Focuh

Privacy Policy

Last updated: December 2024

This Privacy Policy is designed to comply with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Introduction

Focuh ("we", "our", or "the Service") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our productivity application.

2. Data Controller

Focuh acts as the data controller for the personal data processed through the Service. For any questions regarding your data, you can contact us through the application.

3. Data We Collect

We collect and process the following categories of personal data:

3.1 Account Information

  • Email address (provided via authentication provider)
  • Name (if provided via authentication provider)
  • Profile picture (if provided via authentication provider)
  • Authentication identifiers

3.2 User-Generated Content

  • Tasks and to-do items you create
  • Scheduled events and time blocks
  • Focus session data and productivity metrics

3.3 Third-Party Integration Data

  • Google Calendar data (if you connect your calendar)
  • Spotify playback preferences (if you connect Spotify)

3.4 Technical Data

  • Browser type and version
  • Device information
  • IP address
  • Usage analytics (via Vercel Analytics)

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract: Processing necessary for providing the Service you requested
  • Consent: For optional features like third-party integrations
  • Legitimate Interest: For improving the Service and security purposes

5. How We Use Your Data

We use your data to:

  • Provide and maintain the Service
  • Authenticate your identity
  • Sync your tasks with Google Calendar (if enabled)
  • Play music during focus sessions (if Spotify is connected)
  • Improve and optimize the Service
  • Ensure the security of the Service

6. Data Sharing and Third Parties

We may share your data with the following third-party service providers:

  • Clerk: Authentication and user management
  • Convex: Database and backend services
  • Vercel: Hosting and analytics
  • Google: Calendar integration (only if you connect your account)
  • Spotify: Music playback (only if you connect your account)

We do not sell your personal data to third parties.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Given the alpha/beta status of the Service, data may be deleted or lost at any time without notice. You can request deletion of your data at any time.

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us through the application.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data. However, given the alpha/beta status of the Service, we cannot guarantee absolute security. Data transmission over the internet is inherently not completely secure.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Cookies and Local Storage

We use local storage to save your preferences and cache data for performance. This includes:

  • Authentication tokens
  • User preferences (audio settings, calendar preferences)
  • Cached task data for offline access

12. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy at any time. We will notify you of significant changes by posting a notice in the application. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Supervisory Authority

If you are in the EU/EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local Data Protection Authority.

15. Contact

For any questions about this Privacy Policy or to exercise your data protection rights, please contact us through the application.