This Privacy Policy explains how FocusedZen collects, uses, and protects your personal information when you use our mobile app and websites (together, the “Service”). FocusedZen is a focus app: it plays calming music and video, helps you schedule focus time around your calendar, and lets you keep a short private note about how a session went. We have written this policy to describe what the Service actually does, in plain language.
In this Policy, “FocusedZen”, “we”, “us”, and “our” mean Luke Phillip Donnet, trading as FocusedZen (ABN 85 771 836 684), and “you” means the person using the Service.
1. Who we are and how to contact us
FocusedZen is operated by Luke Phillip Donnet, trading as FocusedZen (ABN 85 771 836 684), based in New South Wales, Australia. Contact address: 1/457-459 Elizabeth Street, Surry Hills, NSW 2010.
For any privacy question, or to exercise your rights, contact us at privacy@focusedzen.com.
2. What we collect
2.1 Information you give us
- Account details. When you create an account through our login provider (Kinde), we receive your email address, your name, and a profile picture if your sign-in provider supplies one. You can also set a username.
- Focus sessions. When you use the Service we save the sessions you build and play: their names, durations, the blocks they contain, which music or video scene you chose, and whether you completed them.
- Your session notes. After a session you can optionally tap a quick check-in: a one-tap “energy” rating, a one-tap rating of how the session went, and an optional free-text note. This is private to your account and we use it only to show it back to you. You can skip it, and skipping saves nothing.
- Support messages. If you contact us for help, we receive your message, your email, and anything you attach.
2.2 Information collected automatically
When you use the Service we collect basic technical information needed to run it: your time zone, and basic usage events such as when a session started and ended. We do not collect your precise location, we do not use your microphone or camera, and we do not use advertising identifiers or third-party tracking.
2.3 Information from services you connect
- Calendar (optional). If you connect Google Calendar, we read the timing of your events so we can find free gaps in your day for a focus session. To do this we briefly cache each event’s start and end time, its title, and how many people are invited, and we refresh this regularly. We do not store the descriptions, locations, individual attendee details, or other contents of your events.
- Slack (optional). If you connect Slack, we use it only to turn on your “Do Not Disturb” status while a session is running.
You control these connections and can disconnect them at any time.
2.4 What we do not collect
We do not ask for your date of birth, we do not collect health or medical information, we do not use clinical questionnaires, and we do not collect biometric, genetic, racial, political, religious, or sexual-orientation information. Your session notes are a personal reflection tool, not a health record, and we do not analyse them to draw conclusions about you.
3. How we use your information
We use your information to:
- create and run your account and sign you in;
- build, schedule, and play your focus sessions, including finding calendar gaps and toggling Slack Do Not Disturb if you connect them;
- save your session history and notes so you can see them across your devices;
- process your subscription through our payment provider, Paddle;
- respond to your support requests and keep the Service secure; and
- understand how the Service is used in aggregate so we can improve it.
We do not use your information for behavioural advertising, and we do not sell or rent it.
4. Legal bases (EU/UK users)
Where the EU or UK GDPR applies, we rely on: performance of our contract with you (to provide the Service); your consent (for optional analytics cookies on our marketing site, described in our Cookie Notice); and our legitimate interests (to keep the Service running and secure, and to understand usage in aggregate, balanced against your rights). You can object to processing based on legitimate interests at any time.
5. Who we share your information with
We share information only with the service providers that help us run FocusedZen:
| Provider | What they do | Information they receive |
|---|---|---|
| Kinde | Login and account management | Email, name, profile |
| Paddle | Payments (merchant of record), invoicing, tax | Name, email, billing details, payment method (card data handled by Paddle, not us) |
| Fly.io | Hosting and database (primary region: Frankfurt, EU) | Account, session, and note data |
| Bunny.net | Delivering music and video | IP address of media requests |
| Calendar timing, if you connect it; analytics on our marketing site (only with consent) | Calendar event timing; truncated IP for analytics | |
| Slack | Do Not Disturb control, if you connect it | Connection token, DND status |
| Cloudflare | Marketing-site hosting and bot protection | IP address, request metadata |
We use infrastructure suppliers (including Redis, Prometheus, Doppler, and GitHub) to operate and secure our systems; these do not receive your personal information for their own purposes.
We may disclose information if required by law or a valid legal request, and we will tell you where we are allowed to. If we are ever involved in a merger or sale, we will let you know before your information becomes subject to a different policy.
6. Where your information is held
Our primary database is in the European Union (Frankfurt, Germany). Some providers are in other countries (for example, the United States). When information moves out of the EU, UK, or Australia to a country without an adequacy decision, we rely on standard contractual protections and encryption in transit and at rest. For Australian users we take reasonable steps under Australian Privacy Principle 8 to ensure overseas recipients handle your information consistently with the Australian Privacy Principles.
7. How long we keep it
We keep your information for as long as you have an account, and delete it when you delete your account. Our current schedule:
- Account and session data, including your notes: kept while your account is active; deleted when you delete your account.
- Billing records: kept as required by tax law (7 years in Australia, or the local equivalent).
- Support messages: kept for up to 3 years after the matter is resolved.
- Technical logs: kept for a short period for security and troubleshooting.
When you delete your account, we remove your personal information from our active systems. Backups roll off on their normal cycle. We may keep information that can no longer be linked to you for aggregate analytics.
8. How we protect your information
We use encryption in transit (TLS) for all connections, and we encrypt connection tokens (such as your calendar and Slack tokens) at rest using AES-256-GCM. Our database runs in a private network with no direct internet exposure, access to production systems is restricted, and our application secrets are managed with a dedicated secrets manager. No online service is perfectly secure; if you spot a problem, please tell us at the contact above.
9. Your rights
9.1 Everyone
You can ask us to confirm what we hold about you, correct anything inaccurate, get a copy of your data, and delete your account and the information we hold about you. You can do this in your account settings or by writing to us, and we will respond within the time your local law requires.
9.2 EU, UK, and Swiss residents
You also have the right to restrict or object to certain processing, withdraw consent, and complain to your local data protection authority (in the UK, the ICO at ico.org.uk).
9.3 California residents
You have the right to know, access, correct, and delete your personal information, and to not be discriminated against for exercising these rights. We do not sell or share your personal information for cross-context behavioural advertising, so there is nothing to opt out of; if that ever changes, we will provide an opt-out and honour Global Privacy Control signals. You can designate an authorised agent to make a request for you.
9.4 Other US state residents
If your state has a comprehensive privacy law, you have similar rights to access, correct, delete, and obtain a copy of your information, and to opt out of targeted advertising, sale, and profiling (none of which we do). Contact us to exercise them.
9.5 Australian residents
Under the Privacy Act 1988 you can access and correct your information and complain about how we handle it. If we decline a request we will explain why. You can escalate a complaint to the Office of the Australian Information Commissioner at oaic.gov.au.
9.6 Canadian residents
Under PIPEDA you can access and correct your information and challenge our compliance. Quebec residents have additional rights, including data portability, under Law 25.
10. Cookies
Our app and account site use only the cookies needed to keep you signed in. Our marketing site uses analytics only if you accept them. Our Cookie Notice has the details.
11. Children
FocusedZen is intended for adults (18 and over) and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
12. Automated decisions
We do not make decisions that have a legal or similarly significant effect on you using automated means alone.
13. Changes
We may update this Policy. If we make a material change we will let you know in the Service or by email and update the effective date above.
14. Contact
Questions or complaints: privacy@focusedzen.com, or write to our registered address above. You can also contact your local data protection authority.