Last updated: January 27, 2026
This Privacy Policy explains how Focido (“Focido”, “we”, “us”, “our”) collects, uses, shares, and protects information when you use our mobile application and our website (together, the “Service”).
Focido is operated by the founders based in Spain (EU). We currently do not have a separate registered legal entity. If this changes, we will update this Privacy Policy accordingly.
Privacy contact: [email protected]
Support: [email protected]
General: [email protected]
1) Who this policy applies to
This policy applies to:
- visitors of our website, and
- users of our mobile app.
It does not cover third-party websites or services that may be linked from the Service.
2) Age requirement
The Service is intended for users 16 years of age and older. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided personal data, contact us at [email protected] and we will take appropriate steps to delete it.
3) Information we collect
A) Information you provide (App and Website)
App
- Account information: email address (for email magic link login).
- Profile information (optional): username, avatar, bio, country, language, interest tags.
- User-generated content (UGC):
- Tasks: title, category, tags, deadline, checklists/subtasks (and any other content you include in task fields).
- Nudges (“pings”): short text (up to 140 characters) and sticker.
- Photos (Proof of Work): images you upload.
- Safety interactions: reports and block actions you submit (e.g., spam/toxic reports), including any context you choose to provide.
Website
- Messages you submit: if you contact us through a website form, we collect the information you provide (for example, your email and message content).
B) Information collected automatically
App
- Device and app information: device identifiers (e.g., installation UUID), app version, device model, operating system, language.
- Usage and analytics events: in-app events and interaction signals (see “Analytics & Crash Reporting”).
- Crash and diagnostics data: crash logs and performance diagnostics (see “Analytics & Crash Reporting”).
Website
- Device and browser information: browser type, operating system, device type, approximate location derived from IP (e.g., country/city-level), and similar technical data.
- Cookies and similar technologies: see “Website cookies & tracking”.
IP addresses (App and Website): We do not store IP addresses in our application databases. IP addresses may be processed by our servers and infrastructure providers in server logs and security systems for service operations, security, and abuse prevention.
C) Purchases and subscription information (App)
If you purchase a subscription via Apple App Store or Google Play:
- We receive purchase status and entitlement information (e.g., whether your subscription is active).
- We do not receive or store your full payment card details.
4) Public and social features (App)
Some app features are designed for sharing and social visibility:
- Public profile: you may choose to make your profile public.
- Motivator preview: before a motivator starts, they may see task details such as title, category, tags, deadline and relevant profile elements required for the feature.
- Social feed (completion stories): stories may show task title, category, tags, deadline, and your username and avatar, plus relevant action buttons.
Task descriptions are not shown publicly in the social feed.
Anonymous Public mode: when enabled, your username, avatar, and profile link are hidden in public views.
Important: Anything you post publicly or share with others may be seen, copied, or re-shared by other users.
5) Reports, blocking, and safety (App)
To help keep the Service safe, the app provides:
- Report content / Report user (e.g., spam/toxic behavior)
- Block user
When you report or block, we may process information necessary to review the report, enforce rules, and prevent abuse. Trust & Safety may access relevant content strictly for moderation and investigations.
6) How we use your information
We use the collected data to:
- Provide and operate the Service
- Create and manage accounts; authenticate logins
- Enable tasks, nudges, motivator flow, social feed, and in-app inbox
- Store uploaded photos
- Respond to website contact requests
- Safety, moderation, and fraud prevention
- Prevent abuse (including rate limiting and misuse detection)
- Protect the XP/Credits economy and Service integrity
- Investigate reports and enforce rules
- Analytics and product improvement
- Improve UX and performance
- Understand usage and feature adoption
(App analytics/crash reporting and website analytics are enabled only with consent where required)
- Crash reporting and diagnostics (App; only with consent)
- Diagnose crashes and performance issues
- Marketing and reactivation (App and/or Website; only with opt-in where required)
- Send marketing/reactivation emails only if you explicitly opt in
- You can opt out at any time
7) Legal bases (EEA/UK users — GDPR)
If you are located in the EEA/UK, we process personal data based on:
- Contract: providing the Service
- Consent: analytics, crash reporting, marketing, and cookies where required and when we ask
- Legitimate interests: security, fraud prevention, moderation, and improving the Service
- Legal obligation: compliance, tax/finance retention, lawful requests
8) Analytics, crash reporting, and subscriptions infrastructure
App (consent-based)
We use:
- Firebase Analytics (usage analytics)
- Firebase Crashlytics (crash logs and diagnostics)
- RevenueCat (subscription and entitlement management)
We enable analytics and crash collection only after you provide explicit consent inside the app. If you decline or withdraw consent, we stop collection going forward.
