Privacy Policy

Effective Date: 4/19/26 | Last Updated: 4/19/26

The Focal mobile Application, the Focal hardware Device, the subscriber Dashboard, the Focal website, and all related Support Services are collectively referred to as the "Services" in this Policy. Please read this Policy carefully and direct any questions to focalcontact11@gmail.com.

IF YOU DO NOT AGREE WITH THE TERMS OF THIS POLICY, PLEASE REFRAIN FROM USING THE SERVICES. YOUR CONTINUED USE OF THE SERVICES CONSTITUTES YOUR ACKNOWLEDGMENT OF THIS POLICY AND AUTHORIZES FOCAL TO PROCESS YOUR INFORMATION IN ACCORDANCE WITH IT.

1. Parties and Scope

This Privacy Policy ("Policy") governs the relationship between the following parties:

• Focal: Focal Technologies, Inc., a Delaware corporation that is the developer and operator of the Focal productivity application and associated NFC hardware device ("Focal," "we," "us," or "our").
• Subscriber: The entity that has licensed the Focal system for use in its focus setting ("Subscriber"). The Subscriber is the Data Controller with respect to User's personal information processed through the Services (see Section 4).
• User: The individual who downloads the Focal application and uses the Focal device in connection with their subscriber ("User," "you," or "your").

This Policy applies to all users of the Focal mobile application ("App"), the Focal NFC hardware device ("Device"), and the Subscriber-facing web dashboard ("Dashboard"), in all jurisdictions. Additional disclosures apply for California users (Section 14) and Ohio users (Section 15).

2. How the Focal System Works

Focal is a productivity tool that allows teams of users to self-initiate their individual focus sessions via NFC tap, blocking all non-essential applications via Family Controls API.

2.1 Technical Mechanism and Platform APIs

Focal applies app block exclusively through operating-system-approved APIs and user-granted permissions. Focal does not install profiles, configuration payloads, or device administrator agents that grant remote control to a subscriber.

• On iOS, Focal uses Apple's Screen Time and Family Controls frameworks, leveraging Apple's standard app categories. These APIs require explicit user authorization at setup and allow the user to revoke permission at any time through the iOS Settings app.

Focal does not bypass, circumvent, or override any operating-system-level privacy controls or permissions.

2.2 Enrollment and Initial Consent

Before the Focal App operates on your device for the first time, you are presented with an in-app disclosure screen ("Enrollment Screen") that:

• Identifies your subscriber by group code
• Lists the specific categories of data Focal will collect
• Confirms that Focal operates only during active sessions and does not monitor your device outside of those sessions
• Provides a link to this Privacy Policy and to the Terms and Conditions

You must affirmatively tap "I Agree" on the Enrollment Screen before Focal will function on your device. This affirmative acceptance constitutes your informed, explicit consent to the data practices described in this Policy. Participation in the Focal system is voluntary from a technical standpoint — you may withdraw consent at any time through the methods described in Section 9.

2.3 Activation (Via NFC)

• To begin a focus session, you physically tap your mobile device against the Focal NFC Device.
• The activation (Via NFC) action confirms the start of a session; it is a session-control action, not a substitute for the informed consent obtained at enrollment (see Section 2.2).
• Focal then applies a block on all non-essential app categories via Family Controls.

2.4 During an Active Session

• Focal limits all non-essential apps from opening.
• Sends an ephemeral binary activity status update alongside username and phone model to the dashboard API.
• You retain full control of your device during an active session. You can place calls, send messages, use apps not on the filter list, and exit the session at any time by tapping out via an NFC tap to Focal device(s).
• Focal does not block, restrict, or interfere with system-critical functions, including emergency calling (911), the native Phone application, system-level Messages, Settings, or any other feature required for life-safety or device-management purposes. These functions remain fully available to you at all times, including during active sessions, regardless of the Subscriber's app-filter configuration.

2.5 Deactivation (Via NFC)

• To end a focus session at shift end, during a break, or at any other time, you open the Focal app and tap your mobile device against the Focal NFC Device again.
• Upon deactivation (Via NFC), all Focal app-filter functionality immediately and completely ceases.
• The activity status disappears from the web subscriber feed.
• The Subscriber cannot re-activate a session remotely; only a physical tap-in by you initiates a new session.
• Deactivation (Via NFC) is always available to you. No penalty is imposed by Focal for deactivation (Via NFC).

