Last updated: May 23, 2026
This Privacy Policy describes how Venex Labs (“we”, “us”, or “awekn”) collects, uses, and protects the information you provide when you use the awekn mobile app or visit awekn.com (collectively, the “Service”). The data controller is Venex Labs, registered in India, contact areeb@awekn.com.
Account data. When you sign up, we collect your email address, chosen username, and (if you sign in with Apple or Google) the identifier your provider returns. If you sign in with Apple and choose to share your name, we store the name you return on first sign-in only.
Fitness and body data you enter. Workout sessions, exercises, sets, reps, weights, personal records, body measurements, body weight, body fat percentage, progress photos, cardio sessions, calorie and macro logs, water intake, journal notes, and any regimen entries you type. Regimen entries are free-text and never selected from a preset catalog. We store exactly what you type.
Camera and photo library. awekn uses your device camera when you tap “Take a photo” to capture a progress photo, a workout selfie, or a custom share-card background. awekn reads from your photo library when you tap “Choose from library” to pick one of those images. awekn writes to your photo library only when you tap “Save” on a finished share card. We never scan, enumerate, or upload photos you do not explicitly select.
Progress photos. If you choose to upload progress photos, the image file is stored in our Amazon Web Services (AWS S3) private bucket, keyed by your account identifier. Photos are never made public and are served only via short-lived signed links to you.
Apple HealthKit data (iOS only, optional). If you grant permission on iOS, awekn reads your step count and your walking and running distance from Apple Health in order to show daily activity in the Cardio section alongside your lifts. HealthKit data is processed on your device, surfaced in the awekn cardio log you control, and is never used for advertising, marketing, research, or sold to any third party. We read HealthKit only; awekn never writes to Apple Health. You can revoke HealthKit access at any time in iOS Settings, under Privacy & Security, Health.
Google Health Connect data (Android only, optional). If you grant permission on Android, awekn reads your steps, distance, and active calories burned from Google Health Connect to surface daily activity in the Cardio section alongside your lifts. Health Connect acts as an on-device hub that may aggregate data from other apps and devices you have connected on your phone (for example Samsung Health, Fitbit, Garmin Connect, Mi Fitness, or a Pixel Watch). The data is processed on your device, surfaced in the awekn cardio log you control, and is never used for advertising, marketing, research, or sold to any third party. awekn reads from Health Connect only and never writes back. You can revoke Health Connect access at any time in the Health Connect app or under Android Settings, Apps, Health Connect. Health Connect is not available on Huawei (HMS) devices and on Android versions below 13; on those devices awekn falls back to manual cardio entry.
Purchase data. When you subscribe to awekn Pro, we receive from the Apple App Store (on iOS) or the Google Play Store (on Android), relayed through our subscription-management provider (RevenueCat), a transaction identifier, the subscription product, renewal and expiration timestamps, trial and grace-period flags, and refund status. We do not receive your credit-card number, bank details, Apple ID password, or Google account password. Those stay with Apple or Google respectively.
Device and diagnostic data. When the app encounters an unexpected error, we send a crash report to Sentry, our error-monitoring provider. These reports contain the stack trace, the device model and OS version, the app version, and a pseudonymous account identifier. Before any report is uploaded we scrub authentication tokens, signed storage URLs, and similar sensitive values. Sentry does not receive your fitness, body, nutrition, health, or photo data. We use Sentry strictly to find and fix crashes and do not use it for advertising, marketing, or behavioral analytics.
Product analytics. awekn uses PostHog, a privacy-friendly analytics processor, to understand at an aggregate level how users move through the app. When you open the app, sign up, view the paywall, start a trial, subscribe, or complete a workout, we send PostHog an event name (for example app_opened, signup_completed, paywall_viewed, workout_completed) along with a pseudonymous account identifier (your Supabase user id) and a small number of non-personal context fields (such as workout duration in seconds, exercise count, or whether the trial flag was set). PostHog never receives the names of foods you log, the values of your body measurements, your progress photos, your personal records, your custom regimen text, your push token, or your email. PostHog data is hosted in the United States. We use PostHog strictly to improve product flow, conversion, and user experience; PostHog does not perform cross-site tracking, ad targeting, or profile-building, and we do not sell PostHog data to third parties.
