Privacy Policy
Last updated: May 3, 2026
The short version
Brukas is designed to respect your privacy. Your data stays on your device unless you explicitly opt in to cloud features. We don't sell data. We don't run ads. We collect the minimum information necessary to make the app work.
What data we collect
Timer usage (local only)
Your focus sessions (task name, duration, timer mode, timestamps) are stored locally on your device using Apple's SwiftData framework. This data never leaves your device unless you enable cloud sync.
Chat messages (local + optional cloud)
Conversations with Pico are stored locally. If you sign in and enable cloud sync, messages are uploaded to our secure server (Supabase) to sync across your devices. Chat content is sent to an AI model (via OpenRouter) to generate responses — it is not stored by the AI provider beyond the request.
Account information (if you sign in)
If you sign in with Apple or Google, we receive your email address and display name from the identity provider. This is used solely for authentication. We do not use it for marketing.
Analytics (opt-in only)
If you grant analytics consent during onboarding, we collect anonymous usage events via PostHog (e.g., "session started," "timer mode selected"). These events contain no personally identifiable information — no task names, no chat content, no email addresses. Analytics can be disabled at any time in Settings.
What we don't collect
- Location data
- Contacts or calendar information
- Browsing history
- Device identifiers for advertising
- Task content in analytics (task names stay on your device or in your encrypted cloud sync)
Cloud sync
Cloud sync is entirely optional. When enabled, your sessions and messages are stored in Supabase (hosted on AWS) with row-level security — only you can access your data. Data is encrypted in transit (TLS) and at rest.
AI chat
Chat messages are routed through a secure server-side proxy (Supabase Edge Function) to the AI model provider (OpenRouter / Google Gemini). No API keys are stored on your device. The AI provider processes your message to generate a response but does not retain your data beyond the request. We apply a daily message limit (20 messages/day on Free; unlimited on Pro) to manage costs.
Data retention
Active data (focus sessions, chat messages, and account settings) is retained until you delete your account or it is automatically removed due to inactivity.
Inactivity policy: Accounts with no sign-in activity for 11 months receive an email warning. Accounts inactive for 12 months are automatically and permanently deleted, including all associated data.
Backup retention: When data is deleted — whether by your request or due to inactivity — it is removed from active storage immediately. Supabase infrastructure backups (daily snapshots) may retain copies for up to 7 days after deletion, after which it is permanently purged from all systems.
Data stored on-device (via SwiftData) persists until you uninstall the app or clear your conversation history in Settings.
Data deletion
You can delete your account and all associated data at any time from Settings > Delete Account. Deletion is immediate and irreversible. The following is permanently removed:
- All focus sessions and chat messages
- Account settings and usage data
- Authentication credentials (Apple ID or Google linkage is removed)
- Analytics identity (PostHog distinct ID is reset — no future events can be linked to your account)
See the backup retention note in the Data retention section above for the infrastructure-level purge timeline.
Children's privacy
Brukas is not directed at children under 13. We do not knowingly collect personal information from children.
Changes to this policy
We may update this policy as the app evolves. Material changes will be communicated through the app. The "last updated" date at the top reflects the most recent revision.
Contact
Questions about this policy? Email us at privacy@brukas.app.