Skip to content
Privacy Policy

How we handle your data — and what we don't touch.

No advertising trackers. No resold profiles. No behaviour brokers. The minimum data needed to run the service you signed up for, kept on servers we control.

Last updated · 2026-05-03 v1.0 Plain language
Jump to a section

What we collect

Account data. Your email, display name, language preference, and password (hashed with industry-standard bcrypt — we never see your plain password). For child profiles, only a first name and avatar; no email, no phone.

App data. Items you actively create — expenses you log in BalanceTab, decks you build in Memoriz, scores you earn in our games. This stays with your account.

Technical logs. Anonymized request logs (IP truncated to /24, user-agent string) kept for at most 14 days for abuse mitigation, then permanently deleted.

No advertising data. We do not use third-party advertising trackers. We do not share or sell your information to anyone.

What we do not collect

  • Browsing history outside our apps.
  • Contacts, calendars, photos, or microphone — except where you explicitly grant access for a feature you triggered (e.g. voice recitation in Memoriz, which runs locally on your device when possible).
  • Behavioural profiles for advertising or third-party brokers.

How we use it

Strictly to operate the services you signed up for: deliver your briefings, save your progress, send you the notifications you opted into, and keep accounts secure. That's it.

Where it lives

Production servers in the EU (cPanel hosting, EU region). Backups are encrypted at rest. No data is processed outside the EU/EEA except for content delivery via Cloudflare's global CDN, which only handles cached static assets — never your account data.

Sharing

We do not share personal data with third parties, with two narrow exceptions:

1. Service providers strictly necessary to run AWENI

Email delivery for verification messages, payment processing for paid features when applicable. These providers act only on our instructions and are bound by data-protection contracts. We choose providers that meet GDPR standards and use the minimum data required for the task.

Current providers: a transactional email service for account verification, Stripe for payment processing where paid features apply.

2. Legal compliance

When we are required by a valid legal order under European law, we will comply — and we will notify the affected member unless legally prevented. We do not voluntarily share data with law enforcement.

Your rights

You can at any time:

  • Access all data we hold about you (download as JSON/CSV from your account settings).
  • Correct information that is inaccurate.
  • Delete your account and all associated data within 30 days.
  • Object to specific processing.
  • Withdraw consent for optional features (notifications, etc.).

To exercise any of these, see our GDPR page or write to us via Contact.

Children

We take child safety seriously. Profiles for children under 13 require a parent guardian on the account. We collect the minimum needed for the educational features. No advertising, no behavioural tracking, no public profile.

Changes to this policy

If we update this policy, we will notify you in the app and at the top of this page. The effective date is shown in the "Last updated" badge above. Material changes — anything that expands what we collect or how we use it — get an explicit in-app notice that you need to acknowledge.

Contact our DPO

For questions about this policy or to exercise your rights, write to our Data Protection Officer via the Contact page. We respond to all GDPR requests within 30 days.

Two more documents you might want.

Our promise about your data is paired with the formal terms and your specific GDPR rights.

Terms of Service →The plain-language rules GDPR rights →How to exercise each one Contact us →DPO + general contact About AWENI →Why we built it this way