Transactional email. awekn uses Resend, an email delivery processor, to send only service-related emails tied to your account state: a welcome email shortly after you subscribe, a receipt at each successful renewal, an alert if your payment method has a billing issue, a reminder before your free trial ends, and a one-time offer to return if your subscription has expired. We send Resend your email address and a first-name token solely for delivery and personalization. Resend records the delivery status (delivered, bounced, deferred) for up to 90 days for diagnostic purposes and does not use the address for any other purpose. We do not send marketing newsletters, promotional broadcasts, or product announcements through Resend or any other channel.
We use your data solely to operate awekn: to authenticate you, to display your progress in the app, to sync your data across your devices if you choose, to grant or revoke your subscription entitlement, and to respond to your support requests. We do not sell, rent, trade, or share your personal data with advertisers or data brokers. Your fitness and health data is never used to train any machine-learning model.
Some of the data you enter into awekn — specifically your body weight, body fat percentage, body measurements, progress photos, calorie and macronutrient intake, and any step or distance figures we read from Apple HealthKit or Google Health Connect — reveals information about your physical health. Under Article 9 of the EU General Data Protection Regulation (GDPR) and the equivalent provisions of the UK GDPR and Swiss FADP, this is “special category” (sensitive) personal data and requires a stronger legal basis than ordinary personal data.
The legal basis we rely on for this special-category data is your explicit consent under Article 9(2)(a) GDPR. Before you create an account in the awekn app, we present a dedicated, unbundled consent screen that names the categories of health and body data we will process, the purposes (showing your progress to you, calculating maintenance calories, syncing across your devices), and the processors involved. We log this consent against your account with a timestamp and the policy version you accepted. You can withdraw this consent at any time from Settings > Account > Privacy & Consents, which will delete the relevant categories of data from our systems. Withdrawal does not affect the lawfulness of processing before the withdrawal.
Workout-only data (sets, reps, weights, exercises, RPE) is processed under contract (Article 6(1)(b) GDPR) and does not require Article 9 consent. We separate the two so that you can use the workout log without granting health-data consent, although several features (Maintenance Calculator, body composition charts, cardio strip) require Article 9 consent to function.
We process your data under the following legal bases:
Your data is stored in:
awekn uses the following subprocessors strictly to operate the Service. Each row lists the data shared, the purpose, the country where the data is hosted, and the legal mechanism we rely on for any transfer outside the European Economic Area, United Kingdom, or Switzerland.
| Subprocessor | What they receive | Host country | Transfer mechanism |
|---|---|---|---|
| Supabase (database, auth, edge functions) | Account, fitness, body, nutrition, regimen, photos metadata | United States (AWS us-east-1) | Standard Contractual Clauses with published Transfer Impact Assessment (DPA) |
| AWS (S3 progress-photo storage) | Progress photo image files | United States (us-east-1) | EU–US Data Privacy Framework (certified, listing) plus SCCs |
| RevenueCat (subscription state) | App-store transaction identifier, product, renewal/expiration timestamps, trial & grace flags | United States | Standard Contractual Clauses (DPA) |
| Resend (transactional email) | Email address, first name token, delivery status | United States | EU–US Data Privacy Framework (certified March 2025) |
| Sentry (crash + error monitoring) | Stack traces, device model, OS, app version, pseudonymous user id | United States | EU–US Data Privacy Framework (certified) |
| PostHog (product analytics) | Event names + non-PII context, pseudonymous user id | United States | EU–US Data Privacy Framework (certified) |
| Apple (App Store, StoreKit, Sign in with Apple, HealthKit) | iOS account creation, payment, optional HealthKit reads | Apple-operated regions per Apple’s policy | Apple’s own framework; HealthKit processed on-device only |
| Google (Play Store, Play Billing, Sign in with Google, Health Connect) | Android account creation, payment, optional Health Connect reads | Google-operated regions per Google’s policy | Google’s own framework; Health Connect processed on-device only |
| Vercel (awekn.com hosting only — no app data) | Page hits to awekn.com | United States | EU–US Data Privacy Framework (certified) |
We do not integrate any advertising networks, behavioral analytics SDKs, or social-media pixels.
On-device data sources via Apple HealthKit and Google Health Connect. On iOS, HealthKit may relay data into awekn from other apps and devices you have separately connected on your phone (Apple Watch, third-party fitness trackers). On Android, Health Connect plays the same role for Samsung Health, Fitbit, Garmin Connect, Mi Fitness, Pixel Watch, and others. awekn does not have a direct integration or business relationship with any of these providers and only sees the data that you have permitted Apple Health or Health Connect to share, on your device.
