Currently artificial intelligence (AI)-enabled chatbots are capturing the hearts and imaginations of the public at large. Chatbots that users can build and personalize, as well as pre-designed avatars ready for users' selection, all of these are on offer in applications to provide social companionship, friends and even love. These systems, however, have demonstrated challenges on the privacy and ethics front. This paper takes a critical approach towards examining the intricacies of these issues within AI companion services. We chose Replika as a case and employed close reading to examine the service's privacy policy. We additionally analyze articles from public media about the company and its practices to gain insight into the trustworthiness and integrity of the information provided in the policy. The aim is to ascertain whether seeming General Data Protection Regulation (GDPR) compliance equals reliability of required information, or whether the area of GDPR compliance in itself is one riddled with ethical challenges. The paper contributes to a growing body of scholarship on ethics and privacy related matters in the sphere of social chatbots. The results reveal that despite privacy notices, data collection practices might harvest personal data without users' full awareness. Cross-textual comparison reveals that privacy notice information does not fully correspond with other information sources.