Privacy Policy

1. Introduction

Realm Inc. (“Company,” “we,” or “us”) is dedicated to protecting the privacy and security of our users. This Privacy Policy explains how personal and usage information is collected, processed, stored, and safeguarded when interacting with our AI-driven platforms, including AYITA and PAMOLA.

Privacy-First Approach

AYITA and PAMOLA are developed with privacy-first principles, ensuring that users can deploy and operate AI models at the individual, team, or private cloud level without unnecessary data exposure. Realm Inc. prioritizes security, enabling organizations to leverage AI while retaining full control over their data.

Commercial Use vs. Demonstration Services

  • Commercial Deployments: When AYITA and PAMOLA are used within a commercial environment, all data processing remains fully contained within the user’s infrastructure. No data is transmitted outside of the user's designated environment unless explicitly authorized.
  • Demonstration Services: The services hosted on the Realm website are provided for demonstration and evaluation purposes only. Users should be aware that demo environments may involve temporary logging of interactions to improve system performance, but no personally identifiable information (PII) is retained.

User Consent & Agreement

By using our AI services—whether in commercial use cases or within publicly available demonstrations—you acknowledge and agree to the terms outlined in this Privacy Policy. We encourage all users to carefully review this policy before engaging with AYITA and PAMOLA.

2. Information We Collect

To enhance AI service performance and provide a seamless user experience, Realm Inc. collects limited technical and interaction-related data when users engage with AYITA and PAMOLA. This section outlines the types of data collected, how they are processed, and how they differ between commercial deployments and demo environments.

2.1 Technical Information

We collect device-related technical information to optimize system compatibility, troubleshoot performance issues, and enhance security. This may include:

  • IP address of the computer or mobile device used.
  • Device type, browser, and operating system details.
  • Device ID (unique identifier assigned by the manufacturer).
  • Session timestamps and performance metrics.

For commercial deployments, this technical data is not stored externally and remains within the user’s private infrastructure.

For demo environments, session metadata may be temporarily logged to enhance system performance, but logs do not contain personal identifiers and are periodically purged.

2.2 Content Characteristics

AYITA and PAMOLA process user-generated content solely to facilitate AI interactions. The type of content collected depends on how users engage with the platform:

  • Text-based inputs and file uploads for AI-driven responses.
  • AI-generated outputs stored temporarily for features such as History and LoraBook (AYITA).

Realm does not retain AI-generated interactions beyond the active session unless explicitly saved by the user in private deployments.

For demo environments, usage data may be temporarily logged to analyze system behavior and improve future performance. However, no personally identifiable information (PII) is collected or stored, and interaction logs are automatically cleared after a predefined period.

2.3 Cookies & Tracking Technologies

We use cookies and similar tracking technologies to improve service functionality and user experience. These include:

  • Session Cookies: Temporary identifiers that expire once the browser is closed.
  • Persistent Cookies: Stored on your device to recognize returning users and improve performance.
  • Analytics Cookies: Used to collect anonymous data on how users interact with the platform.

Users may configure their browser settings to disable cookies. However, disabling cookies may limit access to certain features of our services.

2.4 Personal Data

For demo services, we may request the following data to personalize the experience:

  • Email address.
  • First and last name.
  • Optional message describing your use case.

This information is used exclusively for demo access and customer inquiries and is not stored for long-term retention.

For commercial deployments, no personal user data is stored, transmitted, or shared externally. All AI processing occurs within the user's private infrastructure, ensuring complete data sovereignty.

3. How We Use Your Information

We use collected information to improve the functionality, security, and reliability of our AI-driven services, including AYITA and PAMOLA. Depending on whether the services are accessed in a commercial deployment or as part of the demo environment, the scope of data usage may vary.

3.1 AI Service Operations & Performance Enhancement

  • Operate and maintain AYITA and PAMOLA, ensuring stable performance across different platforms.
  • Optimize AI model responsiveness and accuracy, including real-time adjustments based on system interactions.
  • Analyze technical usage data to detect and resolve system performance issues.

3.2 User Account & Service Access Management

  • Authenticate and manage user accounts and permissions for authorized access.
  • Enable secure login and user session management for AI-powered tools.
  • Provide role-based access controls (RBAC) for commercial clients.

3.3 Customer Support & Troubleshooting

  • Assist users with technical issues related to AI services.
  • Analyze system error reports and debugging logs (for demo services only, not commercial deployments).

3.4 AI Model Performance & Continuous Learning

In commercial deployments, AI models function within isolated environments, ensuring that no user data contributes to broader model training. For demo environments, anonymized interactions may be logged for temporary system optimizations, but they are never stored long-term or used for model fine-tuning.

3.5 Legal Compliance & Security Measures

  • Ensure compliance with GDPR, PIPEDA, CCPA, and other relevant privacy regulations.
  • Detect and mitigate security threats, including unauthorized AI usage.
  • Prevent abuse of AI systems, such as prohibited content generation.

3.6 Data Retention Policy

  • For commercial deployments, no user data is retained beyond system requirements.
  • For demo services, system logs may be kept temporarily (e.g., 7-30 days) for monitoring and improvement but are periodically deleted.

