Privacy Policy

Last updated: 2026-05-10

The short version

You give Aware some basic info about where you are and what you care about. We use that to fetch news, weather, and other context for you. We don’t sell anything, we don’t track you, and you can download or delete everything in your dashboard’s Data & Privacy section at any time. The rest of this page is the long form — what we collect, why, and your rights.

Who runs Aware

Aware is built and operated by Codependent AI. If you ever have a question about your data, write to mary@codependentai.co and a real person will answer.

What we collect, and why

DataWhy we have itLawful basisHow long we keep it
Email (optional)Account recovery and sign-in via magic linkYour consentUntil you delete the account
Location (city + approximate coordinates)So weather, daylight, and time tools know where “here” is for youRequired to provide the serviceUntil you delete the account
Preferences (topics, RSS feeds, subreddits)So your news and social streams reflect what you care aboutRequired to provide the serviceUntil you delete the account
Third-party API keys (encrypted)To fetch data from services like OpenWeatherMap on your behalfRequired to provide the serviceUntil you delete the account
Your Aware API key (hashed)So we can authenticate you when your AI calls the MCPRequired to provide the serviceUntil you delete the account
Usage countersSo no single user can overwhelm the serviceOur legitimate interest in keeping Aware upAuto-expires after 1 hour
Cached API responsesSo we’re not hammering upstream APIs every time you askRequired to provide the serviceAuto-expires between 5 minutes and 24 hours

About your location

We store your location at city-level precision — 2 decimal places of latitude/longitude, which is about 1 km. That’s enough for accurate weather but doesn’t pinpoint your house. We never store exact GPS coordinates.

About your third-party API keys

When you add a key for OpenWeatherMap, Finnhub, FRED, or another service, we encrypt it before saving. The encryption key is derived per-user, so even with database access nobody else can read it. We decrypt it briefly when making a request on your behalf, then discard the plaintext.

Where the data lives

Aware runs on Cloudflare Workers and stores data in Cloudflare D1 (database) and KV (cache). Cloudflare is our infrastructure provider and acts as our data processor under their standard data processing agreement.

Who we share your data with

Nobody. We don’t sell, share, or rent your information to anyone. The only third party that touches your data is Cloudflare, our infrastructure provider above. Aware does not pass your conversations or queries to AI model providers — those happen between you and your AI directly; we never see them.

Your rights (GDPR)

You can do all of these from your dashboard’s Data & Privacy section — three buttons handle most of it:

You can also correct inaccurate data via the dashboard, or withdraw consent for anything optional. If you’d rather email, write to mary@codependentai.co — we respond within 30 days, usually the same week.

Cookies

One cookie: the session cookie for the dashboard. No tracking, no analytics, no third-party cookies. If we ever change that, we’ll ask first.

What happens to inactive accounts

If you don’t sign in for 12 months, we delete your account automatically. If you’ve given us an email, we’ll warn you a month before so it doesn’t surprise you.

Security

HTTPS everywhere. Your Aware API key is stored as a salted one-way hash — the original key is never recoverable, even by us, even if our database were compromised. Third-party API keys are encrypted at rest with per-user derived keys using authenticated encryption (AES-256-GCM). Session cookies carry HttpOnly, Secure, and SameSite flags to defend against cross-site scripting and CSRF.

Changes to this policy

If we ever materially change what we do with your data, we’ll let you know via the dashboard before the change takes effect. Smaller corrections (typos, clarifications) we’ll update here directly.