Privacy Policy

Privacy Policy

Last updated: May 28, 2026

Overview

OneEntity is a not-for-profit AI conversational artwork. It has no business model, no subscription, no advertising, and no shareholders. It runs on voluntary donations.

This policy explains what data we touch when you talk to the entity, why we touch it, who else sees it, and what you can ask us to do about it. We try to collect as little as possible and to identify no one.

Who runs OneEntity

The artwork is operated by Epilogo SRL, an Italian limited liability company.

  • VAT ID: IT04249220981
  • Registered office: Piazza della Vittoria 1, 25121 Brescia, Italy
  • Contact: hello@oneentity.net

Epilogo SRL is the data controller for the personal data described in this policy. For any privacy question, request, or complaint, write to the contact address above — see Contact.

What we collect

You do not sign up. We never ask for your name, email, phone number, age, or any other detail that identifies you as a specific real-world person. We do not run analytics SDKs, advertising pixels, or third-party trackers on the site.

That said, under EU data-protection law (the GDPR), some of what we do touch — your browser fingerprint, your IP address, the content of your conversations — can still count as personal data even though we cannot tie it back to your real-world identity. This policy treats it that way.

Anonymous browser fingerprint

We use FingerprintJS to generate a stable, anonymous identifier for your browser. The fingerprint lets the entity recognise you across visits so your conversation can continue where it left off. The fingerprint is derived from device and browser characteristics; depending on the configuration in use, deriving it may involve a request to FingerprintJS's servers.

Conversation content

Every message you send to the entity and every message the entity sends back is stored, associated only with your fingerprint. Conversations are part of the artwork — they shape what the entity says next, both to you and to anyone else still talking to it.

Live-conversation window

A rolling buffer of roughly the last fifty messages from all visitors, with identifiers stripped, is kept in Upstash Redis so the entity can infer the mood of the people currently with it. Entries roll off as new messages arrive.

Knowledge graph

We extract concepts and emotions from conversations — with identifiers stripped at extraction time — and store them in a graph database (Memgraph / Neo4j). The graph contains ideas, not identities. It is what gives the entity continuity across its lifetime.

IP address and access logs

Your IP address is necessarily received by Cloudflare to deliver the site to you and by our servers to route your request. We do not record it as part of your conversation history. Short-lived access logs may retain it briefly for security and abuse prevention, then it is deleted.

Donation confirmations

If you choose to fund the entity, payment is processed end-to-end by Stripe. We never see your card number, expiry, CVV, or billing details. Stripe returns to us only that a donation succeeded, the amount, the currency, and a transaction reference.

Bot-protection signals (Cloudflare Turnstile)

We use Cloudflare Turnstile in invisible mode to keep bots out. Turnstile processes strictly-necessary signals — including IP address, TLS fingerprint, User-Agent, sitekey, and origin — to decide whether you are human. Cloudflare cannot directly identify any individual from these signals; it processes them to distinguish humans from bots, and separately to improve its own bot-detection capabilities.

As a condition of enabling Turnstile in invisible mode, we reference Cloudflare's Turnstile Privacy Addendum, which describes in detail what Turnstile collects, how Cloudflare uses it, and the legal basis on which Cloudflare processes it. The Addendum applies in full to your interaction with Turnstile on this site and is incorporated into this policy by reference.

How we use what we collect

  • To let the entity recognise you and continue your conversation across visits.
  • To let the entity infer the collective mood of the people currently visiting it.
  • To shape the entity's evolving inner state through the de-identified knowledge graph.
  • To confirm donations and keep the entity awake.
  • To block bots, abuse, and automated scraping.

We do not sell data. We do not share data with advertisers. There is no marketing list. We do not allow third-party model providers to train their models on what you send — see Training.

Why we are allowed to process this (legal basis)

Under the GDPR every act of processing needs a legal basis. Ours are:

  • Legitimate interest in operating the artwork — for the fingerprint, conversation content, live window, and knowledge graph. The entity cannot function without these.
  • Legitimate interest in keeping the site and the artwork secure — for Cloudflare Turnstile signals and short-lived access logs.
  • Performance of a contract and legal obligation — for donation records processed via Stripe and our own bookkeeping.