Your fitness, body, and account data is retained while your account is active. You may delete your account at any time from Settings > Account > Delete Account. Deletion permanently removes your profile, workout history, body logs, progress photos, regimen entries, and all other account-scoped rows from our database and from S3. This action is irreversible.
Username reservation after deletion. To prevent impersonation of returning users, we retain a one-way lowercase hash-equivalent of your chosen username in a reserved-usernames index after you delete your account. We do not retain the rest of your profile or any content. If you later return to the Service, you may reclaim your username by contacting us at areeb@awekn.com.
Subscription records. Even after you delete your account, we may retain a minimal record of the anonymized subscription event (event id, product, timestamps) for up to 7 years where required for tax and audit obligations. These records do not identify you personally.
Consent log. The record of consents you have granted under Article 9(2)(a) GDPR (Section 3 above), including timestamps and policy versions, is retained for the lifetime of your account plus a further three years following account deletion, solely to demonstrate compliance with our accountability obligations under Article 5(2) GDPR. The record contains only your user identifier and the consent metadata; it does not contain the health data itself.
Subject to the law in your country of residence, you have the following rights regarding your personal data:
To exercise any of these rights, email areeb@awekn.com from the address associated with your account. We respond within 30 days and may extend by a further 60 days for complex requests, telling you within the first 30 days if we need the extension. Exercising a right will not lead to any disadvantage in your use of the Service.
awekn Pro is a subscription purchased through the Apple App Store on iOS or the Google Play Store on Android. Payment is charged to your Apple ID or Google account respectively at confirmation of purchase and again at each renewal, unless you cancel at least 24 hours before the end of the current period. Prices are displayed in your local currency at the time of purchase. Your subscription automatically renews at the same price and period until cancelled.
To manage or cancel your subscription at any time:
awekn is rated 4+ and is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us data, please contact us and we will delete it.
All data transmission uses HTTPS/TLS. Database access is gated server-side by Row-Level Security. Photo uploads and downloads are routed through signed URLs generated by a privileged server function. Your phone never holds long-lived cloud credentials. We work to protect your data but cannot guarantee absolute security on the internet.
Your data is processed on infrastructure located in the United States (primarily AWS us-east-1, hosting Supabase and S3). The data controller, Venex Labs, is based in India. Where personal data of users located in the European Economic Area, the United Kingdom, or Switzerland is transferred outside their jurisdiction, we rely on the transfer mechanisms listed in the Subprocessors table in Section 6.
For transfers from the EEA, UK, or Switzerland to the United States, we rely on each subprocessor’s certification under the EU–US Data Privacy Framework (DPF) where available (AWS, Sentry, PostHog, Resend, Vercel) and on Standard Contractual Clauses with published Transfer Impact Assessments for the remainder (Supabase, RevenueCat). For data accessed by Venex Labs from India (a third country with no current EU adequacy decision), we apply the same Standard Contractual Clauses through our contracts with our US-hosted subprocessors, and we limit such access to the minimum necessary to operate the Service and respond to user support requests.
You may obtain a copy of the relevant safeguards for any specific transfer by emailing areeb@awekn.com.
awekn is offered to users in the European Economic Area, the United Kingdom, and Switzerland, while the controller (Venex Labs) is established in India. GDPR Article 27, UK GDPR Article 27, and the Swiss FADP each contemplate an appointed local representative for non-domestic controllers in our position. We are a one-person independent studio and have not yet appointed a paid external representative. We will do so once subscription revenue supports it, and we will update this section with the representative’s name, postal address, and email at that time.
In the meantime, all rights described in Section 8 above remain fully available to you. Email areeb@awekn.com from any address and we will respond within 30 days. You are also entitled at any time to lodge a complaint directly with the supervisory authority of your country of residence; we have linked the directories in Section 8. We commit to cooperating fully with any supervisory-authority enquiry.
We recognize that awekn holds months or years of your training data, that you pay for Pro access, and that you deserve confidence in what happens if we ever have to step away from a specific market or shut down the Service entirely. We commit to the following:
We may update this policy from time to time. We will change the “Last updated” date above and, if the changes are material, notify you in the app or by email. Material changes that affect the basis on which we process your health data will additionally trigger a fresh in-app consent prompt before processing continues under the new terms.
For any privacy question, data-subject request, or complaint, contact us at areeb@awekn.com. The Service is operated by Venex Labs (India).