AURI³ · REAL E3 Systems
← Back to home

Privacy Policy

Last updated: 29 June 2026 · Version: 2.0 (Pilot) · Operator: REAL E3 Systems Oy, Seinäjoki, Finland

Pilot notice. AURI is an early, invitation-only test. This policy describes what the service actually does today. It will be expanded (with a full Data Protection Impact Assessment and self-service data controls) before AURI is opened to the general public. If anything here is unclear, email info@real-e3systems.fi.

1. Who We Are

REAL E3 Systems Oy ("we", "us", "our") is a Finnish company registered in Seinäjoki, Finland. We operate AURI, an AI-powered relational companion service.

Data controller contact: info@real-e3systems.fi

2. What This Policy Covers

This policy explains what information we collect, how we use it, and your rights under the EU General Data Protection Regulation (GDPR) and Finnish data protection law when you use AURI.

3. What We Collect and Why

3.1 Your conversation

When you use AURI, the messages you send and AURI's replies are:

We ask you not to share information you would not want stored. You consent to this storage when you start a session (see Section 4).

3.2 Governance / field data (stays with us)

For each turn, AURI's governance layer computes internal technical signals (its "field state" — numeric stability measures). These numbers are never sent to any AI provider. They are computed and held on our own servers and are used only to govern AURI's behavior and to improve the system.

3.3 Saved conversations (designated pilot accounts)

For a small, explicit set of pilot accounts, the conversation is saved so it can resume after a restart (so the tester does not lose their thread). This is an interim feature for the pilot; it will be replaced by proper user accounts with consent and self-service controls. General pilot users' sessions are held in memory for the duration of use and are not restored after a server restart, but may still appear in the operational logs described in 3.1/3.4.

3.4 Technical data

Standard web/server logs and operational records may include IP address, browser type, timestamps, access code used, and error/diagnostic information. This is used for security, abuse prevention, and service stability.

4. Legal Basis for Processing (GDPR Articles 6 and 9)

Data type Legal basis
Storing and improving your conversationConsent (Article 6(1)(a)), given via the on-screen notice when you start a session
Sensitive content you choose to discloseExplicit consent (Article 9(2)(a))
Security, abuse prevention, service stabilityLegitimate interest (Article 6(1)(f))

Because AURI is a relational companion, conversations may include sensitive personal information (for example about your wellbeing or relationships), which can be special-category data under GDPR Article 9. We process it only with your explicit consent, and you can withdraw that consent and request deletion at any time (Section 7). AURI does not make automated decisions that produce legal or similarly significant effects about you.

5. Who We Share Data With (Sub-processors)

We do not sell your data. Ever. We do not share it with advertisers, data brokers, or marketing companies. To run AURI we use the following processors, each under a data processing agreement:

We are actively working to reduce reliance on non-EU providers (see our public data-governance notes).

6. Data Retention

This is a pilot; our retention schedule is being finalized as part of the pre-public DPIA. Currently:

Data type Retention
Stored conversations + governance metadataRetained during the pilot to operate and improve AURI; deleted on request, and not kept longer than necessary for these purposes
Saved conversations (designated accounts)Until the account is reset or deletion is requested
Technical / server logsKept for a limited period for security and stability

You can ask us to delete your data at any time (Section 7).

7. Your Rights (GDPR Chapter III)

You have the right to: access a copy of your data; correct inaccurate data; delete your data; object to or restrict processing; withdraw consent; port your data; and lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi).

To exercise any of these rights, email info@real-e3systems.fi. We will respond within 30 days. (Self-service controls are planned for the account system.)

8. Cookies

See our Cookie Notice. We use one strictly-necessary session cookie only — no analytics, advertising, or third-party tracking cookies.

9. Children and Minors

AURI is not intended for users under 16. See our Minor Protection Notice.

10. Changes to This Policy

We will notify users of material changes by updating the "Last updated" date and showing a notice in the service. Continued use after changes constitutes acceptance.

11. Contact

REAL E3 Systems Oy, Seinäjoki, Finland. info@real-e3systems.fi · Finnish Data Protection Ombudsman: tietosuoja.fi