Privacy Policy
Last updated: May 21, 2026
Remnant Technologies, Inc. d/b/a Remnant AI · Delaware, USA · remnantai.online
This Privacy Policy describes how Remnant Technologies, Inc., a Delaware corporation doing business as Remnant AI (“we,” “us,” “our”) collects, uses, stores, discloses, and protects personal information when you use Remnant AI at remnantai.online (the “service”). It also describes your rights with respect to your personal information and how to exercise them.
Remnant AI handles some of the most sensitive categories of personal data that exist — including biometric identifiers, audio recordings of deceased persons, and the context of your grief. We take that responsibility seriously. This policy is written in plain language because we believe you have a right to understand exactly how your data is used.
By using Remnant AI, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree, please do not use the service. This Privacy Policy is incorporated into and forms part of our Terms & Consent Policy.
1. Who we are and how to contact us
Remnant Technologies, Inc. is a Delaware corporation doing business as Remnant AI and is the data controller responsible for your personal information collected through Remnant AI.
Privacy inquiries and data rights requests: privacy@remnantai.online
General support: support@remnantai.online
Remnant Technologies, Inc. is incorporated in the State of Delaware, USA. For postal correspondence, please email privacy@remnantai.online and we will provide our current mailing address upon request.
We aim to respond to all privacy inquiries within 10 business days.
2. Information we collect
We collect information in three ways: information you provide directly, information generated automatically when you use the service, and information from third-party providers we use to operate the service.
Information you provide directly
| Category | Specific data | Why we collect it |
|---|---|---|
| Account data | Email address, password (hashed) | To create and secure your account |
| Identity data | Name (optional) | To personalize your experience |
| Voice recordings | Audio and video files you upload of deceased persons | To generate the Remnant’s voice model |
| Biometric data | Voiceprints derived from uploaded recordings | To generate and operate AI voice synthesis |
| Remnant profile | Name, relationship, personality description, trait selections, memories you write | To generate contextually appropriate responses |
| Conversation content | Messages and voice interactions you have with a Remnant | To deliver the service and persist conversation history (paid plans) |
| Payment data | Billing information (processed by our payment processor) | To process subscription payments (paid plans only) |
| Support communications | Emails or messages you send to our support team | To resolve your inquiry |
Information collected automatically
| Category | Specific data | Why we collect it |
|---|---|---|
| Usage data | Pages visited, features used, session duration, click patterns | To improve the service and understand how it is used |
| Device data | Browser type, operating system, device type, screen resolution | For compatibility and security purposes |
| Log data | IP address, access timestamps, error logs | For security monitoring and debugging |
| Cookies and similar | Session cookies, preference cookies, analytics identifiers | To operate the service and measure performance |
Information from third-party providers
When you use Remnant AI, your content is processed by third-party service providers as described in Section 6. These providers may generate logs or metadata associated with that processing. We receive and may store such metadata to the extent necessary to operate the service, troubleshoot issues, and comply with legal obligations.
3. Biometric data — special notice
What constitutes biometric data
When you upload audio or video recordings, our service provider ElevenLabs, Inc. processes those recordings to generate a voice model — a mathematical representation of the vocal characteristics in those recordings. This voice model is a biometric identifier (“voiceprint”) under applicable law.
The original recordings you upload, the derived voiceprint, and any associated metadata are collectively treated as biometric data under this Privacy Policy.
Legal basis for collection
We collect biometric data solely on the basis of your express, informed written consent, provided when you create a Remnant and upload recordings. You may withdraw consent at any time by deleting the relevant Remnant or closing your account. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.
How we use biometric data
We use biometric data exclusively to:
- Generate the AI voice model for the Remnant you create.
- Operate voice synthesis during conversations with your Remnant.
- Maintain the voice model for the duration of your subscription or free tier use.
We do not use biometric data for any other purpose. We do not use it to train general-purpose AI models. We do not sell, lease, trade, or profit from biometric data.
