PRIVACY POLICY
Awaykon Pty Ltd
Effective 01 July 2026 | Version 1.0
Awaykon Pty Ltd (ACN 694 194 628 / ABN 17 694 194 628) (we, us or our) is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs), and, where applicable, the General Data Protection Regulation (EU) 2016/679 (GDPR).
This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you access or use our website at awaykon.com, our mobile application (App), and any related services (together, the Platform).
By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. Where we rely on your consent as the lawful basis for processing, you may withdraw that consent at any time by contacting us using the details in clause 17.
OPERATIVE PROVISIONS
1. About this privacy policy
- This Privacy Policy applies to all personal information we collect about you through the Platform, whether collected directly from you or from third party sources.
- This Privacy Policy should be read together with our Website Terms of Use, Mobile App Terms of Use, Acceptable Use Policy, and Cookie Policy.
- We may update this Privacy Policy from time to time. Any changes will be posted on the Platform with an updated effective date. Where required by law, we will notify you of material changes and, where necessary, seek your consent.
- You should also be aware that the regulatory framework governing AI-generated content, synthetic media, and digital persona technology is evolving rapidly at both the Australian and international level. We actively monitor developments including reforms to the Privacy Act 1988 (Cth), guidance from the Office of the Australian Information Commissioner, and international frameworks such as the EU Artificial Intelligence Act (EU 2024/1689). We may update this Privacy Policy to reflect changes required by those frameworks as they apply to our Platform and services.
2. Who we are
- For the purposes of the GDPR, the data controller responsible for your personal information is Awaykon Pty Ltd (ACN 694 194 628 / ABN 17 694 194 628), with its registered address at Level 10, 369 Royal Parade, Parkville VIC 3052, Australia.
- If you have any questions about how we handle your personal information, or if you wish to exercise any of your rights described in this Privacy Policy, you can contact our privacy officer at support@awaykon.com.
3. Information we collect
- We may collect and process the following categories of personal information:
Information you provide to us
- Account registration information, including your name, email address, and password;
- Payment information you provide during checkout, such as your card details, is collected and processed directly by our third-party payment provider, Stripe, in accordance with Stripe's own privacy policy. We do not collect, view, or store your full card details on our systems;
- Profile information, including any profile picture, display name, spiritual preferences, or interests you choose to provide;
- User inputs, prompts, and conversational data submitted to the AI spiritual guidance service, including questions, reflections, and any other content you provide when interacting with AI personas on the Platform;
- Communications you send to us, including support requests, feedback, and correspondence; and
- Any other information you voluntarily provide to us through the Platform.
Information we collect automatically
- Device and browser information, including your IP address, device type, operating system, browser type, and unique device identifiers;
- Usage data, including pages visited, features used, time spent on the Platform, referring URLs, and clickstream data;
- Location data, including your approximate geographic location derived from your IP address; and
- Cookie and tracking technology data, as described in our Cookie Policy.
Information we receive from third parties
- We may receive personal information about you from third party sources, including analytics providers (such as Google Analytics), payment processors, and other third party sources.
4. How we collect your information
- We collect personal information:
- directly from you, when you register for an account, use the Platform, contact us, or otherwise provide information to us;
- automatically, through cookies, analytics tools, and similar technologies when you access or interact with the Platform; and
- from third parties, as described in clause 3 above.
- Where practicable, we will collect personal information directly from you. We will not collect personal information by unlawful or unfair means.
5. Lawful basis for processing (GDPR)
- If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal information only where we have a valid lawful basis under the GDPR. The table below sets out the lawful basis we rely on for each category of processing activity.
