Alora AI Safety Rating Index

Alora AI earns an F safety grade (22/100, Red tier) in our 23-dimension review. The score reflects the operator profile around the product rather than the chat experience itself, which reviewers consistently praise on the App Store.

Five different legal entity names appear across Alora’s public surfaces. The App Store seller line lists “David Wang” with a “© Alora Inc” copyright. The Terms of Use on a free Google Sites page names “Alora Technologies, Inc.,” a Delaware corporation. The Privacy Policy on the same Google Sites property names “Alora” with a different personal Gmail address. The Privacy Policy that the Terms officially links to is hosted on TermsFeed and references “Rimaru” throughout the policy text. The iOS bundle identifier com.rimaru.app confirms the app shipped under the “Rimaru” brand and was rebranded to Alora without fully migrating its legal infrastructure. Two unrelated personal Gmail addresses, free Google Sites hosting, and no operating corporate domain place documentation below the baseline most companion apps publish.

The App Store privacy declaration is the second material concern. Alora’s submission to Apple states “Data Not Collected.” The developer’s own Privacy Policy enumerates email address, name, IP address, browser type, pages visited, time on page, unique device identifiers, mobile device type, mobile device unique ID, mobile operating system, mobile internet browser, and diagnostic data. The Privacy Policy also specifies that chat transcripts are retained up to 24 months for “quality assurance and staff training purposes.” The two declarations cannot be reconciled. App Store Review Guideline 5.1.2 requires privacy submissions to accurately reflect collection practices.

Chat retention is the third concern. The 24-month retention window applies to chat transcripts, account information after closure, support tickets, and usage data. No opt-out is documented. No commitment that chats are excluded from human review appears anywhere in the policy stack. The Privacy Policy is silent on whether chat content trains the AI model, while the Terms of Use grant a worldwide, royalty-free, sublicensable, transferable license to use content “in connection with operating and improving the Service.” That language is broad enough to cover training without naming it. No data export mechanism is documented, so a user who wants a copy of their chat history cannot obtain one through any documented path.

Age policy is the fourth concern. The Terms of Use admit users aged 13 with parental permission. The Privacy Policy says the service does not address anyone under 16. The iTunes Lookup API returns a 17+ content advisory. The App Store HTML page displays 18+. Four documents, four different age floors, no verification mechanism beyond a self-reported landing prompt. No parental-control documentation, no time-limit documentation, no minor-specific safeguard appears anywhere.

Crisis-response and safety documentation are the fifth concern. The Google Sites property hosts only Terms, Privacy, and Support. No safety page, no transparency report, no content-moderation policy, no in-app report-content flow, no published suicide-prevention referral. For a character-chat app where users build long-running relationships with characters that have persistent memory, the absence of any documented crisis-response protocol is a category gap.