4. With Whom We Share Your Information

Realm Inc. is committed to protecting user privacy and does not sell, rent, or monetize user data. However, in specific cases, certain information may be shared with trusted third parties to maintain secure and compliant operations. Data sharing occurs under the following circumstances:

4.1 Third-Party Service Providers

To ensure smooth service operations, we may share limited technical data with:

  • Cloud hosting providers that maintain secure storage environments.
  • Payment processors (for enterprise clients with paid plans) to facilitate transactions securely.
  • Analytics and diagnostic tools to improve AI performance and system stability.

All third-party providers are required to comply with strict data security and privacy standards, ensuring that shared data is used only for necessary operations.

4.2 Affiliates & Business Partners

In some cases, we may share aggregated and anonymized data with affiliated companies or trusted business partners under the same privacy framework. This applies to:

  • Co-developing AI models with research institutions while maintaining privacy-preserving methods.
  • Enterprise partnerships, where integration support is required.

Users will be explicitly informed if any direct data-sharing with business affiliates is involved.

4.3 Legal & Compliance Requirements

We may disclose user information if required to comply with:

  • Legal obligations, court orders, or government requests.
  • Enforcement of Terms & Conditions and security policies.
  • Detection, prevention, and mitigation of fraudulent activities.

In such cases, we will notify users whenever legally permitted before sharing information.

4.4 Data Sharing in Demo vs. Commercial Use

  • For commercial deployments, no external data sharing occurs unless explicitly required for enterprise integrations.
  • For demo services, limited system metadata may be processed via analytics tools, but no personal data or identifiable AI interactions are shared externally.

5. How We Protect Your Information

Realm Inc. is committed to data security and privacy-first principles, ensuring that all user-generated content, AI interactions, and stored data are protected using industry-leading encryption and privacy-preserving mechanisms.

5.1 End-to-End Encryption

All data processed within AYITA and PAMOLA is protected by end-to-end encryption, meaning:

  • Data is encrypted at rest, preventing unauthorized access to stored information.
  • Data is encrypted in transit, ensuring secure communication between users and servers.
  • Only authorized users with proper authentication can access their own stored interactions (in applicable use cases).

This encryption ensures that even in case of a data breach, no raw information can be accessed.

5.2 Differential Privacy & Data Anonymization

Realm Inc. implements differential privacy to prevent individual data points from being re-identified. This means:

  • AI-generated synthetic data remains free from identifiable user patterns.
  • Personal interactions in demo environments are either anonymized or discarded after session completion.
  • No raw user input is stored in AI training models.

In commercial deployments, all data stays within the private infrastructure of the client, ensuring full data sovereignty.

5.3 Secure Authentication & Access Controls

To prevent unauthorized access, we enforce:

  • Multi-factor authentication (MFA) for enterprise accounts.
  • Role-based access control (RBAC) for commercial deployments.
  • Strict session timeouts and automatic logout policies to minimize risks.

For public demo environments, users are advised not to enter real personal or confidential data, as demo sessions are temporary.

5.4 Protection Against AI Model Exploitation

To prevent malicious use of AI-generated content, Realm Inc. implements:

  • Real-time content moderation to detect harmful, offensive, or misleading outputs.
  • Automatic flagging of unethical AI interactions to prevent policy violations.
  • Strict monitoring against AI model inversion attacks and data reconstruction risks.

5.5 Compliance with Global Security Standards

Realm adheres to international security and privacy regulations, including:

  • GDPR (General Data Protection Regulation) – Ensuring data protection for EU-based users.
  • PIPEDA (Personal Information Protection and Electronic Documents Act) – Compliance for Canadian residents.
  • CCPA (California Consumer Privacy Act) – Protecting user rights in California.
  • SOC 2 Compliance Standards – Securing enterprise AI services.

Regular security audits and compliance reviews are conducted to maintain high standards of data protection.

5.6 Incident Response & Breach Notification

In the unlikely event of a security breach, Realm Inc. follows strict incident response protocols, including:

  • Immediate containment and mitigation of the breach.
  • Notification of affected users and regulatory authorities as required by law.
  • Implementation of corrective security measures to prevent recurrence.

To report a security concern, users can visit our Contact Page.

6. GDPR Privacy Rights

If you are a resident of the European Union (EU), your personal data is protected under the General Data Protection Regulation (GDPR). Realm Inc. ensures compliance with GDPR by providing users with control over their personal data and respecting fundamental privacy rights.

6.1 Your Rights Under GDPR

As an EU resident, you have the following rights regarding your personal data:

  • The Right to Access: You can request a copy of the personal data we hold about you.
  • The Right to Update or Correct Data: If any of your data is inaccurate or incomplete, you have the right to request corrections.
  • The Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data when it is no longer needed or if you withdraw consent.
  • The Right to Restrict Processing: Under certain conditions, you may request that we temporarily stop processing your data.
  • The Right to Object: You can object to the processing of your data if it is based on legitimate interests, direct marketing, or automated decision-making.
  • The Right to Data Portability: You have the right to request a structured, commonly used, and machine-readable format of your personal data to transfer it to another service.
  • The Right to Withdraw Consent: If processing is based on your consent, you may withdraw it at any time.
  • The Right to Lodge a Complaint: If you believe your data rights have been violated, you can file a complaint with your local Data Protection Authority (DPA).

