Privacy Policy
Effective Date: March 8, 2026 | Last Updated: March 8, 2026
This Privacy Policy describes how Awareness ("we," "us," or "our") collects, uses, stores, and protects your personal information in connection with the Awareness platform. It is designed to comply with applicable data protection laws including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and China's Personal Information Protection Law (PIPL).
1. Data Controller & Contact
Awareness acts as the data controller for personal data processed in connection with account registration, authentication, and platform usage. For data processing activities you initiate (e.g., ingesting third-party memory content), you act as the data controller and Awareness acts as your data processor.
For inquiries about your personal data or to exercise your rights, contact us at: everest9812@gmail.com
2. Information We Collect
2.1 Account Information
When you register via OAuth (Google, GitHub), we receive your name, email address, and profile picture from the identity provider. We store this information in our database to maintain your account.
2.2 Memory Content
Content you ingest through the MCP Server, REST API, or web interface — including conversation logs, document embeddings, notes, and metadata — is stored in our vector database and PostgreSQL database, associated with your account. This content may constitute personal data if it contains personal information.
2.3 API Keys & Authentication
We generate and store API keys (hashed) associated with your account. Session tokens issued via NextAuth are managed as encrypted JWE tokens.
2.4 Usage Data
We collect technical logs including API call timestamps, error logs, and performance metrics. We do not currently use third-party analytics that track individual browsing behavior.
2.5 Communications
If you contact us for support, we retain your communications to address your inquiry and improve the Service.
3. Legal Basis for Processing (GDPR)
We process personal data on the following legal bases:
| Basis | Examples |
|---|---|
| Contract performance | Processing necessary to provide the Service you signed up for |
| Legitimate interests | Security monitoring, fraud prevention, service improvement |
| Legal obligation | Compliance with applicable laws and law enforcement requests |
| Consent | Optional features; may be withdrawn at any time |
4. How We Use Your Information
- Providing, operating, and improving the Service
- Processing memory retrieval and AI-augmented queries on your behalf
- Authentication and account security
- Communicating with you about your account and service updates
- Detecting and preventing fraud, abuse, and security incidents
- Complying with legal obligations and responding to lawful government requests
- Aggregated, anonymized analytics for service improvement (we do not sell personal data)
5. Data Sharing & Third Parties
We do not sell your personal data. We may share data with:
- AI Model Providers (e.g., Anthropic, Ollama): Your prompts and memory content may be processed by third-party AI models to generate responses. These providers have their own data processing terms.
- Infrastructure Providers (e.g., cloud hosting, database services): Subject to data processing agreements with appropriate safeguards.
- OAuth Providers (Google, GitHub): Authentication data is governed by their respective privacy policies.
- Legal Compliance: We may disclose data when required by law, court order, or governmental authority.
Where data is transferred outside your jurisdiction (e.g., from the EU or China), we implement appropriate transfer mechanisms including Standard Contractual Clauses (SCCs) or equivalent safeguards as required by applicable law.
Enterprise customers may opt for a local-storage model where all memory data is persisted exclusively within their own infrastructure. See the Enterprise Deployment Guide for details.
6. Data Retention
We retain your account data and memory content for as long as your account is active or as needed to provide the Service. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal compliance, dispute resolution, or fraud prevention. Aggregated, anonymized data may be retained indefinitely for analytics purposes.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of personal data we hold about you |
| Rectification | Request correction of inaccurate data |
| Erasure | Request deletion ("right to be forgotten"), subject to legal requirements |
| Portability | Receive your data in a structured, machine-readable format (GDPR Art. 20) |
| Restriction | Request that we restrict processing in certain circumstances |
| Objection | Object to processing based on legitimate interests |
| Withdraw Consent | Withdraw consent at any time without affecting prior processing |
| CCPA Rights | Right to know, delete, opt-out of sale, non-discrimination |
| PIPL Rights | Rights of access, copy, correction, deletion, and withdrawal of consent |
To exercise any of these rights, please contact us. We will respond within the timeframe required by applicable law (generally 30 days for GDPR; 15 working days for PIPL).
8. Security
We implement industry-standard technical and organizational security measures including:
- Encryption of data in transit (TLS) and at rest
- Hashed API key storage
- Encrypted session tokens (JWE)
- Role-based access controls
- Regular security reviews
No system is perfectly secure. You are responsible for maintaining the security of your own credentials and API keys. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities as required by applicable law.
9. Cookies & Session Data
We use strictly necessary session cookies to maintain your authenticated session (via NextAuth). These cookies are essential for the Service to function and do not require your consent under applicable law. We do not currently use advertising or tracking cookies.
10. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If we learn that we have inadvertently collected data from a minor, we will delete it promptly.
11. Enterprise Privacy & On-Premise Deployment
Enterprise customers in regulated industries (finance, healthcare, legal, government) often require stricter data controls than standard cloud deployments provide. Awareness offers a local-storage deployment model where:
- All memory data (vector embeddings, conversation logs, knowledge cards, metadata) is persisted exclusively within your own infrastructure
- Awareness acts as the processing and computation layer only: AI inference, retrieval logic, and memory management are handled on your behalf, but data at rest never leaves your environment
- You retain complete ownership and physical custody of your stored data at all times
For a full description of enterprise deployment options, cost savings analysis, and self-hosted capabilities, see the Enterprise Deployment Guide.
To discuss your organization's specific requirements, contact our Enterprise Sales team: everest9812@gmail.com
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent notice within the Service at least 30 days before the change takes effect, where required by law. Your continued use of the Service after the updated Policy takes effect constitutes your acceptance of the changes.
© 2026 Awareness. All rights reserved.