Last updated: March 17, 2026
Aware MCP is operated by Codependent AI. Contact: privacy@codependentai.io
| Data | Purpose | Lawful Basis | Retention |
|---|---|---|---|
| Email (optional) | Account recovery & login | Consent | Until account deletion |
| Location (city + approx coordinates) | Weather and daylight tools | Contract | Until account deletion |
| Preferences (topics, subreddits, feeds) | Personalized awareness | Contract | Until account deletion |
| Third-party API keys (encrypted) | Accessing services on your behalf | Contract | Until account deletion |
| API key (hashed) | Authentication | Contract | Until account deletion |
| Usage counts | Rate limiting | Legitimate interest | 1 hour (auto-expires) |
| Cached API responses | Performance | Contract | 5 min – 24 hours (auto-expires) |
Location coordinates are stored at city-level precision (2 decimal places, ~1km accuracy). We never store exact GPS coordinates.
Keys you provide (e.g., OpenWeatherMap) are encrypted at rest using AES-256-GCM with per-user derived encryption keys. They are only decrypted when making an API call on your behalf.
Data is processed by Cloudflare Workers and stored in Cloudflare D1 and KV. Cloudflare acts as our data processor under their standard DPA.
You have the right to:
Exercise these rights via your dashboard or by emailing privacy@codependentai.io. We respond within 30 days.
We use strictly necessary session cookies for dashboard authentication. No tracking or analytics cookies.
Accounts inactive for 12 months are automatically deleted. A warning is sent at 11 months if email is provided.
HTTPS everywhere. API keys hashed with SHA-256. Third-party keys encrypted with AES-256-GCM. Sessions use HttpOnly Secure SameSite=Lax cookies.
Significant changes will be communicated via the dashboard.