Retention and destruction
We retain biometric data for no longer than the earliest of: (a) three years from your last interaction with the service; (b) account closure and data purge; or (c) deletion of the relevant Remnant. Upon the applicable date, we permanently destroy biometric data in our systems and instruct our subprocessors to do the same. Our full retention schedule is set out in Section 8.
Written policy availability
This section, together with Section 4 of our Terms & Consent Policy, constitutes our publicly available written biometric data policy as required by 740 ILCS 14/15(a) (Illinois BIPA). It is available at all times at remnantai.online/en/privacy.
4. How we use your information
We use personal information only for the purposes described below. We do not use your information for purposes that are incompatible with the reason it was collected without first obtaining your consent.
| Purpose | Data used | Legal basis |
|---|---|---|
| Operate and deliver the service | Account data, recordings, biometric data, Remnant profile, conversation content | Contract performance; consent (biometric) |
| Generate and maintain your Remnant | Voice recordings, biometric data, personality description | Contract performance; consent (biometric) |
| Personalize your experience | Remnant profile, conversation history, usage data | Contract performance; legitimate interest |
| Process payments | Payment data | Contract performance |
| Communicate with you about the service | Email address, account data | Contract performance; legitimate interest |
| Respond to support requests | Support communications, account data | Contract performance; legitimate interest |
| Improve and develop the service | Usage data, device data, log data (aggregated/anonymized) | Legitimate interest |
| Security and fraud prevention | Log data, IP address, device data | Legitimate interest; legal obligation |
| Comply with legal obligations | Any data required by applicable law | Legal obligation |
| Enforce our Terms & Consent Policy | Any relevant data | Legitimate interest; legal obligation |
5. Sensitive personal information
The following categories of information we collect are classified as “sensitive personal information” under the California Privacy Rights Act (CPRA) and receive heightened protections:
- Biometric identifiers (voiceprints derived from uploaded recordings)
- Account log-in credentials (email and password)
- Audio and video recordings
We use sensitive personal information only to the extent necessary to provide the service you have requested. We do not use sensitive personal information to infer characteristics about you beyond what is necessary to operate Remnant AI. California residents have the right to limit our use of sensitive personal information — see Section 11 for how to exercise this right.
We also note that the grief context of Remnant AI means that some information you voluntarily share — such as the nature of your loss, your relationship with the deceased, or the emotional content of your conversations — may be considered health-adjacent or mental health-adjacent data under certain state laws (including Washington’s My Health My Data Act). We treat all such information with the same level of care as sensitive personal information, regardless of technical classification.
6. How we share your information
Service providers (subprocessors)
We share personal information — including biometric data and uploaded recordings — with third-party service providers that process data on our behalf. Each provider is contractually bound to protect your data and use it only for the specified purpose.
- ElevenLabs, Inc. — generates voice clones from uploaded recordings and synthesizes spoken responses. Receives audio recordings and produces the derived voice model.
- Anthropic, PBC — generates the text responses that Remnants and Aria send to you. Receives the text content of your messages to produce replies.
- Amazon Web Services, Inc. — hosts the audio files, application servers, and outbound email service (SES) that runs Remnant AI.
- Supabase, Inc. — manages our user accounts and stores conversation metadata.
- Cloudflare, Inc. — provides bot-protection (Turnstile) on sign-up and login.
- Apple Inc. / Google LLC — on-device speech recognition on iOS and Android. Microphone audio is processed by your operating system’s speech engine; we receive only the transcribed text.
Legal disclosures
We may disclose your personal information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms & Consent Policy; (c) protect the rights, property, or safety of Remnant Technologies, our users, or the public; or (d) detect, prevent, or address fraud, security, or technical issues.
Business transfers
If Remnant Technologies is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or substantially all of its assets, your personal information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
With your consent
We may share your personal information for any other purpose with your explicit consent.
7. Cookies and tracking technologies
We use cookies and similar tracking technologies to operate and improve the service. You can control cookie use through your browser settings, though disabling certain cookies may affect service functionality.
| Type | Purpose | Can be disabled? |
|---|---|---|
| Strictly necessary | Session management, authentication, security | No — required to use the service |
| Functional | Remembering your preferences and settings | Yes — may affect experience |
| Analytics | Understanding how the service is used (aggregated) | Yes — via browser settings or opt-out |
| Performance | Monitoring service reliability and errors | Yes — minor impact on debugging |
We do not use advertising cookies or permit third-party advertising networks to place cookies on our service. If we add analytics providers in the future, we will update this section and our cookie banner accordingly.
