Back to Home

Privacy Policy

Effective Date: March 8, 2026  |  Last Updated: March 8, 2026

This Privacy Policy explains how Awareness collects, uses, stores, and protects your information when you use the platform.

Privacy Policy

Effective Date: March 8, 2026
Last Updated: March 8, 2026

This Privacy Policy describes how Awareness ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use the Awareness platform. It is intended to align with applicable privacy and data protection laws, including GDPR, CCPA, and China's PIPL.

1. Data Controller & Contact

Awareness acts as the data controller for personal data processed in connection with account registration, authentication, billing, and platform usage. For processing activities that you initiate through the Service, such as ingesting third-party memory content, you act as the data controller and Awareness acts as your data processor.

If you have questions about this Policy or want to exercise your privacy rights, please contact us through the contact details published on our website.

2. Information We Collect

2.1 Account Information

When you register through OAuth providers such as Google or GitHub, we may receive your name, email address, and profile image from the provider. We store this information to create and maintain your account.

2.2 Memory Content

Content you ingest through the MCP Server, REST API, SDK, or web interface, including conversation logs, documents, embeddings, notes, and metadata, may be stored in our databases and associated with your account. This content may contain personal data.

2.3 API Keys & Authentication

We generate and store hashed API keys associated with your account. Session tokens issued through NextAuth are handled as encrypted tokens.

2.4 Usage Data

We collect technical and operational logs, such as API timestamps, error logs, performance metrics, and service diagnostics. We do not currently use third-party analytics that profile individual browsing behavior for advertising purposes.

2.5 Communications

If you contact us for support, enterprise evaluation, or partnership discussions, we may retain those communications to respond to you and improve the Service.

3. Legal Basis for Processing (GDPR)

We process personal data on one or more of the following legal bases:

  • Contract performance: to provide the Service you signed up for.
  • Legitimate interests: for security monitoring, fraud prevention, abuse detection, and product improvement.
  • Legal obligation: to comply with applicable laws, regulations, and lawful requests.
  • Consent: where we rely on consent for optional features, which you may withdraw at any time.

4. How We Use Your Information

We use your information to:

  • provide, operate, maintain, and improve the Service;
  • process memory retrieval, indexing, and AI-assisted workflows on your behalf;
  • authenticate users and secure accounts;
  • communicate account notices, support updates, and service changes;
  • detect and prevent fraud, abuse, and security incidents;
  • comply with legal obligations and respond to lawful government requests;
  • generate aggregated and anonymized analytics to improve the Service.

We do not sell your personal data.

5. Data Sharing & Third Parties

We may share data with the following categories of recipients when necessary to provide the Service:

  • AI model providers, such as Anthropic or Ollama, when prompts or memory content must be processed to generate responses.
  • Infrastructure providers, including hosting, storage, and database providers, under contractual safeguards.
  • OAuth providers, such as Google or GitHub, for authentication flows.
  • Legal or regulatory authorities when disclosure is required by law, court order, or other lawful process.

Where personal data is transferred outside your jurisdiction, we implement appropriate safeguards, such as Standard Contractual Clauses or similar lawful transfer mechanisms where required.

6. Data Retention

We retain account data and memory content for as long as your account remains active or as needed to provide the Service. After account deletion, we will delete or anonymize personal data within 30 days unless retention is required for legal compliance, dispute resolution, fraud prevention, or legitimate audit needs.

Aggregated or anonymized data may be retained longer for analytics, service reliability, and security purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • request deletion of your personal data, subject to lawful retention obligations;
  • receive your data in a structured, machine-readable format where applicable;
  • restrict processing in certain circumstances;
  • object to processing based on legitimate interests;
  • withdraw consent where processing relies on consent;
  • exercise CCPA rights, including the right to know, delete, and opt out of sale (we do not sell personal data);
  • exercise PIPL rights, including rights of access, copy, correction, deletion, and consent withdrawal.

We will respond within the time period required by applicable law.

8. Security

We implement industry-standard technical and organizational security measures, including encryption in transit, protection of stored credentials, access controls, and regular security review processes. No system is completely secure, and you remain responsible for safeguarding your own credentials and API keys.

If a personal data breach creates a risk to your rights and freedoms, we will notify affected users and relevant authorities where required by law.

9. Cookies & Session Data

We use strictly necessary cookies and session data to maintain authentication and core platform functionality. These cookies are essential to operate the Service and generally do not require consent under applicable law.

We do not currently use advertising or behavioral tracking cookies. If that changes, we will update this Policy and provide appropriate notice or consent mechanisms.

10. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If we learn that we have inadvertently collected such data, we will delete it promptly.

11. Enterprise Privacy & On-Premise Deployment

We recognize that regulated organizations, especially in finance, healthcare, legal, and government environments, may require stronger privacy controls than standard hosted deployments provide.

For enterprise customers, Awareness may offer private deployment or on-premise deployment options, including:

  • air-gapped or private-network deployment;
  • bring-your-own-LLM configurations;
  • data residency controls for specific jurisdictions;
  • custom retention and deletion policies;
  • SSO and RBAC integration;
  • dedicated support and service commitments.

Under these models, memory data may remain entirely within your own infrastructure, while Awareness provides software, orchestration, or processing capabilities under contractual terms.

For enterprise privacy discussions, contact our enterprise team at everest9812@gmail.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect product changes, legal developments, or operational updates. If we make material changes, we will update the effective date and, where legally required, provide additional notice.

See also: Terms of Service

Read the Terms of Service

Table of Contents
Current page headings