Processing Activity | Lawful Basis (GDPR Art. 6(1)) | Details | Special Category Basis (GDPR Art. 9(2)) |
Account registration and management | Performance of a contract (Art. 6(1)(b)) | Processing is necessary to create and manage your account and provide the services you have requested. | Not applicable |
Provision of AI spiritual guidance service (core Platform services) | Performance of a contract (Art. 6(1)(b)) | Processing is necessary to deliver the AI spiritual guidance and celebrity persona services under your subscription or terms of use. | Explicit consent (Art. 9(2)(a)) — the core service requires processing data likely to reveal religious or philosophical beliefs. Explicit consent must be obtained at the point of first interaction with the AI guidance service. |
Processing subscription payments | Performance of a contract (Art. 6(1)(b)) | Processing is necessary to collect payment for services rendered. | Not applicable |
Processing of AI interaction and conversational data to improve the AI Service | Legitimate interests (Art. 6(1)(f)) | Our legitimate interest in maintaining and improving the quality and relevance of the AI spiritual guidance service. We conduct a balancing test to ensure your rights are not overridden. | Explicit consent (Art. 9(2)(a)) — conversational data from the AI guidance service may reveal religious or philosophical beliefs. Explicit consent must be obtained before use for service improvement purposes. |
Personalisation of AI persona experience | Performance of a contract (Art. 6(1)(b)) / Legitimate interests (Art. 6(1)(f)) | Processing is necessary to deliver a personalised service as agreed, and we have a legitimate interest in improving relevance and user experience. | Explicit consent (Art. 9(2)(a)) — personalisation of the spiritual guidance experience necessarily engages data revealing religious or philosophical beliefs. |
Analytics and performance monitoring | Legitimate interests (Art. 6(1)(f)) | Our legitimate interest in understanding how users interact with the Platform to improve functionality and user experience. | Not applicable (where analytics are conducted on aggregated or anonymised data only; if individual-level analysis is conducted on conversational data, explicit consent under Art. 9(2)(a) is required) |
Marketing communications | Consent (Art. 6(1)(a)) | Where required, we obtain your consent before sending marketing communications. You may withdraw consent at any time. | Not applicable (marketing is not targeted on the basis of special category data) |
Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) | Processing is necessary to comply with applicable laws, regulations, or lawful government requests. | Not applicable |
- Where we rely on legitimate interests as the lawful basis for processing, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms. You may request details of this balancing test by contacting us.
- Where we rely on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
6. How we use your information
- We use your personal information for the following purposes:
- to provide, operate, maintain, and improve the Platform and our services;
- to create and manage your account and process your subscription or transactions;
- to process your inputs through the AI spiritual guidance service and generate personalised AI Output, including spiritual guidance, affirmations, and celebrity persona interactions;
- to communicate with you, including sending service-related notices, responding to your enquiries, and providing customer support;
- to send you marketing communications (where you have consented or where we are otherwise permitted to do so by law);
- to analyse usage patterns and trends to improve the Platform's functionality and user experience;
- to detect, prevent, and address fraud, security breaches, and technical issues;
- to comply with our legal obligations, enforce our terms, and protect our rights and the rights of others; and
- for any other purpose disclosed to you at the time of collection or with your consent.
- We will not use your personal information for a purpose materially different from the purpose for which it was collected, unless we have obtained your consent or are otherwise permitted or required by law.
- Specifically in relation to AI persona interactions: your conversational data and interaction records from sessions with AI personas on the Platform will not be used to train, develop, or fine-tune third-party artificial intelligence models, and will not be sold, commercialised, or shared with AI infrastructure providers for any purpose beyond what is strictly necessary to deliver the Platform’s services to you. AI infrastructure providers are contractually restricted from using your interaction data for their own model training or commercial purposes.
7. Disclosure of your information
- We may disclose your personal information to the following categories of recipients:
- Service providers: third party providers who perform services on our behalf, including hosting, payment processing, analytics, customer support, and email delivery;
- Group entities: other entities within the Purple TIC Enterprises group, where necessary to provide and support the Platform;
- AI infrastructure providers: third party providers of AI models, cloud computing, and machine learning infrastructure used to operate the AI spiritual guidance service (e.g. OpenAI / Anthropic / Gemini).
- Professional advisors: our lawyers, accountants, auditors, and insurers, where necessary for the provision of their services;
- Law enforcement and regulators: government authorities, law enforcement agencies, or regulators, where required by law or to protect our legal rights; and
- Business transfers: a potential buyer, transferee, or merger partner in the event of a sale, merger, restructure, or other transfer of all or part of our business or assets.
- We require all third party recipients to respect the security of your personal information and to treat it in accordance with applicable law. We do not permit our third party service providers to use your personal information for their own purposes and only allow them to process your personal information for specified purposes and in accordance with our instructions.
- In particular, AI infrastructure providers who receive your interaction data are contractually restricted from using that data to train their own AI models or for any purpose unrelated to the provision of services to us.
8. International data transfers
- We are based in Australia. Where you are located outside Australia (including in the EEA, the United Kingdom, or Switzerland), your personal information will be transferred to, and processed in, Australia. Australia is not subject to an adequacy decision by the European Commission under Article 45 of the GDPR.
- Where we transfer your personal information from the EEA, the United Kingdom, or Switzerland to Australia or to any other country that has not been recognised as providing an adequate level of data protection, we will ensure that appropriate safeguards are in place, including:
- the European Commission's Standard Contractual Clauses (SCCs) approved under Article 46(2)(c) of the GDPR;
- the UK International Data Transfer Agreement or UK Addendum to the EU SCCs (for transfers from the United Kingdom);
- binding corporate rules approved by a competent supervisory authority; or
- any other transfer mechanism recognised as providing adequate protection under the GDPR.
- We may also transfer your personal information to third party service providers located in Ireland. Where those transfers engage the GDPR, we ensure that appropriate safeguards are in place as described in clause 8.2.
