Privacy Policy

2.1 Data You Provide Directly

• Task Information: Tasks, projects, descriptions, due dates, and priorities you create in the app
• Focus Session Data: Session duration, focus ratings, notes, and timestamps
• User Preferences: App settings, notification preferences, theme selection, and customization options
• Subscription Information: Billing details processed through Apple App Store or RevenueCat (we do not store credit card information)
• Contact Information: Email address (optional, only if you contact us for support)

2.2 Data Collected Automatically

• Device Information: Device model, OS version, app version, unique device identifier
• Usage Analytics: Feature usage patterns, session length, crash reports (via Firebase)
• Performance Data: App performance metrics, response times, and error logs
• Connectivity: Network connectivity status (for offline functionality)

2.3 Data from Third-Party Services

• Google Drive Integration: When you enable Google Drive backup, we access your Google account identifier and backup files (encrypted)
• OpenAI Integration: For AI task breakdown feature, task descriptions you submit for AI analysis are sent to OpenAI

3.1 Primary Uses

• Core functionality — storing and retrieving your tasks and projects
• Feature delivery — providing focus timer, analytics, and AI features
• Notifications — sending reminders and alerts
• Analytics — understanding feature usage to improve the app

3.2 What We Do NOT Use Your Data For

• ❌ Selling your data to third parties
• ❌ Using your task content for training AI models
• ❌ Marketing or promotional purposes without consent
• ❌ Building user profiles for targeting

4.1 Where Your Data Is Stored

• On Your Device: Primary storage via local Isar database (encrypted at rest)
• Google Drive: Encrypted backups (only if you enable this feature)
• RevenueCat: Subscription and entitlement data
• Firebase: Crash reports and analytics (anonymized)

4.2 Security Measures

• Encryption of all local data using device-specific keys
• HTTPS for all API communications
• API keys stored in secure device storage
• No account required — reduces data breach attack surface

4.3 Data Retention

• Device Data: Retained as long as app is installed
• Cloud Backups: Retained until deleted by you via Google Drive
• Analytics: Retained for 90 days by Firebase, then anonymized
• Crash Reports: Retained for 30 days for debugging purposes

6.1 Data Access & Portability

You can export all your data as JSON via Settings → Data. You own your data.

6.2 Right to Deletion

Delete all app data by uninstalling. Delete Google Drive backups directly in Google Drive. No account exists, so no account deletion needed.

6.3 Opt-Outs

• Analytics: Settings → Analytics → Turn off "Share Usage Analytics"
• Notifications: Settings → Notifications → Toggle specific types
• Backup: Settings → Data → Disable Google Drive backup
• Crash Reports: Settings → Analytics → Turn off "Send Crash Reports"

8.1 GDPR (European Users)

• ✅ Minimal data collection (data minimization principle)
• ✅ Your data stays on your device by default
• ✅ Right to access, rectify, erase, and port your data
• ✅ No cookies or tracking (local storage only)

8.2 CCPA (California Users)

• ✅ Right to know what personal information is collected
• ✅ Right to delete personal information
• ✅ Right to opt-out of analytics
• ✅ Right to non-discrimination for exercising rights

8.3 PDPA (Malaysian Users)

• ✅ Local data storage by default
• ✅ Transparent privacy practices
• ✅ Right to access and correct personal data
• ✅ Limited data sharing with third parties