Is Secrets AI Safe? Privacy, Payments, and Security Explained
Safety concerns about AI companion platforms usually fall into four categories: is the company legitimate, what happens to your conversation data, how discreet is the billing, and what are the actual known risks. This page works through each of those questions for Secrets AI using documented facts rather than marketing language.
Short answer: Secrets AI is a legitimate platform with real privacy features, but meaningful transparency gaps exist. The specifics matter more than the headline.
The analysis below covers Secrets AI (secrets.ai) operated by Secret Labs Inc. "Secret AI" (secretai.io) is an entirely different product — an offline AI assistant app — and is unrelated to this platform or this analysis.
Is Secrets AI a Legitimate Company?
Secrets AI is operated by Secret Labs Inc., incorporated in Dover, Delaware, United States. Delaware incorporation is standard practice for US technology companies and carries no unusual risk signals.
The platform launched in 2024 and reached over 100,000 registered users by November 2025. Its Trustpilot score is 4.2/5 based on six reviews (100% five-star), though the small review sample limits the statistical weight of that figure. The review at companionguide.ai reaches 9.6/10 across 116 reviews — a more representative sample.
No reports of fraud, data breach incidents, or regulatory action against Secret Labs Inc. have emerged in available documentation through mid-2026. The platform is not listed on any known scam or fraud databases.
The Trustpilot sample size is small enough that it shouldn't be the primary legitimacy signal — the company's Delaware incorporation, multi-year operation, and six-figure user base are stronger indicators of an operating legitimate business.
Privacy and Encryption
Private Mode
Private Mode is Secrets AI's strongest individual privacy feature. When activated on a conversation, it applies end-to-end encryption to that specific exchange, preventing the conversation from being used to train the platform's AI models.
Activation is per-conversation, not global. If you enable Private Mode on one chat session, that session is encrypted — but a new conversation started without activating Private Mode does not inherit the protection automatically. Users who want consistent privacy protection need to enable it at the start of each session.
This is a meaningful feature that goes beyond what many competing platforms offer. End-to-end encryption (KG: /m/02vk79l) in this context means the conversation content is protected against interception in transit and is excluded from training pipelines.
Data Storage
Standard data in transit and at rest uses industry-standard encryption. Secrets AI's privacy policy states no third-party data sharing. Account deletion triggers permanent removal of all chat history, generated images, video content, and character configurations within 30 days.
These are appropriate baseline commitments. The gap is in verification: there are no publicly available third-party security audits to independently confirm these practices.
Transparency Concerns
The platform's privacy rating from aigirlfriendscout is 2.9/5 — significantly lower than its category scores for chat (4.4), NSFW (4.3), or voice (4.3). The rating reflects what the reviewers describe as "zero details" on specific encryption protocols, no published data retention schedule beyond the deletion policy, and no accessible security audit documentation.
The platform states that independent security audits have been conducted, but the results are not publicly accessible. For users with elevated privacy requirements — journalists, activists, or anyone in a sensitive professional context — the documentation gap is a genuine concern, not a theoretical one.
Payment Security
Accepted Methods
Secrets AI accepts:
- Visa
- Mastercard
- Virtual debit cards
- Cryptocurrency (minimum $20 per transaction)
American Express is not accepted — an unusual exclusion worth noting if that's your primary card. Payment processing runs through third-party providers; raw card data is not stored directly by Secrets AI.
Billing Discretion
This is one of the stronger practical privacy features. All charges — subscriptions and Moments top-ups — appear on bank and credit card statements as "Sun Clinical Laboratories." There is no reference to Secrets AI, AI girlfriends, adult content, or Secret Labs Inc. in any billing communication.
For users concerned about financial statement privacy, the combination of a discreet billing descriptor and cryptocurrency payment availability provides substantial coverage. A cryptocurrency payment with no billing descriptor concern at all is the highest-privacy payment path.
The cryptocurrency minimum of $20 means it's not practical for the smallest purchases, but covers all subscription tiers (minimum $5.99/month for Lite).
For the full breakdown of billing and plan costs, see the pricing page.
Account Privacy
Creating a Secrets AI account requires only an email address and password. No real name, phone number, social media account, or government-issued identification is required at any stage.