2.6 What Focal Does NOT Do — Ever

• Focal does not allow your Subscriber to remotely control or manage your device.
• Focal does not track your GPS location or physical whereabouts.
• Focal does not access, read, or transmit your personal emails, messages, photos, or files.
• Focal does not record, intercept, or store any phone call content, recipient information, or call metadata.
• Focal does not monitor your social media accounts or personal app activity.
• Focal does not collect or transmit session-related data after deactivation (Via NFC).
• Focal does not access or monitor your device's microphone, camera, or biometric data.
• Focal does not access your contacts, call history, or personal communications.
• Focal does not process User data for any purpose outside of active sessions, except for the limited non-session functions described in Section 2.7.

2.7 Limited Non-Session App Functions

For transparency, when the Focal App is installed but not in an active session, the App performs only the following limited functions:

• Standard operating-system app update checks (handled by the Apple App Store, not by Focal's servers)
• Automatic crash and error reporting if the App crashes, through a third-party error-reporting service (no personal content, message content, or app usage data is included — only technical crash data)

These are standard functions common to virtually all mobile applications and are necessary to maintain app stability and security. No User behavioral data, session data, location data, or personal content is transmitted during these functions.

3. Use of Focal on Personal (BYOD) Devices

Focal may be installed on either subscriber-provided devices or your personal ("Bring Your Own Device" or "BYOD") mobile device. Focal recognizes that personal devices are subject to heightened privacy expectations, and applies the following principles to protect Users using BYOD:

• Focal operates only during active sessions — that is, between activation (Via NFC) and deactivation (Via NFC). Outside of active sessions, Focal performs no session logging, behavioral monitoring, or data transmission related to your activity.
• Focal never accesses data stored in personal apps, personal accounts, photos, messages, or any content outside the app-filter function.
• Subscribers may not configure which apps or app categories are filtered during active sessions. They cannot remotely wipe, lock, unenroll, disable, or otherwise control your personal device through Focal.
• You retain ultimate control over participation. You may disable the App's operating-system permissions, uninstall the App, or decline to initiate sessions at any time without technical restriction from Focal.
• Uninstalling the Focal App immediately terminates all Focal functionality on your device. Focal does not resist or prevent uninstallation.
• Questions regarding whether Focal use is required or recommended by your Subscriber, or which apps have been designated for filtering, should be directed to your Subscriber.

4. Role of the Parties in Data Processing

For purposes of this Policy and applicable data protection laws:

• Subscriber = Data Controller.
  Your Subscriber determines the purposes and means of processing data. This includes reading the temporary User sessions, device names, and usernames.
• Focal = Data Processor / Service Provider.
  Focal processes User data solely on behalf of, and in accordance with the instructions of, the Subscriber. Focal does not use User data for its own purposes, does not sell User data, and does not use User data to train advertising, profiling, or marketing systems.
• Focal = Data Controller for Subscriber Account Data.
  With respect to Subscriber account registration, billing, and Dashboard login credentials, Focal acts as the Data Controller.

Subscribers entering into a contract with Focal are required to sign a Data Processing Agreement ("DPA") that governs Focal's processing of User's data on the Subscriber's behalf.

5. Information We Collect

Focal collects only the minimum data necessary to operate the Service. We do not sell, rent, or share your data with third parties for advertising purposes.

5.1 Information Collected from Users

• First and last name (for Subscriber Dashboard identification)
• Organization code entered at signup (to associate you with your Subscriber)
• Device identifier (to associate tap events (Via NFC) with a specific device)
• Temporary activation (Via NFC) timestamp (date and time a session begins)
• Temporary deactivation (Via NFC) timestamp (date and time a session ends)
• Session duration (calculated from activation (Via NFC) and deactivation (Via NFC)

5.2 Information Collected Automatically

• App version and operating system version
• Crash reports and error logs (used solely for app stability; no personal content or session data included)
• NFC device pairing identifiers

5.3 Third-Party Service Providers

Focal uses the following categories of third-party service providers. These providers process only the data necessary to perform their function and are contractually prohibited from using data for any other purpose:

• Cloud infrastructure and backend hosting — Amazon Web Services (AWS), U.S. East region, used for authentication and storing userbase. Data is stored and processed within the continental United States.
• Crash and error reporting — a third-party error-reporting service (e.g., Sentry or similar) processing only technical crash data.
• Payment processing for Subscriber billing — a PCI-compliant third-party payment processor (e.g., Stripe or similar).

