Privacy Policy

Last updated: 19 April 2026

1. Introduction

This Privacy Policy explains how ZenFocus collects, uses, and protects your personal data.

ZenFocus is operated by:

Thomas Orr
Unit 7803
PO Box 6945
London
W1A 6US
Email: tom@zenfocus.io

For data protection purposes, the Owner is the data controller.

2. Scope

ZenFocus operates two separate web properties, and different tools apply to each:

  • Marketing site (www.zenfocus.io) — uses Cloudflare Web Analytics only. This is cookieless and does not track visitors across sites, so no cookie consent banner is shown.
  • Web app (app.zenfocus.io) — uses PostHog for product analytics, session replay, and error tracking, in addition to Cloudflare. A cookie consent banner is shown before non-essential tracking begins.

Sections below indicate which property each data practice applies to.

3. Data we collect

Authentication data (web app only)

ZenFocus uses anonymous authentication by default.

If you choose to create an account, we may collect:

  • Email address
  • Authentication identifiers from Apple or Google sign-in
  • Account creation and login metadata

We do not receive your Apple or Google passwords.

User-generated content (web app only)

We collect and store the information you create in ZenFocus, including:

  • Tasks
  • Focus session logs
  • Associated timestamps and metadata

This data is necessary to provide the Service.

Analytics data (marketing site and web app)

We use Cloudflare Web Analytics across both the marketing site and web app to understand usage and improve performance.

Cloudflare Web Analytics is privacy-focused and does not use cookies for tracking visitors, which is why no cookie consent banner is shown on the marketing site.

Technical information may include:

  • Pages visited
  • Browser and device type
  • Approximate geographic region
  • Aggregated usage data

Product analytics and session replay (web app only)

On the web app only, we use PostHog to understand how ZenFocus is used, diagnose errors, and improve the product. PostHog is not used on the marketing site.

PostHog is loaded in the web app only after you accept non-essential cookies via the consent banner.

PostHog may collect:

  • Page views and page leaves
  • Automatically captured interaction events (such as clicks and navigation)
  • Browser, device, operating system, and approximate geographic region
  • Session replays of your interactions with the Service
  • Error and exception data when something goes wrong
  • A pseudonymous identifier stored locally to link events from the same browser

User profiles in PostHog are only created for identified (signed-in) users. Anonymous visitors are not linked to a profile.

Session replays mask all text entered into input fields so that content you type (such as task names and notes) is not recorded in replays.

Subscription and purchase data (web app only)

If you purchase a ZenFocus subscription or lifetime access, we (via our payment providers) collect and store information relating to your purchase, including:

  • Subscription plan and status
  • Purchase, renewal, and cancellation dates
  • Transaction identifiers
  • Country and approximate location (used for tax and fraud prevention)
  • A pseudonymous identifier used to link your purchases to your ZenFocus account

Payments are processed by Stripe via RevenueCat. Your full card details are entered directly into our payment provider's systems; we do not receive or store your full card number.

Support communications

If you contact us, we may store your email address and message to respond to your request.

4. How we use your data

We use your data to:

  • Provide and operate ZenFocus
  • Save your tasks and focus sessions
  • Authenticate users
  • Maintain security and prevent abuse
  • Improve the Service
  • Provide customer support

5. Legal basis for processing (UK GDPR / EU GDPR)

We process personal data under the following legal bases:

Contract

To provide ZenFocus functionality you request

Legitimate interests

To improve performance, maintain security, and operate the Service

Legal obligation

Where required to comply with applicable laws

6. Data sharing

We do not sell your personal data.

We share data only with service providers necessary to operate ZenFocus, such as:

Cloudflare — hosting, security, and analytics
PostHog — product analytics, session replay, and error tracking
RevenueCat — subscription and purchase management
Stripe — payment processing
Authentication providers (Apple and Google) — when you choose those login methods

These providers process data on our behalf.

7. International transfers

Some service providers — including RevenueCat, Stripe, PostHog, and Cloudflare — may process data outside the UK or EEA, including in the United States. Where this occurs, appropriate legal safeguards are used.

8. Data retention and deletion

We retain personal data only as long as necessary to provide ZenFocus and fulfil the purposes described in this Privacy Policy.

You have the right to request deletion of your personal data at any time.

You can request deletion by contacting tom@zenfocus.io.

Upon receiving a valid request, we will delete your personal data without undue delay, unless retention is required or permitted by law, including for:

  • legal compliance
  • security and fraud prevention
  • resolving disputes
  • enforcing agreements

After deletion:

  • your account (if any) will be deleted
  • your tasks and focus session data will be permanently removed
  • you will no longer be able to access the deleted data

We may retain anonymised or aggregated data that does not identify you.

9. Your rights

Under UK GDPR and EU GDPR, you may have rights including:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Restrict or object to processing
  • Request data portability
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact tom@zenfocus.io.

10. Security

We use reasonable technical and organisational safeguards to protect your data.

No system can guarantee absolute security.

11. Children

ZenFocus is not intended for children under 13.

If you believe a child has provided personal data, contact us and we will delete it.

12. Changes to this policy

This Privacy Policy may be updated periodically.

The latest version will always be available on the ZenFocus website.

13. Contact

Privacy-related questions or requests:

tom@zenfocus.io