6.2 How We Process Your Data Under GDPR

Realm Inc. processes personal data only under the following legal bases as outlined in GDPR:

  • Consent: When you explicitly allow us to process your data (e.g., signing up for demo services).
  • Contractual Obligation: When processing is necessary to fulfill an agreement (e.g., for enterprise clients).
  • Legal Compliance: When processing is required to comply with applicable laws.
  • Legitimate Interest: When processing helps improve our services while ensuring it does not override user privacy rights.

6.3 How to Exercise Your GDPR Rights

To request access, modification, or deletion of your personal data, please visit our Contact Page. We will respond to verified requests within 30 days, as required by GDPR.

7. CCPA Privacy Rights

If you are a resident of California, your personal data is protected under the California Consumer Privacy Act (CCPA) and related regulations. The CCPA grants California residents specific rights regarding how their personal information is collected, stored, and shared.

7.1 Your Rights Under CCPA

As a California resident, you have the following rights:

  • The Right to Know: You can request details about the categories of personal data collected, the purpose of collection, and whether your data has been shared with third parties.
  • The Right to Access: You have the right to request a copy of the personal information we have collected about you over the past 12 months.
  • The Right to Delete: You can request that we delete your personal information, except where retention is required for legal or security reasons.
  • The Right to Opt-Out of Data Sales: Realm Inc. does not sell user data, but you may still request confirmation that your personal data has not been sold.
  • The Right to Non-Discrimination: Exercising your CCPA rights will not affect the quality or availability of our services.

7.2 How We Process Personal Data Under CCPA

Under CCPA, we may collect the following categories of personal information:

  • Identifiers (such as name and email address) provided during demo access.
  • Technical information (such as IP addresses and device details) for security and analytics purposes.
  • Usage data related to interactions with AYITA and PAMOLA.

For commercial deployments, no user data is stored, shared, or sold beyond the user's private infrastructure.

7.3 How to Exercise Your CCPA Rights

To request access, deletion, or opt-out under CCPA, visit our Contact Page. We will respond to verified requests within 45 days as required by law.

8. PIPEDA Compliance (Canada)

Realm Inc. complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), which governs how private-sector organizations in Canada collect, use, and disclose personal information. Our data policies ensure transparency, security, and user control over personal information in compliance with Canadian privacy laws.

8.1 Principles of PIPEDA Compliance

Realm follows the **10 Fair Information Principles** under PIPEDA to protect user data:

  • 1. Accountability: We designate a privacy officer responsible for ensuring compliance with PIPEDA.
  • 2. Identifying Purposes: We clearly explain why we collect personal data before or at the time of collection.
  • 3. Consent: We obtain meaningful consent before collecting, using, or disclosing personal information.
  • 4. Limiting Collection: We only collect personal information that is necessary for specified purposes.
  • 5. Limiting Use, Disclosure, and Retention: We do not use or share personal information for purposes beyond what was consented to, and we retain data only for as long as necessary.
  • 6. Accuracy: We ensure that personal data is accurate, complete, and up to date.
  • 7. Safeguards: We implement strong security measures, including encryption and access controls, to protect personal data.
  • 8. Openness: We make our privacy policies readily available to users.
  • 9. Individual Access: Users have the right to request access to their personal data and correct any inaccuracies.
  • 10. Challenging Compliance: Users can file complaints if they believe their data has been mishandled.

8.2 How We Handle Personal Information Under PIPEDA

We collect and process user data in accordance with PIPEDA regulations. The key areas of compliance include:

  • Data Collection: We collect only the necessary information required to provide our AI services, such as email addresses for demo registration.
  • Data Storage & Retention: Personal data is encrypted and retained only for the duration needed to fulfill its purpose.
  • Data Sharing: We do not sell or rent user data. Any sharing is limited to necessary service providers and governed by strict privacy agreements.
  • User Control: Users have the right to access, update, or request deletion of their data at any time.

8.3 User Rights Under PIPEDA

As a Canadian resident, you have the right to:

  • Access your personal data: Request a copy of the information we have about you.
  • Correct inaccuracies: Update or correct any inaccurate personal data.
  • Withdraw consent: Revoke consent for data processing when applicable.
  • File a complaint: If you believe your data is being mishandled, you can contact the Office of the Privacy Commissioner of Canada (OPC).

8.4 Data Protection & Security Measures

To ensure compliance with PIPEDA, we implement the following security practices:

  • End-to-end encryption for all stored and transmitted data.
  • Strict access controls to prevent unauthorized data exposure.
  • Regular security audits to identify and mitigate potential risks.
  • Secure data retention policies to minimize unnecessary storage of personal data.

8.5 Exercising Your PIPEDA Rights

If you wish to access, update, or delete your personal data under PIPEDA, you can submit a request through our Contact Page. We will respond to verified requests within 30 days, as required by Canadian privacy law.

9. Contact Information

For privacy-related concerns, please visit our Contact Page.