Privacy Policy

Last updated: April 4, 2026

The short version

Pico Focus is designed to respect your privacy. Your data stays on your device unless you explicitly opt in to cloud features. We don't sell data. We don't run ads. We collect the minimum information necessary to make the app work.

What data we collect

Timer usage (local only)

Your focus sessions (task name, duration, timer mode, timestamps) are stored locally on your device using Apple's SwiftData framework. This data never leaves your device unless you enable cloud sync.

Chat messages (local + optional cloud)

Conversations with Pico are stored locally. If you sign in and enable cloud sync, messages are uploaded to our secure server (Supabase) to sync across your devices. Chat content is sent to an AI model (via OpenRouter) to generate responses — it is not stored by the AI provider beyond the request.

Account information (if you sign in)

If you sign in with Apple or Google, we receive your email address and display name from the identity provider. This is used solely for authentication. We do not use it for marketing.

Analytics (opt-in only)

If you grant analytics consent during onboarding, we collect anonymous usage events via PostHog (e.g., "session started," "timer mode selected"). These events contain no personally identifiable information — no task names, no chat content, no email addresses. Analytics can be disabled at any time in Settings.

What we don't collect

  • Location data
  • Contacts or calendar information
  • Browsing history
  • Device identifiers for advertising
  • Task content in analytics (task names stay on your device or in your encrypted cloud sync)

Cloud sync

Cloud sync is entirely optional. When enabled, your sessions and messages are stored in Supabase (hosted on AWS) with row-level security — only you can access your data. Data is encrypted in transit (TLS) and at rest.

AI chat

Chat messages are routed through a secure server-side proxy (Supabase Edge Function) to the AI model provider (OpenRouter / Google Gemini). No API keys are stored on your device. The AI provider processes your message to generate a response but does not retain your data beyond the request. We apply a daily message limit (30 messages/day) to manage costs.

Data deletion

You can delete your account and all associated data at any time from Settings > Delete Account. This permanently removes your data from both the cloud and your device. Deletion is immediate and irreversible.

Children's privacy

Pico Focus is not directed at children under 13. We do not knowingly collect personal information from children.

Changes to this policy

We may update this policy as the app evolves. Material changes will be communicated through the app. The "last updated" date at the top reflects the most recent revision.

Contact

Questions about this policy? Email us at hello@picofocus.app.