- You may request a copy of the appropriate safeguards we rely on by contacting us using the details in clause 17.
9. Data retention
- We retain your personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements.
- To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the information, whether we can achieve those purposes through other means, and applicable legal, regulatory, and contractual requirements.
- When your personal information is no longer required, we will securely delete or anonymise it in accordance with our data retention procedures. Where anonymisation is used, the anonymised data may be retained indefinitely for analytical purposes.
10. Data security
- We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:
- encryption of personal information in transit and at rest;
- access controls that limit access to personal information to authorised personnel on a need-to-know basis;
- regular security assessments and testing of our systems and processes; and
- incident response procedures for investigating and responding to data breaches.
- While we take reasonable steps to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your personal information.
- Where we become aware of a personal data breach, we will notify the relevant supervisory authority in accordance with our obligations under the Privacy Act (including the Notifiable Data Breaches scheme) and, where applicable, Article 33 of the GDPR, unless the breach is unlikely to result in any risk to your rights and freedoms. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly in accordance with Article 34 of the GDPR.
11. Your rights under the Australian Privacy Act
- Under the Privacy Act and the APPs, you have the right to:
- Access: request access to the personal information we hold about you (APP 12);
- Correction: request correction of any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13); and
- Complaint: make a complaint to us or to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.
- We will respond to your request within a reasonable period and, in any event, within 30 days of receiving the request. We will not charge you for making a request, but we may charge a reasonable fee for providing access if the request requires substantial effort.
12. Your rights under the GDPR
- If you are located in the EEA, the United Kingdom, or Switzerland, you have the following additional rights under the GDPR:
- Right of access (Art. 15): the right to obtain confirmation as to whether your personal data is being processed and, if so, to access that data together with supplementary information about the processing;
- Right to rectification (Art. 16): the right to have inaccurate personal data corrected and incomplete data completed;
- Right to erasure (Art. 17): the right to have your personal data erased where it is no longer necessary for the purpose for which it was collected, where you withdraw consent (and there is no other lawful basis), where you object to processing and there are no overriding legitimate grounds, where erasure is required to comply with a legal obligation, or where the data has been unlawfully processed;
- Right to restriction of processing (Art. 18): the right to restrict the processing of your personal data in certain circumstances, including where you contest the accuracy of the data or where the processing is unlawful but you oppose erasure;
- Right to data portability (Art. 20): the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where the processing is based on consent or contract and is carried out by automated means;
- Right to object (Art. 21): the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests; and
- Right not to be subject to automated decision-making (Art. 22): the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- To exercise any of these rights, please contact us using the details in clause 17. We will respond to your request within one month of receiving it. In complex cases, or where we receive a large number of requests, we may extend this period by a further two months, but we will inform you of any extension within the first month.
- You also have the right to lodge a complaint with a supervisory authority in the EEA Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that our processing of your personal data infringes the GDPR.
13. Cookies and tracking technologies
- We use cookies and similar tracking technologies on the Platform. For detailed information about the cookies we use, the purposes for which we use them, and how you can manage your cookie preferences, please refer to our Cookie Policy, available at awaykon.com/legal/cookies.
14. Third party links
- The Platform may contain links to third party websites, services, or applications that are not operated or controlled by us. This Privacy Policy does not apply to those third party services, and we are not responsible for their privacy practices.
- We encourage you to review the privacy policies of any third party services before providing your personal information to them.
15. Children's privacy
- The Platform is not directed at, and we do not knowingly collect personal information from, children under the age of 18 (or the applicable age of majority in your jurisdiction). If you are under 18, you must not use the Platform or provide any personal information to us.
- If we become aware that we have collected personal information from a child without appropriate parental consent, we will take reasonable steps to delete that information as soon as practicable. If you believe that we may have collected information from a child, please contact us immediately using the details in clause 17.
16. Changes to this privacy policy
- We reserve the right to amend this Privacy Policy at any time. Any changes will be effective when we post the revised Privacy Policy on the Platform with an updated effective date.
- Where changes are material, we will use reasonable endeavours to notify you by email or by posting a prominent notice on the Platform before the changes take effect. Where required by the GDPR, we will seek your consent to material changes that affect the basis on which we process your personal information.
17. Contact us and complaints
If you have any questions about this Privacy Policy, wish to exercise your rights, or wish to make a complaint about how we handle your personal information, please contact us at:
Entity: | Awaykon Pty Ltd |
Email: | support@awaykon.com |
Address: | Level 10, 369 Royal Parade, Parkville VIC 3052 |
- We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If we need more time, we will let you know the reason for the delay and the expected timeframe for resolution.
- If you are not satisfied with our response, you may escalate your complaint to:
- In Australia: the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.
- In the EEA: the data protection supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.
- In the United Kingdom: the Information Commissioner's Office (ICO) at www.ico.org.uk.