8. Data retention
We retain different categories of data for different periods, based on the purpose for collection and applicable legal requirements.
| Data category | Retention period | Basis |
|---|---|---|
| Biometric data (voiceprints) | 3 years from last interaction, or account closure/Remnant deletion if earlier | BIPA 740 ILCS 14/15(a) maximum; operational necessity |
| Uploaded recordings (audio/video) | Duration of account, plus 90-day backup purge after closure | Operational necessity; user control |
| Conversation content | Free tier: resets monthly (30-day grace). Paid: retained for subscription duration plus 90-day backup purge | Service design; user control |
| Remnant profile data | Duration of account, plus 90-day backup purge after closure | Operational necessity |
| Account data | Duration of account, plus 90-day backup purge after closure | Contract; legal obligation |
| Payment records | 7 years from transaction | Legal obligation (tax, accounting) |
| Support communications | 3 years from resolution | Legitimate interest (legal defense) |
| Log data and IP addresses | 90 days | Security monitoring; legal obligation |
| Aggregated/anonymized analytics | Indefinitely (no personal data retained) | Legitimate interest |
When you close your account, we initiate deletion of all personal data associated with your account. Backups are purged within 90 days. Some data may be retained longer where required by applicable law (e.g., payment records for tax purposes) or where necessary to resolve an outstanding legal dispute.
9. Data security
We implement reasonable technical and organizational measures designed to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
- Encryption of data in transit using TLS 1.2 or higher.
- Encryption of data at rest, including uploaded recordings and generated voice models.
- Access controls limiting employee and contractor access to personal data to those with a legitimate need.
- Regular security assessments and monitoring.
- Contractual security requirements imposed on our subprocessors.
No security system is impenetrable, and we cannot guarantee that unauthorized third parties will never be able to defeat our security measures. If you believe your account has been compromised, contact support@remnantai.online immediately.
In the event of a personal data breach, we will notify affected users and relevant regulatory authorities as required by applicable law. See Section 17 of our Terms & Consent Policy for our breach notification commitment.
10. Children’s privacy
Remnant AI is not directed at children under the age of 13 and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will promptly delete that information and suspend the associated account.
Users between 13 and 17 may only use Remnant AI with the active supervision and consent of a parent or legal guardian. If you are a parent or guardian and believe your child has provided personal information to Remnant AI without your consent, please contact privacy@remnantai.online. We comply with the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq.
11. Your privacy rights
Depending on where you live, you may have specific rights regarding your personal information. We honor these rights regardless of whether they are technically required in your jurisdiction.
Rights available to all users
- Access — You can request a copy of the personal information we hold about you.
- Correction — You can request that we correct inaccurate personal information.
- Deletion — You can request deletion of your personal information, subject to limited exceptions (e.g., legal obligations). Account closure triggers full deletion.
- Data portability — You can request your personal data in a structured, machine-readable format.
- Withdraw consent — Where processing is based on consent (including biometric data), you may withdraw consent at any time without affecting the lawfulness of prior processing.
California residents (CCPA/CPRA)
In addition to the rights above, California residents have the right to:
- Know the specific pieces of personal information we have collected about them.
- Opt out of the sale or sharing of personal information (we do not sell or share personal information for advertising purposes).
- Limit use of sensitive personal information, including biometric data, to uses necessary to provide the service.
- Non-discrimination for exercising privacy rights.
To submit a California privacy request, email privacy@remnantai.online with the subject line “California Privacy Request.” We will respond within 45 days. We may need to verify your identity before processing your request.
Illinois residents (BIPA)
Illinois residents have the right to:
- Know whether we are collecting, capturing, purchasing, receiving, or otherwise obtaining biometric data.
