Privacy Policy

Last updated: 28 February 2026

1. Introduction

This Privacy Policy explains how ZenFocus collects, uses, and protects your personal data.

ZenFocus is operated by:

Thomas Orr
Unit 7803
PO Box 6945
London
W1A 6US
Email: [email protected]

For data protection purposes, the Owner is the data controller.

2. Data we collect

Authentication data

ZenFocus uses anonymous authentication by default.

If you choose to create an account, we may collect:

  • Email address
  • Authentication identifiers from Apple or Google sign-in
  • Account creation and login metadata

We do not receive your Apple or Google passwords.

User-generated content

We collect and store the information you create in ZenFocus, including:

  • Tasks
  • Focus session logs
  • Associated timestamps and metadata

This data is necessary to provide the Service.

Analytics data

We use Cloudflare Web Analytics to understand how ZenFocus is used and improve performance.

Cloudflare Web Analytics is privacy-focused and does not use cookies for tracking visitors.

Technical information may include:

  • Pages visited
  • Browser and device type
  • Approximate geographic region
  • Aggregated usage data

Support communications

If you contact us, we may store your email address and message to respond to your request.

3. How we use your data

We use your data to:

  • Provide and operate ZenFocus
  • Save your tasks and focus sessions
  • Authenticate users
  • Maintain security and prevent abuse
  • Improve the Service
  • Provide customer support

4. Legal basis for processing (UK GDPR / EU GDPR)

We process personal data under the following legal bases:

Contract

To provide ZenFocus functionality you request

Legitimate interests

To improve performance, maintain security, and operate the Service

Legal obligation

Where required to comply with applicable laws

5. Data sharing

We do not sell your personal data.

We share data only with service providers necessary to operate ZenFocus, such as:

Cloudflare — hosting, security, and analytics
Authentication providers (Apple and Google) — when you choose those login methods

These providers process data on our behalf.

6. International transfers

Some service providers may process data outside the UK or EEA. Where this occurs, appropriate legal safeguards are used.

7. Data retention and deletion

We retain personal data only as long as necessary to provide ZenFocus and fulfil the purposes described in this Privacy Policy.

You have the right to request deletion of your personal data at any time.

You can request deletion by contacting [email protected].

Upon receiving a valid request, we will delete your personal data without undue delay, unless retention is required or permitted by law, including for:

  • legal compliance
  • security and fraud prevention
  • resolving disputes
  • enforcing agreements

After deletion:

  • your account (if any) will be deleted
  • your tasks and focus session data will be permanently removed
  • you will no longer be able to access the deleted data

We may retain anonymised or aggregated data that does not identify you.

8. Your rights

Under UK GDPR and EU GDPR, you may have rights including:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Restrict or object to processing
  • Request data portability
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact [email protected].

9. Security

We use reasonable technical and organisational safeguards to protect your data.

No system can guarantee absolute security.

10. Children

ZenFocus is not intended for children under 13.

If you believe a child has provided personal data, contact us and we will delete it.

11. Changes to this policy

This Privacy Policy may be updated periodically.

The latest version will always be available on the ZenFocus website.

12. Contact

Privacy-related questions or requests:

[email protected]