Privacy Policy
Last updated: April 21, 2026 · Effective: April 21, 2026
This policy explains what data FocusHQ (“FocusHQ”, “we”, “us”) collects when you use our macOS application, web dashboard at focushq.app, and supporting backend services (together, the “Service”). It sets out how we handle that data, who we share it with, and what rights you have under the EU General Data Protection Regulation (GDPR), the UK GDPR, and comparable laws.
FocusHQ is operated by Andrii Tymoshchuk FOP (sole proprietorship registered in Ukraine, tax group 3). This entity is the data controller for account and service-usage data. For paid subscriptions, Paddle.com Market Ltd (Ireland) acts as the merchant-of-record and an independent controller for billing and tax data. See §4 for the full sub-processor list.
1. What We Collect
FocusHQ collects the minimum data necessary to provide the Service. We do not sell personal data and we do not train AI models on your content.
- Account info — your name, email address, avatar, and a stable identifier from Google or Apple Sign In. For Apple users we store only the opaque
subclaim from the ID token so “Hide My Email” keeps working across email rotations. - Integration data — messages, calendar events, tasks, and file references fetched from services you connect (Gmail, Google Calendar, Slack, Microsoft Outlook/Teams, Notion, Todoist, Linear, Jira, GitHub, Figma, Trello, Zoom, Google Drive, OneDrive, Bitbucket, Confluence). OAuth tokens are encrypted with AES-256-GCM at rest. We only request the scopes we document in-app before connection.
- Usage and product data — focus-session stats, task completion, AI rule firings, feature-flag evaluations, and anonymised app events used for product analytics and AI recommendation tuning. No cookie-based ad tracking.
- Billing data — for paid plans, Paddle collects your billing name, address, VAT identifier (where applicable), card details or PayPal reference, and tax-residency information. Card numbers never touch FocusHQ infrastructure; we store only the Paddle subscription identifier and the plan you are on.
- Device and diagnostic data — macOS version, app build number, crash reports, and sparsely-sampled performance traces. Routed through Sentry; personally-identifying fields are scrubbed server-side before storage (see §5).
2. How We Use Your Data
- Deliver the product — render your unified inbox, keep integrations in sync, and persist your plan + preferences.
- AI features — message triage, draft replies, daily planning, focus-mode suggestions, and in-app chat are performed by third-party large-language-model providers on your behalf. Message subjects, short snippets, and task titles may be sent for classification and completion; full message bodies are redacted or truncated before transmission where possible. We do not permit AI providers to use your data for training — this is contractually enforced with Anthropic (via zero data-retention settings) and Voyage AI.
- Billing and tax compliance — operate subscriptions, apply promotional codes, remit VAT / sales tax, and meet record-keeping obligations (see §6).
- Security and abuse prevention — rate limiting, fraud detection, audit logging. We hash (SHA-256 truncated) user-agent and IP signals at session creation rather than storing the raw values.
- Aggregate analytics — understand adoption and reliability. Events in PostHog identify you by a hashed user identifier, not email or name. Anonymous session recordings are disabled by default and never record keystrokes outside explicitly-instrumented input fields.
Legal bases under GDPR Art. 6: contractual necessity(we can’t run the Service without processing your integration data), legitimate interest (security, product telemetry minimised to aggregates), and consent where explicitly requested (marketing email, cookie-based analytics if we ever enable them).
3. Data Security
- OAuth tokens, refresh tokens, and license keys encrypted at rest with AES-256-GCM.
- All client ↔ server traffic over TLS 1.3.
- JWT access tokens with short 15-minute expiry, opaque refresh tokens with family-reuse detection and per-session CSRF protection for the web dashboard.
- Database hosted in the EU (Supabase, eu-west-1) with daily backups and seven-day point-in-time recovery.
- Least-privilege access: production secrets live in Railway + Vercel environment scopes and are never committed to source control.
- Incident disclosure: if we discover a personal-data breach that meets the GDPR Art. 33 threshold, we notify the Ukrainian supervisory authority within 72 hours and affected users without undue delay. Public disclosure goes to status.focushq.app.
4. Sub-processors
We rely on the following sub-processors to deliver the Service. All EU/UK/Swiss personal data is transferred under the 2021 European Commission Standard Contractual Clauses (SCCs) plus supplementary technical safeguards where required (TLS in transit, AES-256-GCM at rest).
