Privacy Policy

• Account credentials: when you sign in, your email and password are sent over HTTPS to the FocusFlow backend solely to authenticate you. We do not store your password.
• Authentication token: a JWT returned after login is stored locally (browser storage) so you stay signed in. It is only sent as the authorization header to the FocusFlow API.
• Focus session data: when a session completes, its duration and optional linked task id are sent to the API to power your stats.
• Local settings: timer durations and your blocked-site list are stored locally in the extension.

• We do not collect, store, or transmit your browsing history.
• Site blocking uses Chrome’s declarativeNetRequest rules locally; the sites you visit are never sent anywhere.
• We do not sell or share your data with third parties.
• We do not use analytics or advertising trackers.

Account and session data is stored on the FocusFlow server you authenticate against; you can delete your tasks and sessions from the web app. Local data (token, settings) is removed when you log out or uninstall the extension.

• storage — save timer state, token, and settings locally.
• alarms — keep the countdown running in the background.
• notifications — alert you when a period ends.
• declarativeNetRequest — block distracting sites during focus (locally).
• Host access to a small set of social/video domains — to redirect them to a focus page while focusing.
• Host access to the FocusFlow API — for login and saving sessions.

Questions: marklu0509@gmail.com