🔒 Your Privacy Matters: GAISM LLC is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and protect your data when you use Focus Guardian and our other services.
1. Information We Collect
Account Information:
- Email address, name, and profile photo from Google Sign-In
- Account preferences and settings
- Subscription tier and payment status (via Stripe)
Usage Data:
- Focus session data (start/end times, session names, notes)
- Task descriptions and productivity metrics
- Feature usage statistics and interaction patterns
- Device information (browser type, operating system)
Email Metadata (Gmail Integration):
- Email subjects, sender information, and timestamps
- Email categories and priorities (determined by AI)
- Email content is processed in real-time for triage but not permanently stored
Payment Information:
- Processed securely by Stripe (PCI-DSS compliant)
- We never store credit card details on our servers
- We only receive transaction confirmations and subscription status
2. How We Use Your Information
We use your data to:
- Provide Services: Enable focus tracking, email triage, productivity reports, and AI coaching
- Personalization: Customize your experience based on usage patterns and preferences
- Improve Products: Analyze aggregated usage data to enhance features and fix bugs
- Communication: Send service updates, newsletters (opt-in), and support responses
- Security: Detect and prevent fraud, abuse, and unauthorized access
- Legal Compliance: Meet regulatory requirements and respond to legal requests
3. Data Storage and Security
Your data is stored in Google Cloud Firestore with encryption at rest and in transit. We implement industry-standard security practices:
- 🔐 Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- 🛡️ Access Controls: Role-based access with least privilege principle
- 🔍 Monitoring: 24/7 security monitoring and threat detection
- 🔄 Backups: Regular automated backups with 30-day retention
- ✅ Authentication: Google OAuth 2.0 with Firebase Authentication
While we use industry best practices, no system is 100% secure. We cannot guarantee absolute security but will notify you promptly of any data breaches.
4. Third-Party Services
Focus Guardian integrates with trusted third-party services:
- Google Firebase: Authentication, database hosting, cloud functions
- Google Gemini AI: AI-powered email triage and coaching (data processed in real-time, not used for model training)
- Gmail API: Email access with your explicit permission (OAuth scope: read-only)
- Stripe: Payment processing (PCI-DSS compliant)
Each service has its own privacy policy. We recommend reviewing their policies:
5. Data Sharing and Disclosure
We do not sell your personal data. Your information is only shared:
- With Third-Party Services: As listed above, to provide our services
- Legal Requirements: When required by law, court order, or government request
- Business Transfers: In case of merger, acquisition, or asset sale (you will be notified)
- With Your Consent: Any other sharing requires your explicit permission
Email Content: Email data sent to Gemini AI is processed in real-time and not retained by Google for model training or other purposes.
6. Your Privacy Rights
You have the following rights regarding your data:
- Access: Request a copy of all personal data we hold about you
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your account and all associated data
- Export: Download your focus session data in JSON format
- Revoke Access: Disconnect Gmail integration or other permissions at any time
- Opt-Out: Unsubscribe from marketing emails (service emails cannot be opted out)
- Object: Object to data processing for specific purposes
To exercise these rights, contact us at privacy@gaism.com
GDPR & CCPA Compliance: We comply with EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Users in these jurisdictions have additional rights as outlined above.
7. Data Retention
We retain your data as follows:
- Active Accounts: Data retained while your account is active
- After Deletion: Data permanently deleted within 30 days of account closure
- Legal Requirements: Some data may be retained longer for legal compliance (e.g., payment records for tax purposes)
- Anonymized Data: Aggregated, anonymized usage statistics may be retained indefinitely for service improvement
8. Cookies and Tracking
We use cookies and similar technologies:
- Essential Cookies: Required for authentication and core functionality
- Analytics Cookies: Track usage patterns to improve the service (anonymized)
- Preference Cookies: Remember your settings and preferences
You can control cookies through your browser settings, but disabling some cookies may affect functionality.
9. Children's Privacy
Focus Guardian is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected data from a child under 13, we will delete it immediately.
Parents or guardians who believe their child has provided us with personal information should contact privacy@gaism.com
10. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:
- Google Cloud infrastructure complies with international data protection standards
- Data transfers comply with GDPR requirements (Standard Contractual Clauses)
- We use encryption and security measures regardless of data location
11. Changes to This Privacy Policy
We may update this Privacy Policy occasionally to reflect changes in our practices or legal requirements. When we make significant changes:
- We will update the "Last Updated" date at the top
- We will notify you via email
- We will display a notice in the app
- Continued use after changes constitutes acceptance
We encourage you to review this policy periodically.
12. California Privacy Rights
California residents have additional rights under CCPA:
- Know what personal information is collected, used, shared, or sold
- Delete personal information (with certain exceptions)
- Opt-out of the sale of personal information (we do not sell data)
- Non-discrimination for exercising privacy rights
To exercise these rights, email privacy@gaism.com with "CCPA Request" in the subject line.