Privacy Policy

• Identity and profile data
• Name and age
• Premium, tier, and entitlement status
• Onboarding state
• App metadata such as platform, app version, and timestamps
• Stats, daily stats, and session history
• Preferences and settings
• Selected personality
• Theme, accessibility, motion, and color vision settings
• Daily goal
• Focus intention and focus obstacle
• Shield state
• Blocked apps
• Planned sessions and reminders
• Progression, XP, and in-app progression balances
• Sync and restore status
• Support requests and support context
• Support abuse-prevention signals
• Support and waitlist email delivery records

Cloud-synced app data is tied to your Firebase account, which may be an anonymous account unless you link a sign-in method. This helps restore progress and premium state across reinstalls or devices where supported.

• Active session state
• Manual block state
• Session feedback
• Retention metadata
• Share and review nudges
• First-focus activation state
• Header/footer discovery state
• Character affinity and greeting state
• Notification IDs
• Cached blocked apps
• Last app open
• Release notes version

Local-only data may be removed when you clear app data, delete the app, or use app controls that clear local state.

Usage Access: Used to detect which app is open so Shield can identify distraction attempts during protected sessions. It is not used to read messages, passwords, photos, or the content inside other apps.

Overlay permission: Used to show a blocking or recovery screen over distracting apps when Shield or Manual Block interrupts them. It is not used to secretly control other apps.

Notifications and reminders: Used for planned sessions, focus reminders, and related app prompts. You can turn notifications off in Android settings, but reminders may stop working.

You can revoke permissions in device settings. Some CogniFocus features may stop working if the required permission is removed.

On the website, PostHog analytics is only initialized after you allow analytics in the cookie consent banner. If you decline, PostHog should not initialize for your browser session.

Website analytics may include page views, page leave events, browser or device details, rough usage patterns, and similar product diagnostics. PostHog session replay is not currently enabled.

The mobile app may use app analytics or diagnostics to improve reliability, feature quality, and product decisions. Analytics is not a promise that every event is collected, and it is not used to sell your personal data.

• Firebase / Google Cloud for sign-in, backend services, cloud sync, support flows, and email delivery.
• Cloudflare Turnstile for website form anti-spam checks.
• PostHog for website analytics after consent.
• RevenueCat for mobile premium entitlement and purchase state.
• Google Play and, where relevant, Apple App Store services for app distribution, subscriptions, and purchase management.

These providers process data under their own systems and policies. We use them to provide CogniFocus, not to sell your personal data.

If this becomes active, we will use it to make CogniFocus more relevant across regions and languages, not to sell your data.

In the app, Settings > Delete Account cancels pending CogniFocus notifications, stops active app services, deletes your synced profile, daily stats, and sync records, tries to delete support records tied to your account, keeps a limited deletion audit record for operational and abuse-prevention purposes, clears local app preferences, and deletes your sign-in account.

Some records may remain where required for security, abuse prevention, subscription restore, tax, legal, platform compliance, or if they are controlled by a third-party provider.

Deleting CogniFocus data does not automatically cancel an app-store subscription. Subscriptions must be managed through Google Play or the relevant app store.

• Right to access. You may request a copy of the personal data we hold about you.
• Right to rectification. You may request that inaccurate or incomplete personal data be corrected.
• Right to erasure ("right to be forgotten"). You may request deletion of your account and all associated personal data. Using Settings > Delete Account in the app initiates this process and removes your synced data.
• Right to data portability. You may request your personal data in a structured, commonly used, machine-readable format.
• Right to restrict processing. You may request that we limit how we process your personal data in certain circumstances.
• Right to object. You may object to processing of your personal data where we rely on legitimate interest as our legal basis.
• Right to withdraw consent. Where processing is based on consent (such as website analytics), you may withdraw consent at any time. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

Legal basis for processing. We process your data on the following legal bases: consent (e.g., analytics cookies, waitlist sign-up) and legitimate interest (e.g., providing app sync, fraud prevention, and improving product reliability).

EU data hosting. Cloud-synced app data is stored in Firebase using a European region. Website analytics via PostHog are only collected after you provide consent.

Data retention. Your personal data is retained while your account is active. When you delete your account, your synced personal data is deleted as described in the Data Deletion section. Limited audit and abuse-prevention records may be retained where legally permitted.

How to exercise your rights. Email us at [email protected] with the subject "GDPR Request". We will respond within the timeframe required by applicable law.

Right to lodge a complaint. You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed in violation of GDPR.

• Right to know. You have the right to know what categories of personal information we collect, use, and disclose. See the Website Data and Cloud-Synced App Data sections for a full breakdown of what we collect.
• Right to delete. You have the right to request deletion of personal information we have collected from you, subject to certain exceptions for legal, security, and operational purposes.
• Right to opt out of sale. We do not sell your personal information to third parties, so there is nothing to opt out of. We do not trade your data for money or other valuable consideration.
• Right to non-discrimination. We will not discriminate against you for exercising any of your CCPA rights. You will not receive a different level of service or be charged different prices for exercising these rights.

Categories of personal information collected include identifiers (email, account ID), usage data (focus sessions, stats, app preferences), device and app metadata, and support communications. See the Website Data and Cloud-Synced App Data sections for details.

How to exercise your rights. Submit a verifiable consumer request by emailing [email protected] with the subject "CCPA Request". We will respond within 45 days as required by law.

Controller: CogniFocus (operated by CogniElevate)
Contact: [email protected]
Data hosting: Cloud-synced data is stored in Firebase using a European Union region (Google Cloud European infrastructure).

For any questions about how we process your data, to exercise your rights under GDPR or CCPA, or to raise a privacy concern, please contact us at the address above.