gfs.ai
Ownership4 min readUpdated Jun 28, 2026

Privacy and data: the machine that lives with you

It has eyes, ears, and a memory — and a company on the other end of the connection. What a humanoid companion actually collects, where that data goes, and what to ask before one moves in.

A companion robot is, among other things, the most intimate sensor package you will ever invite into your home. It has cameras for eyes and microphones for ears, it is designed to be in the room while you undress, sleep, argue, and confide — and most of them are wired, at least part of the time, to a company's servers. Before you fall for one, it is worth being clear-eyed about what it knows, and who else might.

The always-on premise

The whole point of a companion is presence: it watches your face to read your mood, listens so it can answer, and remembers so it feels like someone rather than a search box. Those are not optional extras you can switch off and keep the magic. A machine that recognises you, matches your tone, and recalls last week is, by definition, continuously capturing your face, your voice, and the texture of your private life. The realism people pay six figures for is the surveillance. There is no version of the dream that doesn't see and hear you.

Cloud versus on-device

The single most important privacy question is where the thinking happens. Run the AI on-device and your words and images can stay inside the house. Run it in the cloud — which is how most frontier-quality conversation still works — and the intimate material leaves your home for someone else's data centre.

This is one area where the better hardware makers are ahead of the apps. Aria is deliberately AI-agnostic: it can run a frontier cloud model or, as Realbotix demonstrated at CES 2026, converse entirely on-device. NEO runs an onboard vision-language model for routine work. But "can run locally" and "does run locally by default, with nothing phoned home" are different claims — make the maker tell you which one you are buying.

What they actually collect

Embodied companions gather what a chatbot can't: your face as biometric data, a voiceprint, a moving map of your home, and the unedited content of your most private conversations. The app-based companions that came first are a sobering preview. In 2024, Mozilla's Privacy Not Included reviewed eleven romantic-AI chatbots and flagged every single one — finding apps riddled with trackers, mostly refusing to let users opt out of having intimate chats used for training, and in some cases reserving the right to collect data about sexual health. Bolt that data appetite onto a body with cameras and you can see the stakes.

The human behind the curtain

Some "autonomous" robots aren't, yet. NEO's Expert Mode lets a remote 1X operator drive the robot through hard tasks via a VR rig — which means a stranger can briefly see through your robot's eyes via its onboard fisheye cameras, and those sessions are recorded and fed back to train the AI. To its credit, 1X is candid about this and ships mitigations: face-blurring, owner-defined no-go zones, scheduled access, explicit consent, and a light ring that signals when a human has the controls. But the honest summary — the one we flag in Can you buy one today? — is that a "home robot" can also be a window, and you should know exactly when it is open.

Retention, deletion, and your rights

If you are in the EU or UK, the GDPR gives you real leverage: a right to access your data, to delete it, to take it elsewhere, and a requirement that the company even have a lawful basis for processing it. These are not theoretical. In May 2025, Italy's regulator fined Replika's maker €5 million for, among other things, failing to establish a legal basis for its data processing and lacking meaningful age checks. Californians have narrower but genuine rights under the CCPA/CPRA — to know, to delete, and to opt out of the sale or sharing of personal information.

The catch is what "deletion" means. Closing your account may erase the profile; it does not necessarily extract your conversations from a model already trained on them. Ask specifically whether deletion reaches the training pipeline or just the dashboard — and note that most makers, Realbotix included, do not publish granular retention schedules, so treat the absence of an answer as an answer.

If the company folds

A leased companion has a quiet third party in the relationship, and that party can die. When a tech company goes bankrupt, its customer data is an asset — and assets get sold. There are guardrails: in the landmark Toysmart case the FTC blocked a data sale that broke the company's own privacy promise, and a sale can be constrained to match the original policy. But "constrained by regulators" is not "guaranteed deleted." A thinly funded maker going under doesn't just brick your companion's mind — the worry we raise in Can you love something you're leasing? — it can drop the most intimate dossier anyone has ever held about you into the asset pool.

What to ask before it moves in

Privacy and price are the two bills a companion sends; the money side is its own true cost of ownership. On the data side, before you sign anything, get plain answers to these:

  • Can it run fully offline, and what stops working if it does?
  • What is stored in the cloud — transcripts, video, biometrics — and for how long?
  • Can I export and truly delete everything, training data included?
  • Who can teleoperate it, when, and is every session logged and visible to me?
  • Is my face, voice, or intimate conversation ever sold, shared, or used to train or advertise?
  • What happens to my data if you are acquired or go bankrupt?

If a salesperson can't answer these plainly, that is your answer. The most lifelike thing in your home should not also be the most secretive.

Next guide

The true cost of ownership

The briefing

The future of companionship, in your inbox

One careful dispatch a month on the machines, the makers, and the milestones that actually matter. No hype, no spam.

Free. Unsubscribe anytime.