Privacy Policy

Last updated 21 April 2026

This Privacy Policy (the “Policy”) details how and why Realm Technologies Oy (hereinafter “Realm”, “we”, “us” or “our”) collects, processes and discloses information associated with an identified or identifiable individual (“Personal Data”).

1. Applicability of this Policy, definitions

This Policy applies to anyone accessing Realm’s AI-powered workplace search and intelligence tool (the “Application”), including by visiting any domain or subdomain on which the Application is made accessible, using any application programming interface (API), Slack integration, or any other means through which the Application may be accessible from time to time; visiting our website at withrealm.com (the “Website”); or engaging in any other interactions with Realm. The Application and the Website are jointly referred to as “Services” and anyone accessing them as a “User”.

If you do not agree with this Policy, then do not access or use the Services or interact with any other aspect of our business.

Users who have access to the Application are referred to as “Subscribers” (however, the umbrella term User also includes Subscribers). Subscribers are able to access the Application because an entity that Realm has a business relationship with (such entities are referred to as a “Customer”) has granted them access, whether under a free trial, a paid subscription, or any other arrangement. Realm may have entered into a separate agreement with the Customer, such as terms of service, a service-level agreement and/or a data-processing agreement (separately and together referred to as a “Customer Agreement”), which governs delivery, access and use of the Services.

A Customer’s own instance of the Application, meaning a specific version of the Application that a Customer and its Subscribers are able to access, is referred to as an “Instance”. The time period during which a Customer Agreement is in effect, including any free trial period, or a Customer has otherwise expressed that it wishes for Realm to prepare, make available or otherwise maintain its Instance, is referred to as the “Customer Relationship”.

The Application allows Customers to connect third-party services (“Data Sources”), such as Confluence, SharePoint, Slack, Google Workspace, and Atlassian, through data connectors available in the Application (“Connectors”). Connectors enable the Customer to sync data from a Data Source into the Application. All data owned by the Customer that is connected to, uploaded to, or processed within the Customer’s environment in the Application, including data synced from Data Sources via Connectors and data manually added to the Application, is referred to as “Customer Data”.

The Application uses third-party large language models (“AI Models”) to generate outputs such as summarized answers, document drafts, and suggested resolutions (“Outputs”). Each prompt submitted by a User to the Application via any interface is referred to as a “Query”.

The Customer is the controller of all Customer Data and Realm is a processor. Therefore, except for where Customer Data is explicitly discussed, this Policy does not apply to Customer Data. Instead, Customer Data will be processed by Realm in accordance with the Customer’s instructions and any applicable terms in the Customer Agreement (including any data processing agreement forming part thereof), and as required by applicable law. Regarding Customer Data, Subscribers should direct their data privacy questions to the Customer whose Instance they are subscribed to. We are not responsible for the privacy or security practices of Customers, which may be different than this Policy.

In general, this Policy does not apply to Data Sources or any other third-party products, services or businesses, who will provide their services under their own terms of service and privacy policy.

2. Data controller

Unless otherwise specified in this Policy or in an at the time applicable Customer Agreement, Realm Technologies Oy (ID: 3358260-9) is the data controller and is responsible for ensuring that Personal Data is processed in compliance with this Policy and applicable data protection laws.

Contact details of the data controller:

Realm Technologies Oy
Business ID: 3358260-9
Address: Fredrikinkatu 47, 00100 Helsinki, Finland
Email: contact@withrealm.com

For any questions about this Policy, reach out to contact@withrealm.com.

3. Personal Data that we collect

Through operating the Services, Realm will collect and process the following information:

3.1. Data on Customers and Subscribers

Subscriber information, such as name, email address, job title, and company name.

Customer relationship details, such as contract, start and end date of Customer Relationship (including free trial periods), and services ordered.

Customer billing information, such as bank account information, payments made, outstanding invoices, and invoices delivered.

Services metadata. When Subscribers interact with the Services, Realm collects metadata that provides additional context about the way that a Subscriber uses the Services. For example, Realm logs Queries that Subscribers submit, Outputs generated in response, links and features they view or interact with, Data Sources connected, and the frequency and manner of their use of the Application.

Customer interaction information, such as Customer contacts, feedback, complaints, call notes, meeting recordings, and feature requests.

Other business-related information which is not itself Personal Data but which, together with other information, may be Personal Data, such as number of employees in the company and Data Sources or other business applications that the company uses.

3.2. Data on all Users (including Subscribers)

Log data. When Users interact with the Services, Realm may automatically collect information and record it in log files. This log data may include Internet Protocol (IP) address, browser type and settings, when the Services were used, information about browser configuration, and language preferences.

Device information (any computer, tablet, phone or similar piece of equipment will be referred to as a “Device”). Realm may collect information about Devices accessing the Services, including type of Device, operating system, Device settings, application IDs, unique Device identifiers, and crash data.