The specific vendors may change over time. Focal will update this Policy if material changes occur to its vendor categories. No advertising, marketing, or cross-app tracking SDKs are integrated into the Focal App.

6. Legal Basis for Processing

Focal processes personal information on the following legal bases:

• Performance of a Contract.
  Focal processes Subscriber and User data as necessary to perform its service contract with the Subscriber.
• Legitimate Interest.
  Focal has a legitimate interest in maintaining the security of its Services, diagnosing technical issues, and preventing fraud, provided such interests are not overridden by the fundamental rights of users.
• Consent.
  Focal relies on the affirmative consent obtained through the in-app Enrollment Screen (Section 2.2) for the collection and processing of User session data.
• Legal Obligation.
  Focal may process data where required to comply with applicable law, court order, or governmental regulation.

7. How We Use Your Information

We use the information we collect for the following specific purposes:

• To operate and provide the Focal Service during active focus sessions
• To maintain the security and integrity of the Focal platform
• To diagnose technical issues and improve app stability and performance
• To process Subscriber billing and subscription management
• To communicate with Subscribers regarding account status, product updates, and support
• To comply with applicable laws and legal obligations

Focal does not process User data outside of active sessions, except for the limited non-session functions described in Section 2.7 (app update checks and crash reporting). We do not use User data for advertising, profiling, behavioral tracking, cross-app analytics, or any purpose unrelated to the operation of the Focal focus setting productivity service.

8. How Information Is Shared

8.1 With Your Subscriber

Session data, including activation (Via NFC) and deactivation (Via NFC) times, session duration, and break logs, is temporarily visible to your Subscriber through the Dashboard. This is the core function of the Focal service and is disclosed to you at enrollment. Subscribers do not receive access to your personal device activity beyond what is described in Section 5.1.

8.2 With Service Providers

Focal may share limited data with trusted third-party vendors who assist in operating the Service (see Section 5.3). All service providers are contractually required to use data only as necessary to provide services to Focal, are prohibited from using it for any other purpose, and are subject to confidentiality and security obligations.

8.3 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of Focal's assets, user data may be transferred as part of that transaction. We will notify affected Subscribers via email prior to such a transfer.

8.4 We Do Not Sell Your Data

Focal does not sell, rent, lease, or trade your personal information to any third party for any purpose, including advertising or marketing.

9. Data Retention, Deletion, and Withdrawal of Consent

We retain data only for as long as necessary to fulfill the purposes described in this Policy or as required by law.

• Session data (activation (Via NFC)/deactivation (Via NFC) logs) is retained for the duration of the session time to live of 23 hours, 59 minutes, and 59 seconds.
• Subscriber's account data is retained for the duration of the subscription plus 180 days following account closure.
• Crash reports and error logs are retained for up to 12 months.
• Upon written request, User session data associated with a specific device may be deleted earlier, subject to the Subscriber's contractual rights and applicable law.

When a Subscriber's subscription ends or is terminated, all associated User session data will be permanently deleted from Focal's servers immediately.

You may withdraw your consent to Focal's data processing at any time by any of the following methods:

• Ceasing use of the App and not initiating new sessions
• Revoking the App's operating-system permissions (Screen Time on iOS) through your device Settings
• Uninstalling the Focal App
• Contacting Focal in writing at focalcontact11@gmail.com

Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal. Upon withdrawal, no further session data will be collected from your device, and historical data will be deleted in accordance with the retention schedule above.

10. Data Security

Focal takes the security of your information seriously. We implement industry-standard technical and organizational safeguards, including:

• Encryption of data in transit using TLS (Transport Layer Security)
• Encryption of data at rest on our servers
• Access controls limiting data access to authorized Focal personnel only
• Hosting on Amazon Web Services (AWS) infrastructure with industry-standard security certifications
• Regular security reviews of our application and infrastructure

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify affected users and Subscribers in accordance with applicable law.

11. International Data Transfers

The Focal Services are operated and hosted in the United States (Amazon Web Services, U.S. East region). If you access the Services from outside the United States, please be aware that your information may be transferred to, stored in, and processed in the United States. U.S. data protection laws may differ from the laws of your country of residence. By using the Services, you consent to the transfer and processing of your information in the United States.

