Privacy & Safety Checklist
Awake OS treats mindful practice data as sensitive. The product is designed to keep data on-device by default, encrypt optional sync, and provide clear controls before any analytics or sharing happens.
Data handling
- • Default storage is the local device. Sync to Cloudflare D1 requires an explicit opt-in toggle.
- • Data exports are available any time in Settings -> Privacy as JSON or CSV downloads.
- • Delete requests wipe local caches instantly and queue remote deletion within 24 hours; backups retain encrypted copies for 30 days to respect legal holds, after which they are purged.
- • No advertising SDKs, fingerprinting, or sale of personal information. Vendors must meet SOC 2 or ISO 27001 standards.
Consent and transparency
- • The first-run Consent Hub explains scope, crisis routing, optional sensors, and how to revoke permissions.
- • Every Courage Lab step includes intensity warnings, opt-out reminders, and a crisis link before users continue.
- • Analytics are aggregated, privacy-preserving, and can be switched off in one tap without disrupting practice history.
- • Awake OS supports subject rights requests via [email protected] with a 7-day response SLA.
Crisis support
Awake OS is not a crisis tool. The app surfaces emergency resources at key decision points and slows down exposure ladders if distress signals appear.
- • United States: 988 Suicide & Crisis Lifeline
- • United Kingdom: Samaritans 116 123
- • Global directory: Open Counseling
Security controls
- • Encryption at rest (AES-256) managed by Cloudflare KMS with quarterly key rotation.
- • Role-based access for internal teams with mandatory hardware security keys.
- • Regular privacy reviews following the MindApps guide and APA App Advisor framework.