The absence of social login (Google/Apple/Facebook) is notable — using those login methods creates data linkages between the platform and your broader online identity. Secrets AI's email-only approach limits that exposure.
Sessions persist in the browser after login. No biometric authentication is available (a consequence of the browser-only platform structure — native apps can implement fingerprint/face login in ways that web apps cannot).
Content Safety
Secrets AI explicitly permits uncensored NSFW content. The default interaction tone is approximately PG-13 — suggestive but not explicit — and escalates based on user direction. The AI does not initiate explicit content without user prompting.
The platform states that content generation maintains limits even in explicit contexts — the AI does not generate content involving minors or non-consensual scenarios. No verified reports of such content generation appeared in documented user feedback through mid-2026.
NSFW content is available across all tiers including the free plan, subject to message limits.
Known Risks and Genuine Concerns
Legitimate risks that aren't adequately addressed in the platform's public documentation:
Uncontrolled spending: The Moments system has no built-in spending caps or budget alerts. A user who doesn't actively track their top-up purchases could accumulate unexpected charges. No parental controls or spending limits are documented.
Refund ambiguity: Refund policy details are not publicly available on the platform. Users who want refund guarantee clarity should contact support before purchasing — particularly before committing to annual subscriptions.
Age verification: The age verification process for creating an account is not publicly detailed. The platform permits explicit adult content, but verification specifics aren't documented publicly.
Legal jurisdiction: Secret Labs Inc. is a US company subject to US law. Data could theoretically be accessed via valid legal process (subpoena, court order). US jurisdiction is not inherently more risky than alternatives, but users subject to jurisdictions with stricter data localization requirements should factor this in.
Conversation data retention during Private Mode: Private Mode prevents chats from being used for AI training, but doesn't address how long conversation data is retained even with encryption. The deletion policy (30 days after account deletion) applies to account-level data — the retention policy for individual encrypted conversations outside that process isn't detailed.
How Secrets AI Compares on Safety
| Feature | Secrets AI | Candy AI | CrushOn AI | Character.AI |
|---|---|---|---|---|
| E2E Encryption | Yes (Private Mode) | Not documented | Not documented | Not documented |
| Anonymous Signup | Yes | Yes | Yes | Yes |
| Discreet Billing | Yes | Yes | Not confirmed | No |
| Content Policy | Full NSFW | Full NSFW | Zero filter | Strictly filtered |
| App Permissions | N/A (web only) | N/A (web only) | N/A (web only) | Native app (location etc.) |
| Crypto Payment | Yes | Not confirmed | Not confirmed | No |
The comparison shows Secrets AI's relative privacy advantage in documented E2E encryption and confirmed discreet billing. Character.AI's native app status creates app permission exposure that browser-only platforms don't have — apps can request location, camera, and contact access; browser tabs cannot.
For the full review that contextualizes the safety assessment within the platform's overall feature set, see the main Secrets AI analysis.
FAQ
Without Private Mode, conversations are stored by Secrets AI and may be used for AI training purposes. With Private Mode enabled on a conversation, end-to-end encryption is applied to that specific session, and the conversation is excluded from training data. Secrets AI staff access to conversation data is governed by internal policy, not publicly verified. No documented cases of unauthorized access or conversation disclosure have appeared in available records.
No. All charges from Secrets AI appear on statements as "Sun Clinical Laboratories." There is no reference to Secrets AI, AI companions, adult content, or Secret Labs Inc. in any payment descriptor. This applies to both subscription charges and individual Moments top-up purchases. For maximum billing privacy, cryptocurrency payments are accepted with a minimum of $20 per transaction.
Yes. Account deletion permanently removes all associated data: chat history, created characters, generated images and videos, and account information. Deletion processing takes up to 30 days. After deletion is confirmed, the data removal is stated as permanent — there is no recovery process or grace period restoration. The deletion request is made through account settings.
Secrets AI's privacy policy states that the platform does not share data with third parties. The accuracy and enforceability of this commitment depends on the policy's legal standing and the company's internal practices — both of which are not independently verified through public security audits. The policy statement is in place, but privacy-maximalist users should note it is a company self-declaration rather than a third-party-verified claim.