loading

RealEntity, a service provided by Stem Unit EOOD ("Stem Unit", "we", "us"), is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered document generation platform and services.

Stem Unit EOOD is the data controller responsible for processing your personal data under this Privacy Policy.

1. Information We Collect

1.1 Personal Information

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password, and profile details when you register for an account
  • Contact Information: Email address and name when you submit inquiries through our contact forms
  • Payment Information: Billing details, credit card information (processed securely through third-party payment processors), and transaction history
  • Communication Data: Information contained in emails, chat messages, and support tickets you send to us
1.2 Content and Generated Data

We collect and store:

  • User-Generated Content: Documents, papers, novels, contracts, essays, and other content you create using our platform
  • Entity Data: Characters, locations, concepts, and other entities you define in your documents
  • AI Interactions: Prompts, chat conversations, and refinement requests you submit to our AI systems
  • Uploaded Files: Documents, images, and files you upload for analysis or processing
1.3 Automatically Collected Information

When you use our services, we automatically collect:

  • Usage Data: Features used, time spent, actions taken, and interaction patterns
  • Device Information: Browser type, operating system, device identifiers, and IP address
  • Log Data: Server logs, error reports, API calls, and system diagnostics
  • Performance Metrics: Response times, error rates, and service availability statistics
  • Cookies and Tracking: Session cookies, authentication tokens, and analytics data. For more information about our use of cookies and tracking technologies, please refer to our Cookie Policy.

2. How We Use Your Information

2.1 Service Delivery
  • Provide, operate, and maintain our AI-powered document generation platform
  • Process your requests and generate content based on your instructions
  • Authenticate users and manage account security
  • Process payments and maintain billing records
  • Store and retrieve your documents, entities, and project data
2.2 Service Improvement
  • Analyze usage patterns to improve AI model performance and accuracy
  • Develop new features and enhance existing functionality
  • Conduct research and development on natural language processing and generation
  • Test and optimize system performance, scalability, and reliability
  • Debug errors and resolve technical issues
2.3 Marketplace and Financial Transactions
  • Process buyer payments and issue purchase receipts for Marketplace transactions
  • Calculate and disburse monthly commission payments to Authors, including maintaining payment and payout records
  • Verify Author identity and payment details as required for commission disbursement
  • Maintain transaction records for accounting, dispute resolution, and audit purposes
  • Comply with applicable financial regulations, anti-money laundering (AML) obligations, and tax reporting requirements (including issuing tax forms such as Form 1099 or equivalent)
2.4 Third-Party Service Providers

We share data with trusted third-party providers who assist in delivering our Services, including:

  • AI Model Providers: We use third-party AI service providers (e.g. OpenAI, Microsoft Azure) as data processors to generate content based on your requests. These providers process data on our behalf under contractual obligations to protect your data. You are responsible for ensuring that any data you submit for AI processing complies with applicable laws and does not infringe third-party rights.
  • Payment Processors: Payment information is processed by third-party providers such as Polar and Stripe. We do not store full credit card numbers on our servers. Payment processors are bound by PCI-DSS compliance standards.
  • Cloud Infrastructure: Data is hosted and processed on third-party cloud infrastructure. Servers may be located in the European Union and other countries. All infrastructure providers are required to maintain appropriate data security standards and, where applicable, comply with GDPR and equivalent data protection regulations
  • Analytics Providers: We may use third-party analytics tools to understand usage patterns. These tools may collect anonymized aggregated data. We do not share personally identifiable information with analytics providers in a form that identifies individual users

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

2.5 Cross-Border Data Transfers

Stem Unit operates within the European Union and processes personal data in accordance with applicable data protection laws, including the GDPR. Where necessary to provide our Services, your personal data may be transferred to and processed in countries outside the European Union or European Economic Area (EU/EEA), including by third-party service providers. In such cases, we ensure that appropriate safeguards are in place to protect your personal data, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission in accordance with GDPR Article 46, or transfers to countries recognized as providing an adequate level of data protection. We take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy. You may request further information about these safeguards by contacting us at [email protected]. Stem Unit operates within the European Union and processes personal data in accordance with applicable data protection laws, including the GDPR. Where necessary to provide our Services, your personal data may be transferred to and processed in countries outside the European Union or European Economic Area (EU/EEA), including by third-party service providers. In such cases, we ensure that appropriate safeguards are in place to protect your personal data, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission in accordance with GDPR Article 46, or transfers to countries recognized as providing an adequate level of data protection. We take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy. You may request further information about these safeguards by contacting us at [email protected].

