Is GirlfriendGPT Safe? Here's What Our Investigation Found
GirlfriendGPT is a legitimate platform — registered company, real operations, not a scam. The 3.2/5 safety rating it earns from third-party reviewers comes from specific, documented concerns about data practices, not from fundamental fraud. Here's exactly what those concerns are and how serious they are.
The Company Behind It
GirlfriendGPT is operated by NextDay AI. Company registration:
| Entity | Location | Address |
|---|---|---|
| NextDay AI | Canada | 4388 Saint-Denis, Suite 200, Montreal, QC H2J 2L1 |
| NextDay AI USA | Delaware | 2915 Ogletowne Road, Suite 4642, Delaware 19713 |
| NextDay AI EU | Cyprus | 2 Poreias, Limassol 3011 |
Three countries of registration, 9.5 million monthly visitors, operational since May 2023. This is a legitimate business.
Official domain: gptgirlfriend.online only. Imitation sites exist.
The Data Retention Issue
This is the main concern worth knowing about upfront.
GirlfriendGPT keeps your data for 6 years after you delete your account.
For an AI companion platform where conversations can be personal and explicit, a 6-year retention window is a real consideration. The industry standard for inactive user data is 30–90 days post-deletion. Six years is significantly longer.
What they retain: conversation logs, account information, IP addresses, usage data. After you delete your account, this data remains in their systems until the 6-year period expires.
EU users have GDPR rights that may allow earlier deletion — contact the Cyprus entity (NextDay AI EU) with a deletion request.
What We Don't Know About Encryption
The privacy policy states data is encrypted in transit and at rest. What it doesn't provide:
- Encryption standards (AES-256, etc.)
- Whether independent security audits have been conducted
- Specific data access controls
This opacity is common in the AI companion space, but it means external verification of their security claims isn't possible.
Billing and Privacy
Statement descriptor: Charges appear as "xp ndai.cc" — not GirlfriendGPT.
Payment methods: Visa, Mastercard, Discover. No cryptocurrency.
Refund policy: 48-hour window for first-time subscribers.
The discreet billing is a practical feature for users concerned about statement visibility. The absence of cryptocurrency means transactions are linked to your card identity.
Third-Party Ratings
| Review Source | Score | Notes |
|---|---|---|
| aigirlfriendscout.com (overall) | 3.9/5 | Comprehensive test-based rating |
| aigirlfriendscout.com (safety) | 3.2/5 | Privacy/security concerns flagged |
| User reviews (53 ratings) | 4.3/5 | 67.9% five-star |
| Trustpilot | 3 reviews | Insufficient data for reliable assessment |
The disconnect between 4.3/5 user satisfaction and 3.2/5 safety rating is consistent with what we found: users are generally happy with the service quality, but the data practices are below average.
Age Verification and Content Safety
As an adult platform, GirlfriendGPT implements:
- 18+ age verification at account registration
- 18 U.S.C. 2257 compliance for adult content record-keeping
- Hard prohibition on any content depicting or implying minor characters
- In-platform reporting tools for community guideline violations
These measures are appropriate for a legitimate adult content platform.
What to Actually Watch Out For
Unofficial APKs: Third-party "GirlfriendGPT mod APK" files are not from NextDay AI. Downloading them risks malware installation and data theft. Use only gptgirlfriend.online or APKPure.
Data retention: If you create an account, your data persists for 6 years post-deletion. Know this going in.
Fake sites: Multiple imitation domains exist. Always verify the URL is gptgirlfriend.online before entering any information.
Our Verdict
Legitimate, but with real data privacy concerns. GirlfriendGPT is a real business providing a real service. The 3.2/5 safety rating reflects the 6-year data retention policy and the lack of published security audit — not fraud. These are real concerns, not catastrophic ones.
If data privacy is a significant consideration for you: minimize the personal information you provide, consider what conversations you're having, and factor in the 6-year retention when deciding whether to register.
If you want to evaluate the platform with minimal risk: use the free plan — no credit card required.
Ready to explore? GF GPT Review offers a free plan with 20 messages per day.
Start Chatting Free →Frequently Asked Questions
Real company. NextDay AI has documented business registrations in Canada, the USA, and Cyprus. The platform has been running since May 2023 with millions of monthly visitors. It is not a scam.
Chat conversation content, account details (email, age verification), IP addresses, device data, and payment information. They retain all of this for 6 years after account deletion — significantly above the 30–90 day industry standard.
As "xp ndai.cc" — intentionally discreet. Not labeled GirlfriendGPT or NextDay AI.
Standard account deletion triggers the 6-year retention policy. EU residents can invoke GDPR rights to request earlier deletion through the Cyprus entity. Results may vary depending on NextDay AI's response to GDPR requests.
No publicly reported breaches as of May 2026. The absence of published security audits means independent verification of their internal security isn't possible.