Marketing information. Information related to marketing communications through email, meetings, website and social media platforms.

Cookie information. We may place a cookie or similar technology in our Services, including on our Website, to help us collect information. For more details on how we use these services, see 11. Cookie Policy.

3.3. Data on persons who are not Users

Persons who are not Users will be referred to as “Persons of Interest”.

Prospect information. From time to time, Realm will contact Persons of Interest at potential customer companies to provide them relevant information about our Services. For this purpose, Realm will process Personal Data such as company names, email addresses, employee names, and job titles. Realm may, from time to time, receive such information from third parties (any entity that is not a Data Source, as defined above, will hereafter be referred to as “Other Third Party”), such as social media platforms or sales intelligence tools.

Marketing information. Information related to marketing communications through email, meetings, website and social media platforms.

3.4. Special categories of personal data

Realm does not intentionally collect or process special categories of personal data (as defined in Article 9 of the GDPR), such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a person’s sex life or sexual orientation. However, because the Application processes Customer Data from Data Sources such as messaging platforms and document repositories, special categories of personal data may be incidentally present within Customer Data. In such cases, the Customer, as the controller of Customer Data, is responsible for ensuring that any processing of special categories of personal data complies with applicable data protection laws, including having a valid legal basis under Article 9 of the GDPR.

4. Purpose and legal basis for processing Personal Data

We process Personal Data for the following purposes:

1) Providing the Services and managing the Customer Relationship

The primary purpose of processing Personal Data is to provide the Services, including the Application, to Customers and Users and to manage and maintain the Customer Relationship. This includes processing necessary to enable the Application to respond to Queries and generate Outputs.

Personal Data is not used to develop, improve, or train generalized AI and/or ML models. Realm does not use, and ensures that no third party contracted by it uses, Customer Data to train or fine-tune AI Models or other types of artificial intelligence systems.

2) Marketing

We may, from time to time, send Users or Persons of Interest emails or other electronic communication about the Services. In this respect, processing of Personal Data is based on our legitimate interest to provide Users or Persons of Interest with relevant and tailored information of the Services, to promote the Services or to personalize the User experience. Users and Persons of Interest have the right to object to processing that is based on our legitimate interest, as indicated in 8. Data subject rights.

A User or Person of Interest may unsubscribe from all communications at any time by contacting us at contact@withrealm.com.

3) Service development and information security

We also process Personal Data to improve the quality of the Services, including to monitor and analyse the use of the Services, debug issues, review performance data, and ensure security. In these cases, the legal basis for data processing is our legitimate interest to ensure that our Services have an adequate level of data security, and that we have sufficient and relevant information at hand to develop our Services.

4) Automated decision-making and profiling

Realm does not use Personal Data for automated decision-making or profiling that produces legal or similarly significant effects on individuals. While the Application uses AI Models to generate Outputs based on Customer Data, these Outputs are provided as informational aids only and are not used to make automated decisions about individuals. Users and Customers are solely responsible for reviewing and verifying any Outputs before relying on them or using them to make decisions that may affect individuals.

5. Disclosures of personal data

We may disclose Personal Data to third parties:

when permitted or required by law, e.g. to comply with requests by competent authorities or related to legal proceedings;
when trusted Other Third Parties, such as cloud service providers, AI model providers, and other infrastructure partners, provide services to us (such trusted Other Third Parties who provide services to us will be referred to as “Service Providers”). Some of the Service Providers are acting on our behalf as data processors and act under our instructions. However, we may also use Service Providers acting as controllers (e.g., lawyers, accountants, etc.). In any case, the Service Providers are engaged for the purposes of pursuing the activities outlined in this Policy;

In particular, when Users submit Queries to the Application, Customer Data included in or relevant to the Query may be transmitted to third-party AI model providers for the purpose of generating Outputs. AI model providers process such data solely to provide their inference services and are contractually prohibited from using Customer Data to train or fine-tune their models. The specific AI model providers used by Realm may change from time to time; the current sub-processors are listed below.

As of the date of this Policy, Realm uses the following sub-processors in connection with the provision of the Services:

Google Cloud Platform (Google Cloud EMEA Limited, Dublin, Ireland) – cloud infrastructure
Aiven (Aiven Oy, Helsinki, Finland) – managed data infrastructure
Microsoft Azure (Microsoft Ireland Operations Limited, Dublin, Ireland) – cloud infrastructure and AI model hosting
PostHog (PostHog Inc., San Francisco, CA, United States) – product analytics
Amazon Web Services (Amazon Web Services, Inc., Seattle, WA, United States) – cloud infrastructure
E2B (FoundryLabs, Inc., San Francisco, CA, United States) – code execution infrastructure

Realm will notify Customers of any intended additions or replacements of sub-processors in accordance with the applicable Customer Agreement.

if we are involved in a merger, acquisition, or sale of all or a portion of our assets; and
when we believe in good faith that disclosure is necessary to protect our rights, protect safety of our Users or the safety of others or to investigate fraud.

6. Transfers of Personal Data outside of the EU/EEA

We store Personal Data on servers located in the European Economic Area (“EEA”) provided by cloud infrastructure providers such as Google Cloud Platform and Amazon Web Services.

We may transfer Personal Data outside the EEA when Service Providers, including AI model providers and analytics services, are located or otherwise process data there. To the extent Personal Data is transferred to a country outside of the EU/EEA, Realm will use appropriate legal mechanisms to safeguard the transfer, such as the European Commission’s standard contractual clauses or other measures permitted under applicable data protection laws.

7. Retention of Personal Data

Realm will only retain Personal Data for as long as necessary to fulfill the purposes defined in this Policy. As a rule, the data will be processed during the Customer Relationship. After that, Personal Data will be retained for a short period before deletion to ensure that all contractual rights or obligations by either party are fulfilled, for example bills are paid, and shortly returning Customers can retain their data. Some Personal Data may be retained longer when required by law, such as invoices and orders in accordance with accounting laws.

Where the Customer’s use of the Application is subject to a free trial or other time-limited arrangement, Customer Data will be deleted within thirty (30) days following the end of the Customer Relationship, unless the Customer requests earlier deletion or Realm is required by law to retain it.

When Realm processes Personal Data for marketing purposes, the data will be deleted after 2 years from the last contact between Realm and the User or Person of Interest or when the User or Person of Interest asks Realm to stop marketing and for a short period after this, allowing us to implement the request.

8. Data subject rights

Users and Persons of Interest have the following rights:

The right to request access to Personal Data about himself/herself;
The right to request rectification, restriction or erasure of Personal Data. However, certain information is strictly necessary in order to fulfil the purposes defined in this Policy and may also be required by law. Thus, it may not be possible to remove such Personal Data;
The right to object to processing that is based on legitimate interest;
The right to object to processing for marketing purposes and prevent from receiving future direct marketing;
If processing of Personal Data is based on consent, the User has the right to withdraw consent at any time. The withdrawal will not affect the lawfulness of the processing carried out before the withdrawal; and
The right to data portability, i.e. the right to receive the Personal Data in a structured, commonly used machine-readable format and transmit the Personal Data to another data controller, to the extent required by applicable law. This applies to Personal Data processed based on a Customer Relationship or the User’s consent.

Please send above-mentioned requests to us at contact@withrealm.com.

If you think there is a problem with the way we are handling your Personal Data, you have a right to file a complaint to your national data protection authority in the EU/EEA. You may also file a complaint to the data protection authority in any other EU country where you live, work, or where you think the alleged violation has occurred.

9. Security

We maintain reasonable security measures (including physical, electronic, and administrative) to protect Personal Data from loss, destruction, misuse, and unauthorized access or disclosure.

Please be aware that, although we endeavour to provide reasonable security measures for Personal Data, no security system can prevent all potential security breaches.

10. Changes to this policy

We may change this Policy from time to time. We will bring such changes to the attention of Users by using the available communication channels, including via the Application or by email. The most recent version of this Policy can always be found at https://www.withrealm.com/privacy-policy.

11. Cookie Policy

A "cookie" (hereinafter “Cookie”) is a piece of information that is stored on a person’s Device when they visit a website or use a service. Other technologies classified here as Cookies may be used for the same purpose. Cookies can help in identifying a person’s Device when they use a mobile application or visit a website and remember helpful details about the use and the choices made by the person to improve the experience.

Cookies cannot be used alone to identify an individual, but they may be linked directly or indirectly to an identifiable individual when combined with other information. In these cases, Cookies may be treated as Personal Data. If we identify a User based on Cookies, we make sure that all Cookie information is processed as Personal Data in accordance with applicable data protection laws.

Where Users give us their consent to place Cookies and to use similar technologies, Users have the right to withdraw their consent at any time. Users may withdraw consent or manage their Cookie preferences by adjusting their browser or device settings to block, limit, or remove Cookies. Users may also contact us at contact@withrealm.com to request withdrawal of consent. However, Cookies are an important part of how our Services work, so limiting the use of Cookies may affect a User’s ability to make use of the Services.

We may, from time to time, use both session and persistent Cookies for various purposes:

Session Cookies are stored in memory for the duration of the session and removed once the User closes the browser.
Persistent Cookies are placed on the hard drive of the User’s Device and stored until they expire or the User deletes the Cookies. We will retain information collected via persistent Cookies no longer than 2 years.

We may, from time to time, use both first and third party Cookies for various purposes.

First party Cookies refer to both session and persistent Cookies placed by us on our Website and in the Application.
Third party Cookies are Cookies that Other Third Parties, such as Google Analytics, Facebook, Twitter, and LinkedIn, place on our Website.

More detailed information on the type of Cookies, their purposes and duration can be requested by emailing us at contact@withrealm.com.

‍