Focal's Services are not primarily designed for users in the European Economic Area (EEA), the United Kingdom (UK), or other jurisdictions with comprehensive cross-border data transfer restrictions, and are not actively marketed in those regions. EEA and UK users may have additional rights under local data protection law, including the right to lodge a complaint with their national data protection authority. Where mandatory local law provides protections greater than those in this Policy, those local protections will apply to the extent required by law.

12. User Rights and Choices

As a User using Focal, you have the following rights with respect to your data:

• Right to Access.
  You may request a summary of the session data Focal has collected associated with your device.
• Right to Correction.
  You may request correction of inaccurate data associated with your account.
• Right to Deletion.
  You may request deletion of your personal data, subject to the Subscriber's contractual rights and Focal's legal obligations.
• Right to Withdraw Consent.
  You may withdraw your consent at any time by the methods described in Section 9.
• Right to Raise Concerns.
  You may contact Focal directly at focalcontact11@gmail.com to raise any concern about how your data is handled, independent of your Subscriber.

To exercise any of the above rights, contact us at focalcontact11@gmail.com. We will respond to verifiable requests within 30 days.

13. Children's Privacy

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

• Age Requirements.
  By using our Services, you confirm that you are at least 13 years old. If you are under 18 years of age, you represent and warrant that you have obtained parental or guardian consent before using our Services or providing any personal information to us.
• Parental Rights.
  Parents or legal guardians have the right to request to review or have deleted their child's personal information and may withdraw consent for our Services to collect any further personal information from the child. Please contact us at focalcontact11@gmail.com to request to review and/or delete any personal information we may have collected from a child under 18, or to withdraw permission for Focal to collect any additional information from the child.

14. California Residents — CCPA / CPRA Disclosure

If you are a California resident, the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), provides you with specific rights regarding your personal information.

14.1 Your California Rights

• Right to Know.
  You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete.
  You have the right to request deletion of personal information we have collected from you, subject to certain statutory exceptions.
• Right to Correct.
  You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing.
  Focal does not sell or share personal information as those terms are defined under the CCPA/CPRA. No opt-out action is required.
• Right to Limit Use of Sensitive Personal Information.
  Focal does not collect sensitive personal information (see Section 14.3 below).
• Right to Non-Discrimination.
  We will not discriminate against you for exercising any of your CCPA/CPRA rights.

14.2 Categories of Information Collected

In the past 12 months, Focal has collected the following categories of personal information as defined by the CCPA:

• Identifiers.
  First and last name; device identifiers; organization code; Subscriber account email addresses.
• Commercial Information.
  Subscriber billing and subscription data.
• Internet or Electronic Network Activity.
  App version and crash logs.
• Employment-Related Information.
  Session timing data associated with focus sessions.

14.3 Sensitive Personal Information

Focal does not collect any of the following categories of sensitive personal information, as defined under the CPRA:

• Social Security number, driver's license number, or other government-issued identification
• Financial account numbers, debit card numbers, or credit card numbers with access codes
• Precise geolocation data
• Racial or ethnic origin, religious or philosophical beliefs, or union membership
• Contents of mail, email, or text messages
• Genetic data or biometric information
• Health information, sex life, or sexual orientation

14.4 How to Submit a California Rights Request

To submit a CCPA/CPRA request, email us at focalcontact11@gmail.com with the subject line "California Privacy Request." We will verify your identity before processing your request and respond within 45 days, with a possible 45-day extension if reasonably necessary.

15. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of the State of Delaware, the state of Focal's incorporation, without regard to its conflict-of-law principles. Any disputes arising out of or relating to this Policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Delaware, except where applicable law confers jurisdiction on another forum, such as the laws of your state of residence.

16. Changes to This Policy

We reserve the right to modify and update this Policy at any time. Minor clarifications may be made without separate notification. If we make changes that materially impact the privacy of your personal information, we will notify you by email (if you have provided an email address) or through the App, and will update the "Last Updated" date at the top of this Policy.

Contact Us

If you have any questions about this Privacy Policy, please contact us at:

• Email: focalcontact11@gmail.com
• Focal Technologies, Inc., Delaware corporation