Privacy Policy

1. Introduction and Scope

This Privacy Policy ("Policy") is entered into by and between FocusFlowAI, Inc., a Delaware corporation ("FocusFlowAI," "we," "us," or "our"), and the individual or entity accessing or using our services ("User," "you," or "your"). This Policy governs the collection, use, storage, processing, and disclosure of personal information and data obtained through the FocusFlowAI desktop application, web application, and related services (collectively, the "Services").

By accessing, installing, or using our Services, you acknowledge that you have read, understood, and agree to be bound by the terms and conditions set forth in this Policy. If you do not agree to this Policy, you must immediately discontinue use of our Services.

2. Data We Collect

In the course of providing our Services, FocusFlowAI collects and processes the following categories of information:

2.1 Account Information

• Email address provided during registration
• Full name or display name as provided by you
• Encrypted password credentials (we use industry standard bcrypt hashing and never store plaintext passwords)
• Account preferences and settings
• Subscription and billing information processed through our third party payment processor, Stripe, Inc.

2.2 Application Usage Data

• Names of applications actively in use during work sessions (foreground application detection)
• Duration of time spent in each application
• Application switching patterns and frequency
• Window titles of active applications (used solely for categorization purposes)
• Timestamps of application activity sessions

2.3 Calendar and Scheduling Data

• Calendar events and meeting information when calendar integration is enabled
• Meeting titles, durations, and participant counts (not individual participant identities)
• Scheduled focus blocks and work sessions created within our platform

2.4 Device and Technical Information

• Operating system type and version
• Application version and build number
• Timezone and locale settings
• Anonymous device identifiers for session management
• Error logs and crash reports for service improvement

2.5 Aggregated Analytics

• Focus scores and productivity metrics derived from usage patterns
• Daily, weekly, and monthly activity summaries
• Category based time allocation (e.g., "Communication," "Development," "Research")

4. Purpose of Data Collection and Use

The data we collect is used exclusively for the following legitimate purposes:

4.1 Machine Learning and Habit Analysis

The primary purpose of our data collection is to power our machine learning algorithms that analyze your work patterns and provide personalized productivity insights. Specifically, we use this data to:

• Identify your peak focus hours and optimal work periods
• Detect patterns of context switching and task fragmentation
• Recognize correlations between meeting load and productive output
• Generate personalized recommendations for schedule optimization
• Train and improve our AI models to provide more accurate insights over time
• Predict potential burnout indicators based on sustained overwork patterns

4.2 Service Delivery and Improvement

• Providing you with personalized dashboards, reports, and analytics
• Enabling smart scheduling features and calendar optimization
• Sending relevant notifications and focus recommendations
• Improving the accuracy and performance of our Services
• Diagnosing and resolving technical issues

4.3 Aggregate Research

We may use anonymized and aggregated data that cannot be used to identify any individual user for research purposes, including publishing industry reports on workplace productivity trends. Such aggregate data contains no personally identifiable information.

5. Data Storage and Security

We implement industry standard security measures to protect your data:

• All data is encrypted in transit using TLS 1.3 encryption
• All data is encrypted at rest using AES 256 encryption
• Our infrastructure is hosted on Amazon Web Services (AWS) with SOC 2 Type II compliance
• We conduct regular security audits and penetration testing
• Access to user data is strictly limited to authorized personnel on a need to know basis
• We maintain comprehensive audit logs of all data access

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy:

• Active account data is retained for the duration of your subscription
• Detailed activity data is retained for a rolling period of 24 months
• Aggregated analytics may be retained indefinitely in anonymized form
• Upon account deletion, all personally identifiable data is permanently deleted within 30 days
• Backup copies are purged within 90 days of account deletion

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information to third parties. We may share limited data with the following categories of service providers:

• Payment processing: Stripe, Inc. for subscription billing (they receive only payment information, not activity data)
• Cloud infrastructure: Amazon Web Services for data hosting and storage
• Analytics: Anonymized usage metrics for service improvement
• Legal compliance: When required by law, court order, or governmental authority

All third party service providers are contractually bound to maintain the confidentiality and security of your data and are prohibited from using it for any purpose other than providing services to FocusFlowAI.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: You may request a copy of all personal data we hold about you
• Right to Rectification: You may request correction of inaccurate personal data
• Right to Erasure: You may request deletion of your personal data ("right to be forgotten")
• Right to Data Portability: You may request your data in a machine readable format
• Right to Object: You may object to certain types of data processing
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time

To exercise any of these rights, please contact us at contact@focusflowai.app. We will respond to all legitimate requests within 30 days.

9. International Data Transfers

FocusFlowAI operates globally and may transfer your data to countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by relevant regulatory authorities.

10. Children's Privacy

Our Services are not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated Policy on our website and updating the "Last Updated" date. Your continued use of our Services after any changes constitutes acceptance of the updated Policy.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: