The short version
FocusBun stores your tasks, preferences, and rewards locally on your device. We never ask for your name, email, or any personal information — there is no user account to create. For purchase verification and the introductory access period, the app uses a randomly-generated anonymous identifier (an anonymous Firebase Authentication UID) and writes two small records to Cloud Firestore: the date your introductory access began, and whether you have completed the one-time purchase. These records are linked only to the random anonymous identifier — not to anything that identifies you personally. We also use Firebase Analytics (opt-in) and Firebase Crashlytics (opt-in) to improve the app. In-app purchases are processed directly by the Apple App Store or Google Play Store — no third-party purchase middleware is involved. We do not sell or share your data with any third party.
What data the app stores
Tasks and focus sessions
Tasks you create (title, priority, category, consequences, focus session progress) are stored locally on your device using SharedPreferences. This data never leaves your device.
Rewards and streaks
Points, badges, and streak counts are stored locally on your device. They are never transmitted to any server.
App preferences
Settings such as your chosen colour scheme and nickname are stored locally on your device using SharedPreferences. They are never transmitted to any server.
Purchase data
If you purchase FocusBun, the transaction is processed entirely by the
Apple App Store or Google Play Store. No third-party purchase
middleware is involved. Apple or Google handle your payment details directly — we never
see your name, email, or payment information. After purchase, our server verifies the receipt
with Apple or Google and writes a small entitlement record (the product identifier, transaction
identifier, store name, and verification timestamp) to Cloud Firestore at the
path users/<anonymous-id>/entitlements/com.fundydigital.focusbun.pro. This
record is keyed only by the random anonymous identifier described below; it is used to restore
your purchase on reinstall without requiring a sign-in. A local copy of your premium status is
also cached on your device for fast app startup.
Anonymous device identifier & introductory access
To track which devices have begun their seven-day introductory access period (see the Terms for what that is) and to associate verified purchases with a device, the app creates an anonymous Firebase Authentication UID on first launch. This identifier is generated at random by Google and is not derived from your name, email, phone number, advertising identifier, IMEI, IDFA/AAID, or any other personal information. The advertising identifier is explicitly disabled. The anonymous UID is used to read and write two small records in Cloud Firestore:
trials/<anonymous-id>— one field, the calendar date your introductory access began (e.g."2026-06-07").users/<anonymous-id>/entitlements/<product-id>— whether you have completed the one-time purchase, plus the transaction details described above.
We do not collect, infer, or store any other data tied to the anonymous UID, and we do not attempt to correlate it with any other identifier. You can delete both records and the anonymous UID itself from inside the app: Settings → Reset all data. See the Delete your data page for the step-by-step instructions.
Firebase Analytics
We use Google Firebase Analytics to understand how the app is used and improve the experience. Firebase Analytics may collect:
- App opens and session duration
- Screen views and navigation patterns
- Device type, OS version, and app version
- Anonymous instance ID
This data is anonymous — it is not linked to your identity. Firebase Analytics data is retained for 14 months, then automatically deleted. You can opt out in the app’s Settings.
Firebase Crashlytics
We use Google Firebase Crashlytics to detect and fix crashes. When a crash occurs, Crashlytics may collect:
- Crash logs and stack traces
- Device model, OS version, and app version
- App state at the time of the crash
Crash data is retained for 90 days. We never include your nickname, task names, or any personal content in crash reports. Crashlytics is disabled in debug builds. You can opt out in Settings.
What we don't do
- ✗ We do not collect your name, email, or any personal information.
- ✗ We do not sell, share, or licence your data to any third party.
- ✗ We do not display advertising.
- ✗ We do not require you to create an account, provide an email, or sign in. The app uses an anonymous, randomly-generated identifier (see the “Anonymous device identifier” section above) which is not derived from anything personal and is never shown to you.
Third-party services
FocusBun uses the following third-party services:
- Google Firebase Anonymous Authentication — creates a random anonymous identifier on first launch. Used only to key the trial and entitlement records in Cloud Firestore. No personal information is collected. Firebase Auth docs.
- Google Cloud Firestore — stores two small records keyed by the anonymous identifier: the introductory-access start date and the verified-purchase entitlement. Firestore Data Privacy.
- Google Cloud Functions — server-side code that verifies in-app purchase receipts with Apple and Google before granting entitlement. Receives the receipt and writes the entitlement record described above. Cloud Functions docs.
- Google Firebase App Check — verifies that requests to Firebase services come from genuine app installs. Processes device attestation tokens via Apple App Attest (iOS) or Google Play Integrity (Android). No personal data is collected. App Check docs.
- Google Firebase Analytics (opt-in) — anonymous app usage data. Firebase Privacy
- Google Firebase Crashlytics (opt-in) — crash reports and diagnostics. Crashlytics Terms
- Apple App Store / Google Play Store — process in-app purchases directly. No third-party purchase middleware is used.
Google Fonts are bundled at build time — no network requests are made to Google Fonts at runtime.
Legal basis for processing (GDPR)
Under the EU General Data Protection Regulation (GDPR), we process data on the following legal bases:
- Consent (Art. 6(1)(a)) — Firebase Analytics and Crashlytics data collection. You explicitly opt in during onboarding and can withdraw consent at any time in Settings.
- Contract performance (Art. 6(1)(b)) — in-app purchase validation via Apple/Google, anonymous Firebase Authentication, and storage of the trial start date and verified entitlement record in Cloud Firestore. These are necessary to provide the introductory access period and to deliver the one-time purchase you bought (including the ability to restore it on reinstall without requiring a sign-in).
- Legitimate interest (Art. 6(1)(f)) — Firebase App Check attestation, necessary to protect the app and our server-side purchase verification against abuse.
Data retention & deletion
Local data (tasks, preferences, rewards): stored on your device only. To delete, uninstall the app or clear the app’s data through your device settings.
Firebase Analytics: anonymous usage data retained for 14 months, then automatically deleted.
Firebase Crashlytics: crash reports retained for 90 days, then automatically deleted.
Purchase data: transaction records are managed by the Apple App Store or Google Play Store under their respective privacy policies. A local cache of your premium status is stored on your device and deleted when you uninstall the app.
Anonymous Firebase records (trial start date, verified-purchase entitlement, and the
anonymous UID itself): retained until you delete them via Settings → Reset all data
inside the app. The reset deletes both Firestore records (trials/<uid> and
users/<uid>/entitlements/<product>) and the anonymous Firebase Authentication user.
If you uninstall the app without resetting, the records remain until you request deletion by email
([email protected]);
we will delete them within 30 days of a verified request.
Children's privacy
FocusBun is designed for users aged 13 and older. Firebase Analytics and Crashlytics collect only anonymous, non-personal device and usage data. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected personal information from a child, please contact us at [email protected] and we will delete it promptly.
California privacy rights (CCPA/CPRA)
We do not sell or share your personal information as defined by the California Consumer Privacy Act. We do not use your data for cross-context behavioural advertising. California residents have the right to know what data is collected, request deletion, and opt out of any future sale or sharing. To exercise these rights, contact [email protected].
Your rights
Depending on your jurisdiction, you may have the right to:
- Access the data we hold about you
- Request correction or deletion of your data
- Object to or restrict processing (GDPR Art. 21)
- Data portability
- Lodge a complaint with your local data protection authority
Since all personal data is stored locally on your device, you have full control. For Firebase data, you can opt out in the app’s Settings or contact us to request deletion.
International data transfers
Our service providers (including Google Firebase) may process data on servers in the United States. For users in the EU/EEA and UK, these transfers rely on the European Commission’s Standard Contractual Clauses (and, where applicable, the EU-US Data Privacy Framework) incorporated into our providers’ data-processing terms.
Accessibility
We want Focus Bun to be usable by everyone. If you encounter an accessibility barrier, email [email protected] and we will do our best to help.
Changes to this policy
If we make material changes to this policy, we will update the "Last updated" date above. Continued use of the app after changes constitutes acceptance of the updated policy.
Contact
Questions about this privacy policy? Email us at [email protected].
Data controller: Fundy Digital, Long Island, New York, United States. Contact: [email protected].