Skip to content
Privacy Policy

How we handle your data — and what we don't touch.

No advertising trackers. No resold profiles. No behaviour brokers. The minimum data needed to run the service you signed up for, kept on servers we control.

Last updated · 2026-05-03 v1.0 Plain language
Jump to a section

What we collect

Account data. Your email, display name, language preference, and password (hashed with industry-standard bcrypt — we never see your plain password). For child profiles, only a first name and avatar; no email, no phone.

App data. Items you actively create — expenses you log in BalanceTab, decks you build in Memoriz, scores you earn in our games. This stays with your account.

Technical logs. Anonymized request logs (IP truncated to /24, user-agent string) kept for at most 14 days for abuse mitigation, then permanently deleted.

No advertising data. We do not use third-party advertising trackers. We do not share or sell your information to anyone.

What we do not collect

  • Browsing history outside our apps.
  • Contacts, calendars, photos, or microphone — except where you explicitly grant access for a feature you triggered (e.g. voice recitation in Memoriz, which runs locally on your device when possible).
  • Behavioural profiles for advertising or third-party brokers.

How we use it

Strictly to operate the services you signed up for: deliver your briefings, save your progress, send you the notifications you opted into, and keep accounts secure. That's it.

Where it lives

Production servers in the EU (cPanel hosting, EU region). Backups are encrypted at rest. No data is processed outside the EU/EEA except for content delivery via Cloudflare's global CDN, which only handles cached static assets — never your account data.

Sharing

We do not share personal data with third parties, with two narrow exceptions:

1. Service providers strictly necessary to run AWENI

Email delivery for verification messages, payment processing for paid features when applicable. These providers act only on our instructions and are bound by data-protection contracts. We choose providers that meet GDPR standards and use the minimum data required for the task.

Current providers: a transactional email service for account verification, Stripe for payment processing where paid features apply.

2. Legal compliance

When we are required by a valid legal order under European law, we will comply — and we will notify the affected member unless legally prevented. We do not voluntarily share data with law enforcement.

Your rights

You can at any time:

  • Access all data we hold about you (download as JSON/CSV from your account settings).
  • Correct information that is inaccurate.
  • Delete/Erase your account. Once initiated, your account enters a 24-hour grace window during which you can cancel. After 24 hours, your personal data is permanently pseudonymized via SHA-256, chat/push histories are hard-deleted, and backups are purged within 30 days.
  • Object to specific processing.
  • Withdraw consent for optional features (notifications, etc.).

To exercise any of these, see our GDPR page or write to us via Contact.

Children

We take child safety seriously. Profiles for children under 13 require a parent guardian on the account. We collect the minimum needed for the educational features. No advertising, no behavioural tracking, no public profile.

Cookies — and why you don't see a banner

You won't find a cookie banner on AWENI, and that's intentional. Here's exactly what we use:

  • One first-party session cookie when you log in (the JWT that keeps you signed in). Strictly necessary — exempt from consent under CNIL/ePrivacy rules. Deleted when you log out.
  • Plausible analytics (self-hosted in the EU) — no cookies, no fingerprinting, no cross-site tracking, no personal data. We see anonymous page-view counts and nothing tied to a person. Plausible's data policy.
  • Cloudflare Turnstile on a few forms (signup, password reset) to block bots. Privacy-preserving by design, exempt from consent under the security carve-out.
  • No third-party advertising trackers. No Meta Pixel, no Google Analytics, no LinkedIn/X/TikTok pixels. None.

That's the whole list. Because we don't run analytics that store on your device, and we don't sell your attention to advertisers, there's nothing to consent to. No banner = no tracking. If we ever add a third-party tag that requires consent, you'll see a clear banner with three equal-weight buttons (Reject all, Accept all, Manage preferences) before any non-essential script fires.

Changes to this policy

If we update this policy, we will notify you in the app and at the top of this page. The effective date is shown in the "Last updated" badge above. Material changes — anything that expands what we collect or how we use it — get an explicit in-app notice that you need to acknowledge.

Contact our DPO

For questions about this policy or to exercise your rights, write to our Data Protection Officer via the Contact page. We respond to all GDPR requests within 30 days.

Email: [email protected]

Two more documents you might want.

Our promise about your data is paired with the formal terms and your specific GDPR rights.

Terms of Service →The plain-language rules GDPR rights →How to exercise each one Contact us →DPO + general contact About AWENI →Why we built it this way