Note: If you consent, analytics may include certain text content (e.g., task titles and nudge text). We recommend avoiding including sensitive personal data in any text fields.
Website (cookies/consent-based where required)
We use:
- CookieYes (to store your cookie consent choices)
- Google Analytics 4 (GA4) (website analytics)
- Meta Pixel (advertising measurement)
Where required by law (e.g., EU/EEA/UK), GA4 and Meta Pixel are enabled only after you consent via the cookie banner/settings. You can change your choices at any time.
For details, see our Cookie Policy.
9) Sharing your information
We share data only as needed to operate the Service:
A) Service providers (processors)
- Cloud hosting & infrastructure (EU region where possible; core hosting in Amsterdam)
- File storage for photo uploads: DigitalOcean Spaces
- Website consent management: CookieYes
- Analytics & crash reporting: Google Firebase (Analytics, Crashlytics) and Google Analytics (GA4)
- Advertising measurement: Meta (Meta Pixel), if enabled with consent
- Subscriptions & entitlements: RevenueCat
- Store platforms: Apple App Store / Google Play (purchases and refunds)
These providers are authorized to process your data only to provide services to us and must protect it under contractual obligations.
B) Compliance and protection
We may disclose information if required by law or to protect users, the Service, and our rights.
C) Business transfers
If we are involved in a merger, acquisition, or asset sale, data may be transferred subject to appropriate safeguards.
10) International data transfers
We primarily process data in the EU where possible. Some providers may process data outside the EEA (including the United States). Where applicable, we rely on safeguards such as Standard Contractual Clauses (SCCs) and provider DPAs.
11) Data retention
- Account & profile: retained until you delete your account.
- Tasks & related activity: retained until you delete them or delete your account.
- Nudge logs: retained for 90 days for appeals and Trust & Safety investigations.
- Inbox/notification logs: retained 30–90 days (e.g., delivery/read state) with auto-cleanup.
- Website contact requests: retained as needed to respond and for operational recordkeeping.
- Deletion grace period: 7 days before permanent deletion.
- After deletion: we delete personal data, while retaining:
- anonymized metrics (non-identifying)
- legal/finance and Trust & Safety records where required (up to 7 years)
12) Data export (GDPR Export)
You can request a data export from within the app. The export includes a copy of your account data and data created and/or observed while using the Service — including your profile, tasks, and related activity (including history of motivational sessions and sent/received nudges). Technical logs are provided to the extent they relate to your account and do not adversely affect the rights and freedoms of other users.
13) Security
We use reasonable technical and organizational measures such as:
- Encryption in transit (e.g., TLS)
- Encryption at rest provided by infrastructure partners where available
- RBAC, limited admin access, and access logging
No method is 100% secure, but we work to protect your information.
14) Your choices and rights
Depending on your location, you may have rights to access, correct, delete, restrict, object, or export your data.
In-app controls include:
- Marketing opt-in/opt-out
- Consent controls for analytics/crash reporting
- GDPR Export and account deletion
On the website:
- You can manage cookies via Cookie Settings and your browser controls.
To exercise privacy rights, contact [email protected].
15) Account deletion
You can request deletion from within the app. Deletion completes after a 7-day grace period, unless we must retain certain records for legal, security, or fraud-prevention reasons.
16) Changes
We may update this policy. If changes are material, we will notify you. The “Last updated” date indicates the effective date.
17) Contact
For privacy questions and requests: [email protected]
For support: [email protected]
For general inquiries: [email protected]