Privacy Policy Effective Date: March 30, 2025 Last Updated: March 30, 2025
Awake Technologies INC (“Company”, “we,” “us”) respects your privacy and is dedicated to protecting your personal data. This Privacy Policy (“Policy”) explains how we collect, process, store, and safeguard personal information (“Personal Data”) within the Yung Sidekick service.
This Policy applies to all users (“you”) and is intended to ensure full compliance with:
• EU General Data Protection Regulation (GDPR)
• UK GDPR and Data Protection Act 2018
• Health Insurance Portability and Accountability Act (HIPAA, USA)
• Personal Health Information Protection Act (PHIPA, Canada)
• Personal Information Protection and Electronic Documents Act (PIPEDA, Canada)
• Australian Privacy Act 1988 and the Australian Privacy Principles (APPs)
• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• New Zealand Privacy Act 2020
• Ongoing preparations for Data Privacy Framework (DPF) compliance
Awake Technologies INC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Awake Technologies INC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
We are continuously reviewing our practices to align with evolving international data transfer standards, including relevant frameworks and adequacy mechanisms.
By using our services, you acknowledge and agree to the practices described herein.
1. Information We Collect
1.1 Personal Information
We collect Personal Data necessary to provide and enhance our services, which may include:
• Name and contact information (e.g., email address, postal address, telephone number)
• Professional details for clinicians (e.g., credentials, workplace info)
• Payment information (e.g., credit card or billing details)
• Account preferences and usage information
1.2 Therapy Session Data (Special Category Data Under GDPR)
Clinicians may submit audio recordings of therapy sessions strictly for generating anonymized session summaries (“Summaries”). Because therapy-related data may qualify as special category personal data under GDPR (health data), we only process such data on the lawful bases described below (see Section 2), including Article 9(2)(a) (explicit consent) or Article 9(2)(h) (provision of healthcare), as applicable. Once a Summary is generated, the original audio recording is securely deleted without undue delay. Summaries themselves are stored without personally identifiable information (“PII”) and protected under the data security measures outlined below.
2. Legal Basis for Processing (GDPR & UK GDPR)
Under EU and UK data protection laws, we act as the Data Controller for the personal data we collect from EU/UK individuals. Our lawful bases for collecting and processing Personal Data include:
• Performance of a contract (Article 6(1)(b)): Where data processing is necessary to provide our services
• Compliance with legal obligations (Article 6(1)(c)): Where we must satisfy applicable legal or regulatory requirements
• Legitimate interests (Article 6(1)(f)): Where processing is needed for security, fraud prevention, or service improvement, provided such interests are not overridden by your rights
• Consent (Article 6(1)(a)), including Article 9(2)(a) for special category data: Where we obtain clear, affirmative consent for specific processing, such as marketing communications or therapy session audio recordings
You have the right to withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal. You may do so by emailing dpo@yung-sidekick.com or by using any account-level consent settings we provide.
3. How We Use Your Information
We process Personal Data for the following purposes:
• Service Provision: Deliver, manage, and enhance our Yung Sidekick services
• Session Summaries: Generate Summaries from audio recordings, ensuring no PII is included in the final outputs
• Communications: Respond to inquiries, provide support, and deliver updates
• Legal Compliance: Comply with legal obligations, respond to lawful requests, and protect rights
• Analytics & Research: Conduct internal analyses using aggregated, anonymized data to improve our service
• Consent-Based Activities: Where required, for marketing or other communications to which you have explicitly consented
4. Data Security and Protection Measures
• Encryption: We use industry-standard encryption protocols for data in transit (TLS/SSL) and at rest (AES-256 or equivalent).
• HIPAA & PHIPA Compliance: Our infrastructure and procedures adhere to HIPAA and PHIPA requirements to safeguard Protected Health Information (PHI).
• Business Associate Agreements (BAAs): Where third-party service providers handle PHI on our behalf, we maintain BAAs in accordance with HIPAA.
• Access Controls: Strict, role-based access policies ensure that only authorized personnel can access Personal Data. We also apply the “minimum necessary” standard to limit PHI access and disclosure.
• Regular Audits: Periodic security reviews and vulnerability assessments help maintain system integrity.
• Data Breach Notification: In the event of a data breach involving your Personal Data, we will notify the appropriate supervisory authority (e.g., under GDPR or APPs) and any affected individuals as required by applicable laws, including HIPAA or other state/federal regulations.
5. International Data Transfers
We may process and store Personal Data on servers located in the United States or other jurisdictions. For users in the EU, UK, or Switzerland:
• Standard Contractual Clauses (SCCs): We rely on SCCs when transferring Personal Data outside these regions.
• Data Privacy Framework (DPF) Preparations: We are working towards self-certification under the DPF, intending to provide an additional level of protection.
• Additional Safeguards: We utilize measures such as encryption and policy controls to protect data across borders.
For users in Australia and New Zealand, we may transfer Personal Data to our servers or service providers in the United States, Canada, and other locations. Where required, we take steps to ensure these transfers comply with Australian Privacy Principle 8 (APP 8) and New Zealand’s Privacy Act 2020 obligations, such as ensuring adequate contractual protections and security measures.
5.1 EU/UK Representative
If we do not have an establishment in the EU or UK, we have appointed the following representative(s) for data protection inquiries in the respective regions, pursuant to Article 27 GDPR/UK GDPR:
• EU Representative: Osano International Compliance Services Limited, ATTN: HHFH, 3 Dublin Landings, North Wall Quay, Dublin 1, D01C4E0
• UK Representative: Osano UK Compliance LTD, ATTN: HHFH, 42-46 Fountain Street, Belfast, Antrim, BT1 - 5EF
6. Sharing Your Personal Information
We do not sell or rent your Personal Data. We may disclose it only in the following situations:
• Service Providers: To third parties bound by confidentiality obligations who perform functions on our behalf (e.g., payment processors, secure hosting). In some cases, these providers are considered sub-processors under GDPR.
