BackFocus2.me

Privacy Policy

Last updated: May 31, 2026 · DRAFT — pending legal review.

What we believe

Your data is yours. We collect the minimum we need to make Focus2.me work, we never sell it, and we delete what we don't need.

1. What we collect

  • Account basics: name, handle (@you), email, password (stored hashed — we can't read it), date of birth.
  • Profile: bio, avatar, location, social links — whatever you choose to add.
  • Messages & Intro Cards: the structured prompts you send and receive.
  • Age verification (optional): a copy of your ID image, kept only until an admin reviews it, then deleted (see Section 4).
  • Technical: basic logs (IP, browser, timestamps) for security and abuse prevention.
  • Push notification token: if you opt-in to Web Push, your browser's push subscription endpoint.

2. What we never collect

Card numbers (merch checkout is handled by our fulfilment partner), private social-network data, or content from other apps. We don't run third-party advertising trackers.

3. How we use your data

  • To run the service: sign you in, deliver messages, show your profile, ship your merch.
  • To keep things safe: detect abuse, block spammers, investigate reports.
  • To improve Focus2.me: aggregate, anonymous usage stats — never individual profiling.
  • To contact you about your account (e.g. security, important changes). We don't send marketing email without your opt-in.

4. Age verification — the deletion contract

If you upload a government-issued ID for age verification:

  • The image is shown only to an admin reviewer.
  • The moment the admin approves or rejects, the image bytes are deleted from our database immediately (`$unset`).
  • We keep only a status (approved / rejected), reviewer ID, decision timestamp, and any rejection reason — purely for compliance and abuse prevention.
  • Your full date of birth is never displayed publicly. Other users only see your computed age (e.g. "30 y/o").

5. Who can see what

  • Public on your profile: name, handle, bio, avatar, location (if added), social links, age (if you've added a DOB), Verified 18+ badge (if approved).
  • Private: email, password hash, full date of birth, your message history, verification status detail.
  • Visible only after an Intro Card: the message thread between you and the other user.

6. Cookies & sessions

We use a single secure, HttpOnly session cookie to keep you signed in. It can't be read by JavaScript or third parties. We don't use cross-site tracking cookies.

7. Sharing your data

We don't sell or rent your data. We share it only with:
  • Service providers who help us run the platform (hosting, database, email delivery, push notifications, merch fulfilment). They're bound by contracts to handle your data only on our instructions.
  • Legal authorities when required by a valid legal request, or to prevent imminent harm.

8. Your rights

  • See what we hold about you (request a copy by emailing us).
  • Correct anything that's wrong — most fields you can edit yourself in the app.
  • Delete your account anytime from your profile. Some logs may be retained for security/legal reasons.
  • Withdraw consent (e.g. turn off push notifications) at any time.

9. Security

Passwords are hashed (bcrypt). Sessions use HttpOnly, SameSite-Lax cookies over HTTPS. ID images used for age verification are deleted immediately after review. We work hard to protect your data but no system is 100% secure — please choose a strong, unique password and tell us right away if you suspect anything is off.

10. Data retention

We keep account data while your account exists. Once you delete your account, your profile is removed promptly; backups and limited audit data (e.g. age-verification audit, abuse logs) may persist for up to 90 days for security and legal compliance.

11. International users

Focus2.me may store and process data in countries other than where you live. By using the service you understand and consent to that transfer.

12. Changes to this Policy

If we make a meaningful change, we'll surface the new policy next time you sign in. Continuing to use Focus2.me after that means you accept the changes.

13. Contact

Privacy questions, data requests, or concerns? privacy@focus2.me.
DRAFT — pending review by a qualified attorney. Nothing here constitutes legal advice.

Made with Emergent