- Know how long we retain biometric data (see Section 8 and Section 3 of this policy).
- Receive written notice before we collect biometric data (provided at account creation).
To submit a BIPA request or withdraw biometric consent, email privacy@remnantai.online. We will respond within 30 days.
Texas residents (CUBI)
Texas residents have the right to know whether their biometric identifier has been captured and how it is being used. To submit a request, email privacy@remnantai.online.
Washington residents (My Health My Data Act)
Washington residents have specific rights regarding health data, which may include grief-context data processed by Remnant AI. You have the right to access, correct, and delete health data, and to withdraw consent to collection. To exercise these rights, email privacy@remnantai.online.
European / UK residents (GDPR / UK GDPR)
If you are located in the European Economic Area or United Kingdom, you may have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR, including the right to object to processing and the right to lodge a complaint with your national data protection authority. Contact privacy@remnantai.online to exercise these rights.
How to submit a rights request
For all privacy rights requests, contact privacy@remnantai.online with: (a) your full name; (b) the email address associated with your account; (c) the specific right you wish to exercise; and (d) any relevant details. We will verify your identity before processing your request and respond within the timeframe required by applicable law.
12. International data transfers
Remnant Technologies, Inc. is based in the United States. Our subprocessors — including ElevenLabs, Inc. and Amazon Web Services, Inc. — are also primarily US-based. If you access Remnant AI from outside the United States, your personal information — including biometric data and uploaded recordings — will be transferred to and processed in the United States.
The United States does not have the same data protection laws as the European Union or other jurisdictions. By using Remnant AI, you acknowledge and consent to this transfer. If you are located in the EU or UK, we will ensure appropriate safeguards are in place (such as Standard Contractual Clauses) before transferring your personal data internationally. Contact privacy@remnantai.online for details.
13. Data relating to deceased persons
Remnant AI involves the processing of personal data — including voice recordings and biometric identifiers — of deceased persons. This is an unusual data protection context, and the law in most jurisdictions does not clearly address the privacy rights of deceased individuals.
We take the following approach:
- We treat recordings of deceased persons with the same level of care and protection as recordings of living persons.
- We do not share, license, or use recordings of deceased persons for any purpose other than generating and operating the Remnant created by the account holder who uploaded them.
- If we receive a credible request from the estate or family of a deceased person to delete their recordings and voice model, we will honor that request and delete the associated Remnant, subject to our verification process.
- We permanently destroy all data associated with a Remnant — including the deceased person’s recordings and voice model — when the account is closed or the Remnant is deleted.
To submit a deletion request on behalf of a deceased person’s estate, contact privacy@remnantai.online with documentation of your authority to act on behalf of the estate.
14. AI training — our commitment
We know this matters deeply for a product like Remnant AI. Here is our explicit commitment:
Our subprocessor agreements with ElevenLabs, Inc. and our LLM provider (Anthropic, PBC) include contractual restrictions consistent with this commitment. If those restrictions change, we will notify you and update this policy before any change takes effect.
We may use aggregated, fully anonymized, non-reversible usage statistics (such as “users average 3 conversations per week”) to improve our service design. This data contains no personal information and cannot be used to reconstruct any individual’s voice or identity.
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes — particularly changes that affect how we use biometric data, sensitive personal information, or conversation content — we will notify you by email to the address associated with your account and by in-app notice at least 30 days before the change takes effect.
For non-material changes (such as clarifications, typo corrections, or updated contact information), we will update the “Last updated” date and post the revised policy at remnantai.online/en/privacy. Continued use of Remnant AI after a change takes effect constitutes acceptance of the revised policy.
We will maintain a version history of this policy. Prior versions are available on request by emailing privacy@remnantai.online.
16. Contact us
If you have questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:
Privacy inquiries and data rights: privacy@remnantai.online
General support: support@remnantai.online
Remnant Technologies, Inc. d/b/a Remnant AI, Delaware, USA
We are committed to working with you to resolve any privacy concern. If you are not satisfied with our response, you may have the right to lodge a complaint with your applicable data protection authority.
See also: Terms & Consent Policy · Support