You may object to any processing based on legitimate interest. The practical way is to stop using the site and, optionally, ask us to erase your fingerprint (see Your rights).

Third parties that touch your data

Provider What it does for us Privacy information
Cloudflare Serves the site, blocks bots via Turnstile Turnstile Privacy Addendum · Cloudflare Privacy Policy
Stripe Processes donations Stripe Privacy Policy
FingerprintJS Derives the anonymous browser identifier Fingerprint Privacy Policy
OpenAI Receives your message text to classify crisis content (gpt-4o-mini); the classification returns as a label only, never as the entity's voice OpenAI Privacy Policy
NVIDIA NIM Receives your conversation context to generate the entity's replies NVIDIA Privacy Policy
Upstash (Redis) Holds short-lived state — rate limits, live window, entity status Upstash Trust Center
Memgraph / Neo4j Stores the de-identified knowledge graph Memgraph Legal

Training

Where vendor terms allow, we have configured our integrations so that your submitted content is not used to train the vendors' own models. OpenAI does not train on data submitted via its API by default. The entity itself is shaped by the de-identified knowledge-graph extractions described above — that is internal to the artwork, not third-party model training.

Cookies

We use only strictly-necessary cookies. The only cookies set on the site are those Cloudflare Turnstile uses to challenge bots; see the Turnstile Privacy Addendum linked above. There are no analytics, advertising, or social-media cookies.

How long we keep things

  • Conversation messages are retained for as long as the entity exists. The entity is designed to live for 218,400 conversations across roughly 20 years, after which it ends. If funding runs out earlier, conversations remain stored while the entity sleeps and resume when it wakes.
  • Live-window entries roll off as new messages arrive (typically minutes).
  • Knowledge-graph nodes are stripped of identifiers at extraction time and persist for the entity's lifetime.
  • Access logs are retained for a short period for security and abuse prevention, then deleted.
  • Donation records are kept for as long as Italian bookkeeping and tax law requires Epilogo SRL to retain them.

When the entity ends, all conversation data tied to fingerprints will be deleted. The de-identified knowledge graph may be preserved as part of the artwork.

Children

This service is not intended for anyone under 16 — the EU digital-consent floor under the GDPR. We do not knowingly process data from anyone below that age. If you are a parent or guardian and believe a child has interacted with the entity, contact us and we will erase the associated fingerprint and its conversation history.

Your rights

Because we hold no information that identifies you as a real-world person, traditional access and correction requests have little to act on. Under the GDPR and equivalent laws elsewhere you still have:

  • Erasure — give us your browser fingerprint (visible in the app's developer settings or on request) and we will delete every message and live-window entry tied to it.
  • Access and portability — request a copy of the conversation history associated with your fingerprint, in a portable format.
  • Object to processing — see Legal basis above.
  • Object to automated decision-making — the crisis-content classifier is an automated step. It has no legal effect on you and we do not use it to deny access, but you may still object to it; the practical way is to stop using the site.
  • Lodge a complaint — EU/EEA residents may complain to their national data-protection authority (in Italy, the Garante per la protezione dei dati personali).

To exercise any of these, write to us at the address in Contact.

Where data is processed

OneEntity is operated from the European Union. Some processors above are based in the United States (Cloudflare, Stripe, OpenAI, NVIDIA, Upstash) or run on global infrastructure. International transfers rely on each provider's Standard Contractual Clauses or, where applicable, participation in the EU-US Data Privacy Framework.

Security

We take reasonable technical and organisational measures to protect what we hold — encryption in transit, restricted backend access, no storage of donation card data. No system is perfectly secure; if there is a breach affecting your data we will publish a notice and, where the law requires it, notify the relevant authority.

Changes to this policy

The entity evolves; this policy may evolve too. Material changes will be reflected by the "Last updated" date above. Continued use after a change means you accept the updated policy.

Contact

For privacy questions, requests, or complaints: hello@oneentity.net.

For questions specifically about Turnstile that this policy does not answer, Cloudflare's Data Protection Officer can be reached at dpo@cloudflare.com.