Legal and trust
Subprocessors
Third-party providers that may process information for One Realm when their related features are used or configured.
Last updated: May 25, 2026Subprocessors
| Provider | Purpose | Data Processed |
|---|---|---|
| Firebase / Google | Authentication, email verification, session identity, Firebase user profile data. | Email, display name, profile photo, Firebase UID, auth metadata. |
| Configured object storage provider | File and asset storage. | Uploaded PDFs, generated images, map assets, user assets, extracted artifacts. |
| Stripe | Checkout, subscriptions, billing, payment status, invoices, tax/payment records. | Email, payment metadata, subscription IDs, billing events. Full card details are handled by Stripe. |
| OpenAI | Chat, image generation, AI-assisted extraction, vision, map/placement processing, and related AI features. | Prompts, chat messages, campaign context, images, generated assets, extracted text, map data, relevant source content. |
| Mistral AI | OCR and PDF/source extraction. | Uploaded PDF pages, rendered pages, OCR inputs/outputs, extracted source text. |
| DeepSeek | Optional LLM provider for extraction analysis if enabled. | Extracted text, prompts, candidate data, campaign source context. |
| PostHog | Product analytics, backend event capture, exception diagnostics, frontend analytics, autocapture, and session recording if enabled. | Product events, user identifiers, browser metadata, page paths, interaction data, exception data, session replay data if enabled. |
| Hosting provider | Application hosting, networking, logs, runtime infrastructure. | Requests, logs, IP-derived metadata, app data in transit. |
| Database provider | PostgreSQL hosting. | Account, campaign, character, VTT, chat, extraction, credit, and subscription records. |
| Email provider | Product, support, account, or transactional email beyond Firebase auth emails. | Email address, message metadata, support content. |
AI Provider Notes
AI and OCR providers may process user content only to provide requested features. Where available, One Realm prefers provider settings that limit training use and retention.
- AI providers may vary by feature and deployment.
- Optional providers process data only when their related features are enabled or requested.
- Provider regions, retention, and training-use settings may vary by provider policy and account configuration.
Changes to Subprocessors
One Realm may update this list when subprocessors are added, removed, or changed. For material changes, One Realm will provide reasonable notice through the app, email, or this page.
Contact
Subprocessor questions: privacy@one-realm.com.