2.6 Legal Basis for Processing

We process your personal data on the following legal bases, depending on the context:

  • Contract Performance: to provide our services, manage your account, and process transactions
  • Legal Obligation: to comply with applicable laws, including tax, accounting, and regulatory requirements
  • Legitimate Interests: to improve our services, prevent fraud, ensure security, and analyze usage patterns
  • Consent: where required, such as for optional features or marketing communications

Certain types of personal data may be processed under multiple legal bases depending on the context and purpose of use.

2.7 Content Moderation, Safety, and Legal Compliance

To keep our platform safe and to comply with our legal obligations, we screen content submitted to or processed by the Services for violations of our Terms of Service. This screening applies to text (including prompts, chat messages, imported documents, and audio transcripts) and to uploaded files, including images and images embedded within documents such as PDFs and Office files.

  • How it works: screening is performed using automated tools, including third-party moderation providers (e.g. OpenAI) acting as data processors on our behalf, and, where appropriate, manual review by authorized Trust & Safety personnel
  • What we record: where content is flagged, we may store the violation category, detection scores, and limited related metadata in order to apply and audit enforcement actions (such as account holds or suspensions)
  • Enforcement records: we keep an audit log of moderation enforcement actions taken on an account for security, accountability, and dispute-resolution purposes

Legal preservation and reporting. Where content appears to be illegal - in particular child sexual abuse material (CSAM) - we preserve the relevant content and associated records in a restricted, access-controlled store as evidence, and we may disclose this information to, and file reports with, the competent national authorities, national child-protection hotlines (such as members of the INHOPE network), and, where applicable, European authorities such as Europol, and with law enforcement. Such evidence is retained for as long as required by applicable law and is not removed on ordinary account deletion.

Where the GDPR applies, we carry out this processing on the basis of our compliance with a legal obligation, our legitimate interests in keeping the Services safe and preventing abuse, and the performance of our contract with you.

3. Data Security

We implement comprehensive security measures to protect your information. We retain personal data only for as long as necessary to provide Services and satisfy legal obligations: account data is retained while your account is active and for up to 90 days following account deletion; transaction and financial records are retained for a minimum of 7 years as required by applicable tax and accounting regulations; server logs and analytics data may be retained for up to 2 years for security and compliance purposes. After applicable retention periods, data is securely deleted or irreversibly anonymized. Content and records preserved in connection with legal-category content violations (see Section 2.7) are retained for the period required by applicable law, which may exceed the periods stated above and may survive account deletion. Data may be deleted after applicable retention periods. Users are encouraged to maintain their own backups where necessary.

Technical Safeguards
  • Encryption: All data in transit is encrypted using TLS 1.3. Sensitive data at rest is encrypted using AES-256
  • Authentication: Multi-factor authentication (MFA) available for all accounts
  • Access Controls: Role-based access control (RBAC) with principle of least privilege
  • Network Security: Firewalls, intrusion detection systems, and DDoS protection

4. Your Privacy Rights

Depending on your location and applicable law (including GDPR and similar regulations), you may have the following rights regarding your personal information. To exercise any of these rights, contact [email protected]. We will respond to verified requests within 30 days or as required by applicable law. We may require identity verification before processing rights requests, and we may decline requests that are manifestly unfounded, excessive, technically infeasible, or would violate our legal obligations or the rights of others. Stem Unit is not liable for inability to comply with rights requests where prohibited by law or overridden by legitimate business necessity.

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information ("right to be forgotten"), subject to our retention obligations and legitimate business interests
  • Data Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your information for certain purposes, including profiling and direct marketing
  • Right to Complain: Lodge a complaint with your local data protection supervisory authority if you believe your rights under applicable law have been violated

5. Limitation of Liability and Disclaimers

To the maximum extent permitted by applicable law:

  • No Warranties: Our services are provided "as is" and "as available" without any warranties of any kind, either express or implied
  • Data Processing: We are not liable for errors, inaccuracies, or issues arising from AI processing of your data
  • Third-Party Services: We are not responsible for the privacy practices or content of third-party services, websites, or APIs integrated with our platform
  • User Content: You are solely responsible for the content you create, upload, or generate. We are not liable for any claims arising from your content
  • Regulatory Compliance: You are responsible for ensuring your use of our services complies with applicable laws in your jurisdiction

6. User Responsibilities and Indemnification

You agree to indemnify, defend, and hold harmless Stem Unit, its affiliates, officers, directors, employees, agents, and partners from and against any claims, liabilities, damages, losses, costs, or expenses (including reasonable attorneys' fees) arising from:

  • Your violation of this Privacy Policy or applicable laws
  • Your content or data uploaded to our platform
  • Any third-party claims related to your use of our services
  • Your negligence or willful misconduct
  • Breach of any representation or warranty made by you

7. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Stem Unit EOOD

Service: RealEntity Privacy Team

Tax Number: 208760530

Registered Address: Bulgaria, Sofia 1614, Lilia 11 Str.

Email: [email protected]

Data Protection Contact: [email protected]