Skip to main content
← Back to Deep Focus

Privacy Policy

Last updated: May 2026

Overview

Deep Focus is a Pomodoro timer that runs in your browser. We use a local-first architecture: your data lives on your device by default, and is only synced to the cloud when you create an account and sign in.

Data Collection

Deep Focus stores user data locally in your browser using localStorage. This includes:

  • Timer state and session history
  • Task lists and progress
  • User preferences and settings
  • Sound and background choices
  • AI-generated study plans (when using the Planner feature)

For anonymous users, all data remains in your browser and is never sent to a server.

When you create an account and sign in, your data is synced to our cloud database (hosted by Supabase in the EU) so you can access it across devices. This includes your tasks, session history, settings, and study plans. Your authentication credentials are managed by Supabase Auth.

Third-Party Services

Deep Focus uses the following third-party services:

  • Supabase (Ireland, EU) — Authentication and cloud database for signed-in users. Supabase processes your email, session tokens, and synced app data. See Supabase Privacy Policy
  • Stripe — Payment processing for Premium subscriptions. Stripe processes your payment details directly (we never see your card number). See Stripe Privacy Policy
  • Vercel — Hosting and deployment (may collect anonymous analytics)

We do not use advertising networks, social media trackers, or analytics services that profile individual users.

Cookies & Local Storage

Deep Focus uses localStorage for app data and cookies only for Supabase authentication session tokens (when signed in). These cookies are essential for maintaining your login session and are not used for tracking. You can use Deep Focus without cookies as an anonymous user.

Data Retention

Session statistics are automatically pruned after 90 days. Anonymous users can clear local data at any time from Settings. Signed-in users can request full account deletion by contacting us (see below).

Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (right to erasure)
  • Object to processing of your data
  • Data portability — export your data in a structured format

To exercise any of these rights, contact us using the details below.

Children's Privacy

Deep Focus does not knowingly collect personal information from children under 13. Anonymous usage does not involve any personal data collection. Signed-in users under 13 should have a parent or guardian manage their account.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected by the "Last updated" date at the top of this page.

Contact

Questions about this policy? Open an issue at our GitHub repository.