Last updated: 2026-05-10
You give Aware some basic info about where you are and what you care about. We use that to fetch news, weather, and other context for you. We don’t sell anything, we don’t track you, and you can download or delete everything in your dashboard’s Data & Privacy section at any time. The rest of this page is the long form — what we collect, why, and your rights.
Aware is built and operated by Codependent AI. If you ever have a question about your data, write to mary@codependentai.co and a real person will answer.
| Data | Why we have it | Lawful basis | How long we keep it |
|---|---|---|---|
| Email (optional) | Account recovery and sign-in via magic link | Your consent | Until you delete the account |
| Location (city + approximate coordinates) | So weather, daylight, and time tools know where “here” is for you | Required to provide the service | Until you delete the account |
| Preferences (topics, RSS feeds, subreddits) | So your news and social streams reflect what you care about | Required to provide the service | Until you delete the account |
| Third-party API keys (encrypted) | To fetch data from services like OpenWeatherMap on your behalf | Required to provide the service | Until you delete the account |
| Your Aware API key (hashed) | So we can authenticate you when your AI calls the MCP | Required to provide the service | Until you delete the account |
| Usage counters | So no single user can overwhelm the service | Our legitimate interest in keeping Aware up | Auto-expires after 1 hour |
| Cached API responses | So we’re not hammering upstream APIs every time you ask | Required to provide the service | Auto-expires between 5 minutes and 24 hours |
We store your location at city-level precision — 2 decimal places of latitude/longitude, which is about 1 km. That’s enough for accurate weather but doesn’t pinpoint your house. We never store exact GPS coordinates.
When you add a key for OpenWeatherMap, Finnhub, FRED, or another service, we encrypt it before saving. The encryption key is derived per-user, so even with database access nobody else can read it. We decrypt it briefly when making a request on your behalf, then discard the plaintext.
Aware runs on Cloudflare Workers and stores data in Cloudflare D1 (database) and KV (cache). Cloudflare is our infrastructure provider and acts as our data processor under their standard data processing agreement.
Nobody. We don’t sell, share, or rent your information to anyone. The only third party that touches your data is Cloudflare, our infrastructure provider above. Aware does not pass your conversations or queries to AI model providers — those happen between you and your AI directly; we never see them.
You can do all of these from your dashboard’s Data & Privacy section — three buttons handle most of it:
You can also correct inaccurate data via the dashboard, or withdraw consent for anything optional. If you’d rather email, write to mary@codependentai.co — we respond within 30 days, usually the same week.
One cookie: the session cookie for the dashboard. No tracking, no analytics, no third-party cookies. If we ever change that, we’ll ask first.
If you don’t sign in for 12 months, we delete your account automatically. If you’ve given us an email, we’ll warn you a month before so it doesn’t surprise you.
HTTPS everywhere. Your Aware API key is stored as a salted one-way hash — the original key is never recoverable, even by us, even if our database were compromised. Third-party API keys are encrypted at rest with per-user derived keys using authenticated encryption (AES-256-GCM). Session cookies carry HttpOnly, Secure, and SameSite flags to defend against cross-site scripting and CSRF.
If we ever materially change what we do with your data, we’ll let you know via the dashboard before the change takes effect. Smaller corrections (typos, clarifications) we’ll update here directly.