• Legal Requirements: If required to do so by law, or in response to valid legal requests.
• Consent: If you provide explicit, informed consent.
• Corporate Transactions: In connection with mergers, acquisitions, or sales of assets, provided the recipient upholds similar data protection standards.
Awake Technologies INC is liable for the onward transfer of personal data to third parties where such transfers do not comply with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
7.1 GDPR & UK GDPR Rights
• Access: Request a copy of your Personal Data.
• Rectification: Correct inaccurate or incomplete information.
• Erasure: Request deletion of your Personal Data (subject to legal or contractual obligations).
• Restriction: Request the limitation of processing under certain circumstances.
• Object: Object to processing based on legitimate interests.
• Portability: Receive Personal Data in a structured, commonly used, machine-readable format.
• Withdraw Consent: Withdraw any consent given for processing at any time (see Section 2).
• Complaint: Lodge a complaint with your local supervisory authority if you believe your rights have been violated.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Awake Technologies INC commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
Awake Technologies INC is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Under certain conditions, you may invoke binding arbitration for complaints regarding DPF compliance that are not resolved by any of the other DPF mechanisms. For more information on this option and its conditions, please see Annex I of the DPF Principles: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
7.2 HIPAA Rights (US)
● Access to PHI: Obtain a copy of your PHI.
● Amendments: Request corrections to PHI.
● Accounting of Disclosures: Receive an accounting of certain disclosures.
● Complaints: File a complaint with the U.S. Department of Health & Human Services (HHS).
Note: We may provide a separate HIPAA Notice of Privacy Practices if we are acting as a Covered Entity or a Business Associate with direct patient interaction, detailing additional provisions regarding PHI use and disclosure.
7.3 PIPEDA/PHIPA (Canada)
● Access: Request access to your personal health information.
● Correction: Correct any inaccuracies.
● Withdrawal of Consent: Withdraw consent, subject to legal or contractual restrictions.
● Complaint: File a complaint with your provincial regulator or the Office of the Privacy Commissioner of Canada (OPC).
7.4 CCPA/CPRA (California, USA)
If you are a California resident, you may have rights under the CCPA/CPRA, including the right to know what data is collected, the right to delete data (subject to exceptions), and the right to opt out of certain sharing practices. However, we do not sell Personal Data as defined in the law. Please contact dpo@yung-sidekick.com with “CCPA/CPRA Request” in the subject line for further details.
7.5 Australia
Under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), you have the right to:
● Access: Request a copy of the personal information we hold about you (subject to limited exceptions).
● Correction: Seek correction of your personal information if you believe it is inaccurate, out-of-date, incomplete, or misleading.
● Complaint: If you have a privacy complaint, please contact us first at dpo@yung-sidekick.com. If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) via www.oaic.gov.au.
7.6 New Zealand
Under the New Zealand Privacy Act 2020, you have the right to:
● Access: Request access to the personal information we hold about you.
● Correction: Request correction of your personal information if it is incorrect.
● Complaint: Lodge a complaint with us at dpo@yung-sidekick.app or directly with the Office of the Privacy Commissioner (OPC) if you believe your privacy rights have been infringed. For more information, visit www.privacy.org.nz.
8. Data Retention
We retain Personal Data only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. Audio recordings of therapy sessions are deleted promptly once Summaries are generated. Summaries are anonymized and retained to provide ongoing service improvements and reference for therapists. Where possible, we apply specific retention schedules per data category. For example:
● Billing Data: Retained for at least 7 years to comply with tax and accounting regulations, then securely deleted.
● Contact/Account Data: Retained as long as your account is active or as needed to provide services, then deleted or anonymized.
● PHI: Retained only to the extent necessary under HIPAA, PHIPA, or other healthcare regulations.
9. Data Protection Officer (DPO) / Privacy Officer
For questions or concerns about this Privacy Policy, or to exercise your data protection rights, please contact our Data Protection Officer (who also acts as our Privacy Officer for Canadian matters):
Email: dpo@yung-sidekick.com
Address: 66 West Flagler Street, Suite 900, #5450, 33130, Miami, FL, USA
We strive to respond to all inquiries within 30 days, or as required by law.
10. Children’s Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect Personal Data from children. If local laws require a different threshold for minors (e.g., under 13 in the United States), we comply with those local laws accordingly. If you believe we have inadvertently collected such information, please contact us immediately at info@yung.app, and we will take steps to delete it.
11. Cookie & Tracking Technologies
We may use cookies or similar technologies (e.g., pixels, web beacons) to enhance user experience, analyze website traffic, and for security purposes. Where required by law (e.g., GDPR, Australian law), we will obtain your consent before placing non-essential cookies. You can manage or withdraw consent to cookies at any time through your browser settings or our cookie consent tool (if provided).
12. Updates to This Policy
We may periodically update this Policy. In the event of any significant changes, we will notify you via email or a prominent notice on our website. Please review this Policy frequently to stay informed of our information practices. The “Last Updated” date at the top indicates when changes were last made.
13. Contact Us
If you have questions, concerns, or requests regarding this Policy or our privacy practices, please reach out to us at:
Email: info@yung.app
Website: https://yung-sidekick.com
By continuing to use Yung Sidekick, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. We are committed to protecting your privacy and ensuring compliance with all applicable laws and regulations to safeguard your Personal Data.
