legal
Comply with applicable law, respond to lawful government requests, protect our rights, and defend against claims. (Legal obligation; legitimate interest.)

5. AI Model Training & Outputs

We do not use your private Inputs or private Outputs to train, fine-tune, or evaluate foundational generative models without your opt-in consent. We use aggregated or de-identified safety signals (for example, the rate at which a particular prompt pattern is refused by our safety systems) to improve moderation quality; these signals cannot reasonably be linked back to you.

You may grant opt-in consent for your private content to be used in bounded, documented research or fine-tuning projects (for example, a limited human-feedback study). Consent is revocable prospectively; revocation does not undo past training that has already occurred.

6. How We Share Information

We share personal information only as described below.

  • Service providers & processors. We use third-party vendors to host, store, transmit, analyze, secure, and moderate the Services, including cloud infrastructure, model inference providers, identity/age-verification vendors, payment processors, customer-support tools, email delivery providers, and analytics. Each vendor is bound by a written agreement restricting processing to our documented instructions and requiring confidentiality and appropriate security.
  • Public sharing you initiate. If you choose to publish User Content or use a social feature, the associated content and your public profile information become accessible to others per your settings.
  • Legal & safety. We may disclose information if we believe in good faith that disclosure is necessary to: comply with law or valid legal process; enforce our Terms; detect, investigate, or respond to suspected fraud or abuse; protect the rights, property, or safety of users, us, or the public; or report apparent CSAM to NCMEC as required by 18 U.S.C. § 2258A.
  • Corporate transactions. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred, subject to standard confidentiality protections.
  • With your direction or consent for any other purpose disclosed at the time of collection.

7. Retention

We retain personal information for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Typical retention periods:

  • Account data: for the life of the account and up to 30 days after deletion, then purged from active systems (backups purged on the following rotation, typically within 90 days).
  • Private User Content: until you delete it or your account; deleted Content is removed from active systems within 30 days.
  • Age-verification audit records: as long as required by applicable state law (typically up to 7 years); copies of ID or biometric raw data are not retained by us unless a specific law compels otherwise.
  • Safety and trust & safety records: retained long enough to detect patterns of abuse and satisfy legal obligations, typically up to 7 years.
  • Payment records: retained as required by tax and anti-fraud laws, typically 7 years.
  • Support communications: up to 3 years.

8. Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS) and at rest, access controls, least-privilege provisioning, multi-factor authentication for internal systems, network segmentation, logging, and incident response. No system is perfectly secure; in the unlikely event of a qualifying breach, we will notify affected users and regulators as required by applicable law.

9. International Data Transfers

We are based in the United States and process personal information in the United States and in other countries where our service providers operate. When we transfer personal data from the EEA/Switzerland/UK to a country that has not been deemed to provide an adequate level of protection, we rely on lawful transfer mechanisms such as the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), supplemented by additional safeguards where appropriate.

10. Your Privacy Rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Right to know / access what personal information we hold about you.
  • Right to correct inaccurate personal information.
  • Right to delete your personal information, subject to certain legal exceptions.
  • Right to portability of personal information you have provided to us, in a structured, commonly used, machine readable format.
  • Right to opt outof “sale” or “sharing” of personal information. (We do neither.)
  • Right to limit the use and disclosure of sensitive personal information.
  • Right to withdraw consent where we rely on consent as the legal basis.
  • Right to non-discrimination for exercising your rights.
  • Right to lodge a complaint with your data protection authority.

To exercise any of these rights, visit our Delete Account & Data Requests page or email privacy@afterdark.ai. We will verify your identity in a manner proportionate to the sensitivity of the request and respond within the timeframes required by applicable law (generally 45 days under CCPA/CPRA, with a 45-day extension; 1 month under GDPR/UK GDPR, with a 2-month extension). You may authorize an agent to make a request on your behalf; we will require reasonable proof of authorization.

11. California: CCPA / CPRA Notice

This section provides disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”).

Categories collected in the prior 12 months: identifiers; internet/electronic activity; geolocation data (from IP); commercial information (transactions); inferences; audio, electronic, or similar information (where you upload such content); and sensitive personal information including account credentials and, as described above, content that may reveal sexual orientation or practices.

Sources: directly from you; automatic collection; service providers; identity/age-verification vendors; payment processors; SSO providers (if used).

Business purposes: provision of the Services; safety, fraud, and security; compliance; debugging and improvement; support.

Sale/sharing: we do not sell or share personal information (as defined in the CCPA).

Use of sensitive personal information: limited to purposes permitted under Cal. Civ. Code § 1798.121(a), including providing the Services you request, preventing and responding to security incidents, and ensuring the physical safety of natural persons.

Retention: see Section 7.

Exercising your rights: contact us as described in Section 10. You may designate an authorized agent; we may require written permission and verification.

Shine the Light. California Civil Code § 1798.83 permits California residents to request certain information regarding our disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

12. Other U.S. State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Tennessee (TIPA), Delaware, New Hampshire, New Jersey, Minnesota, Maryland, Nebraska, Rhode Island, Indiana, and Kentucky have rights similar to those described in Section 10. You may exercise those rights by contacting us as set out in Section 14. To appeal a decision, email privacy@afterdark.ai with the subject “Privacy Appeal.” We will respond within 45 days (60 days in Colorado).

We recognize opt-out preference signals, including the Global Privacy Control (“GPC”), as required by applicable law. Because we do not sell or share personal information, a GPC signal does not trigger an opt-out of those activities, but it will be treated as a request to limit use of sensitive personal information where applicable.

13. EEA, Switzerland & UK: GDPR Notice

If you are located in the EEA, Switzerland, or the UK, the rights described in Section 10 apply, and the legal bases for processing are described in Section 4. We only transfer personal data internationally with appropriate safeguards as described in Section 9.

You have the right to lodge a complaint with your local data protection authority. A list of EEA supervisory authorities is available at edpb.europa.eu. In the UK, you may contact the Information Commissioner’s Office at ico.org.uk.

14. Children’s Privacy

The Services are not directed to, and we do not knowingly collect personal information from, anyone under 18 years of age. If we learn that we have collected personal information from a minor, we will delete it promptly. If you are a parent or guardian and believe that a minor has provided us with personal information, contact safety@afterdark.ai.

15. Cookies & Similar Technologies

We use strictly necessary cookies (for example, to remember your age-gate confirmation and your login session) and a small number of functional cookies. We also use privacy-preserving analytics that aggregate usage data without identifying individual users. You can control cookies through your browser settings. Disabling cookies may impair the Services.

16. Do-Not-Track

We currently do not respond to “Do Not Track” browser signals, because no consistent industry standard exists. We do respect recognized opt-out preference signals such as the GPC where applicable law requires.

17. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Policy with a new “Last updated” date and, where legally required or reasonably practicable, notify you by email or in-product notice before the changes take effect.

18. Contact Us

If you have questions about this Policy or our privacy practices, or if you would like to exercise any right, contact our privacy team at privacy@afterdark.ai or by mail at Riley Ventures LLC d/b/a Acme Studio, Attn: Privacy, 1615 S Congress Ave, Ste 103, Delray Beach, FL 33445.