| Sub-processor | Purpose | Region |
|---|---|---|
| Paddle.com Market Ltd | Merchant-of-record, checkout, subscription billing, tax remittance | Ireland / global |
| Supabase Inc. | Managed PostgreSQL (primary database, pgvector, backups) | EU (eu-west-1) |
| Railway Corp. | Backend + AI service hosting, background workers | US |
| Vercel Inc. | Web dashboard and marketing site hosting | US / global edge |
| Upstash Inc. | Redis — cache, queues (BullMQ), rate limiting, idempotency | US (AWS us-east-1) |
| Cloudflare Inc. | DNS, TLS termination, DDoS protection, R2 object storage (attachments + DMG hosting) | Global edge |
| Anthropic, PBC | AI: triage, drafting, planning, chat (Claude models). Zero-retention API tier. | US |
| Voyage AI Innovations Inc. | Text embeddings for semantic search (no training on customer data) | US |
| PostHog Inc. | Product analytics, feature flags (US cluster) | US |
| Functional Software, Inc. (Sentry) | Error tracking and performance tracing | US |
| Resend Inc. | Transactional email (welcome, license delivery, trial reminders, billing receipts) | US |
| Google LLC (Workspace) | support@focushq.app, legal@focushq.app, security@focushq.app inbound email hosting | Global |
| Apple Inc. | APNs push notifications (opt-in for macOS focus-mode updates) | US |
This list is also published at focushq.app/subprocessors with notice of change. We will announce additions at least 14 days before they take effect so you can object before your data flows to the new processor.
OAuth-connected providers (Gmail, Slack, Microsoft, Notion, Todoist, Linear, Jira, GitHub, Figma, Trello, Zoom, Bitbucket, Confluence, Google Drive, OneDrive) are not sub-processors — they are independent controllers for the data you originally entrusted to them. FocusHQ accesses that data on your behalf using the OAuth scopes you approve and sends nothing back to those providers beyond actions you explicitly request (e.g. sending a reply).
5. What Leaves the EU
Your primary data store (Supabase PostgreSQL) is physically hosted in the EU (eu-west-1). Certain sub-processors — Anthropic, Voyage, PostHog, Sentry, Resend, Inngest, Cloudflare, Vercel, Railway — are US-based or globally distributed. For these transfers we rely on the 2021 European Commission SCCs and supplementary measures (encryption in transit and at rest, access-control review, contractual data-minimisation clauses). You can request the SCCs we have in place by emailing legal@focushq.app.
6. Data Retention
We retain data for as long as your account is active, subject to plan-level limits on message history (Free: 7 days, Pro: 30 days, Team: 90 days) — these are enforced automatically and are separate from backups.
When you delete your account:
- Account record + operational data — deleted from the primary database immediately on request (cascade delete across integrations, messages, tasks, events, focus sessions, daily plans, AI rules, and notification rules).
- Encrypted backups— rolled forward through Supabase’s daily snapshot cycle and fully purged within 30 days, which is why we cannot recover an account once deleted.
- Billing records— retained by Paddle for seven years to meet EU and UK tax audit obligations. These are held under Paddle’s own controller responsibility and are outside our direct deletion authority, but we can help you contact Paddle to exercise your rights there.
- Anonymised product analytics — retained indefinitely in aggregate form (no identifier linking back to you).
7. Your Rights
Under GDPR (and equivalent laws in the UK, Switzerland, California CCPA/CPRA, and Ukraine), you have the right to:
- Access and portability (Art. 15, 20) — request a machine-readable JSON export of your data. Use Settings → Account → Export my data in the macOS app, or
GET /api/v1/users/me/exportwith your bearer token. Delivered synchronously for accounts under ~50 MB. - Erasure (Art. 17) — delete your account from Settings → Account → Delete account. Confirmation required; immediate database cascade; 30-day residual backup window as explained in §6.
- Rectification (Art. 16) — correct inaccurate account data in-app, or email us.
- Restriction and objection (Art. 18, 21) — pause processing or opt out of legitimate-interest processing. Email legal@focushq.app.
- Complain to a supervisory authority — for EU/EEA residents, your local Data Protection Authority; for Ukraine, the Ombudsman for Data Protection.
- Revoke integration access — disconnect any OAuth integration from Settings → Integrations. We delete the stored tokens and any messages imported exclusively from that provider immediately.
8. Cookies and Local Storage
The marketing site uses only strictly-necessary cookies (CSRF, session, theme preference). We do not use advertising or cross-site tracking cookies. If we enable product analytics tracking on the web dashboard in the future, you will see a consent banner first and can refuse without losing access.
The macOS app stores session tokens in the macOS Keychain (sandbox-scoped) and operational preferences in a local SQLite cache under ~/Library/Containers/com.focushq.app/.
9. Children
FocusHQ is not directed at children under 16 and we do not knowingly collect data from them. If you believe a child has created an account, contact legal@focushq.app and we will delete it.
10. Changes to This Policy
Material changes (new sub-processors, expanded data collection, changes to retention) will be announced at least 14 days in advance by email to your account address and by an in-app banner. Continued use after the effective date counts as acceptance. Older versions remain accessible on request.
11. Contact
Controller: Andrii Tymoshchuk FOP, Ukraine.
Email: legal@focushq.app.
For Team / enterprise customers who need a signed Data Processing Agreement, see focushq.app/dpa.