Replika AI Companion

Critical Rating 1 / 5 · Critical — Active surveillance / serious risk.

Claim evaluated

In May 2025, Italy's data protection authority (Garante) fined Replika's developer, Luka Inc., 5 million euros for serious GDPR violations, including processing sensitive personal data without a valid legal basis. The platform permanently logs highly intimate chats, fails to impl

Analysis

In May 2025, Italy's data protection authority (Garante) fined Replika's developer, Luka Inc., 5 million euros for serious GDPR violations, including processing sensitive personal data without a valid legal basis. The platform permanently logs highly intimate chats, fails to implement age verification, and lacks transparent data retention notices.

Sources

Rating Grade Card

The full methodological and legal context for this rating. This card is what we point to when asked to substantiate the claim.

Rating IDark_intel_6f593938

SubjectReplika AI Companion

CategoryAI App

VerdictThreat — red

Beacon stateCritical

Analyzed2026-05-31

AnalystHecTec Labs · Embassy reconnaissance (Gemini grounded search)

ApprovalManual review · YubiKey + steward (Citadel)

Data basisPublicly reported information only

Claim framingOpinion based on cited sources, not a statement of intent

Ingest originlocal_embassy

Citadel signaturesecp256k1_m4_sig_050a1917f14b20d9e1995207778bb787

MethodologySovereignware™ methodology v1.0

Right of replySubmit a response →

CorrectionsCorrections policy →

Disclaimer. This rating reflects publicly available information as of 2026-05-31. Conditions, policies, ownership, and product behavior may change after publication; re-verify before relying on this rating. The verdict expressed here is an opinion formed from the cited sources and is not a statement of fact about the subject's intent.