Privacy Policy
Last updated: April 22, 2026
1. Overview
FocusLedger is built for people with ADHD who want to understand their money and manage their tasks in one place. We take your privacy seriously. This policy explains what data we collect, why we need it, how we protect it, and what rights you have.
We are Polsia, Inc., the company behind FocusLedger. If you have questions about this policy, contact us at privacy@focusledger.app.
2. What We Collect
We collect only what we need to run the service. Here's what, why, and how:
| Data Type | What We Collect | Why |
|---|---|---|
| Account Info | Name (optional), email address, hashed password | Account creation, login, service communications |
| Tasks & Steps | Task names, descriptions, steps, due dates, completion status, recurrence rules | Core app functionality |
| Expenses | Amount, category, date, description, associated task (if any) | Spending tracking and budget view |
| Bank & Account Data | Transaction amount, merchant name, date, category; account names, account types (checking/savings/credit), institution names (via Plaid). We do NOT store account numbers, routing numbers, or bank login credentials. | Automated expense tracking for Autopilot users (via Plaid) |
| Email Data | Email subject, sender, date, and body snippets for task detection (via read-only OAuth). We do NOT store full email content long-term. | Email-to-task linking (Autopilot feature) |
| Usage Data | Pages visited, features used, timestamp (server logs) | Product improvement, debugging, security |
| Device Info | Browser type, IP address, PWA install state | Security, product improvement |
We do not collect biometric data, precise location data, health information, or any data not listed above.
3. How We Store & Protect Data
All personal data is stored in a PostgreSQL database hosted on Neon (a fully managed PostgreSQL service by Neon Technologies). Data is encrypted at rest on Neon servers.
OAuth tokens (bank connections via Plaid, email OAuth connections) are encrypted at rest using AES-256-GCM before being stored in our database. These tokens are only accessible to your own account and are never shared between users.
Passwords are hashed using bcrypt with a cost factor of 12. We never store plaintext passwords.
Data isolation: Each user can only access their own data. We enforce this at the application layer via authenticated session tokens.
Data transit is protected by TLS 1.2+. We do not support outdated cipher suites.
4. Third-Party Integrations
We use third-party services to operate FocusLedger. Each handles data according to their own privacy policies:
Your personal data is never sold, licensed, or shared with advertisers, data brokers, or third parties for advertising purposes.
Plaid, Inc. (Bank & Financial Data)
FocusLedger uses Plaid to connect your bank and credit accounts. When you link a bank account (Autopilot feature), Plaid acts as a secure data intermediary between your financial institution and FocusLedger.
What financial data FocusLedger receives via Plaid:
- Transaction amounts, dates, and merchant names
- Account names and account types (checking, savings, credit)
- Institution names (e.g., "Chase", "Bank of America")
- Account balances (when available)
What FocusLedger does NOT store:
- Bank account numbers or routing numbers
- Bank login credentials (username or password)
- Full card numbers or PINs
Your bank credentials are entered directly into Plaid's secure interface — FocusLedger never sees or handles them. FocusLedger receives only the transaction and account metadata you explicitly authorize.
- Plaid's End User Privacy Policy governs their data handling
- You can disconnect your bank connection at any time from Settings
- Plaid may retain data per their own retention policy after disconnection
Stripe, Inc. (Payment Processing)
Stripe processes your subscription payments. We do not store your full card details on our servers:
- Stripe stores card details; we store only a tokenized payment reference
- Stripe's Privacy Policy governs payment data
- Stripe may retain transaction records per their legal obligations
Google / Gmail (Email OAuth)
When you connect Gmail via Google OAuth (Autopilot feature), FocusLedger requests read-only access to your inbox. We use this access to surface actionable emails as suggested tasks — we do not send email, modify your inbox, or access your contacts.
What FocusLedger accesses via Gmail:
- Email subject lines, sender names, and received dates
- Email body snippets to identify actionable items (not stored long-term)
What FocusLedger does NOT do:
- We do not store full email body content beyond the immediate session
- We do not train AI models on your email content
- We do not share email content with third parties
- We do not access your Google Contacts or other Google services
- Google's Privacy Policy governs their data handling
- You can disconnect Gmail at any time from Settings in FocusLedger
- You can also revoke access directly from your Google Account permissions page
Microsoft, Yahoo (Email OAuth)
The same read-only access and data handling principles apply to Outlook (Microsoft) and Yahoo email connections as described above for Gmail.
- Your email credentials are held by the provider, not FocusLedger
- You can revoke OAuth access from Settings or directly from your Microsoft/Yahoo account security settings
5. Your Rights
You have complete control over your data. You can:
Export Your Data
Contact us at privacy@focusledger.app with "Data Export" in the subject line. We'll provide a full export of your tasks, expenses, and account data in JSON format within 30 days.
Delete Your Account
Delete your account from the Settings page. This permanently removes all your personal data from FocusLedger within 30 days. Bank connections via Plaid are disconnected automatically.
Disconnect Linked Accounts
You can disconnect your bank account or email OAuth connection at any time from Settings. Revoking access through the provider (Google, Plaid, etc.) also severs the connection.
Correct Inaccurate Data
You can edit any task, expense, or profile information directly in the app at any time.
Opt Out of Non-Essential Communications
You can unsubscribe from marketing emails via the unsubscribe link in each email. Transactional emails (account security, billing) cannot be opted out of.
lodge a Complaint
If you believe your privacy rights have been violated, you have the right to file a complaint with the relevant data protection authority in your jurisdiction. You can also contact us directly at privacy@focusledger.app.
6. Cookies & Sessions
FocusLedger uses JWT (JSON Web Token) based sessions stored in browser localStorage (not traditional cookies). Here's what that means:
- Session token: A JWT stored in localStorage authenticates your requests to the API. It expires after 30 days of inactivity.
- No tracking cookies: We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
- Service Worker: Our PWA uses a Service Worker to cache app resources for offline functionality. It does not track you.
- Meta Pixel: We use Meta Pixel (Facebook) for advertising attribution only. It tracks page views and conversion events — not personal data beyond what Meta's own policies govern.
You can disable localStorage by clearing your browser data, but this will log you out of FocusLedger.
7. ADHD Data Sensitivity
We understand that the data in FocusLedger — your productivity patterns, task completion rates, spending behavior, financial history — is inherently personal and potentially sensitive, especially for people with ADHD who may have spent years navigating shame around these areas.
Our commitments:
- Never sell your data. Your task data, financial data, or usage patterns will never be sold, licensed, or transferred to any third party for advertising, profiling, or data brokerage purposes.
- No advertising profiling. We do not use your productivity data or financial data to build advertising profiles or target you with ads anywhere.
- No secondary use. Data you enter into FocusLedger is used only to provide the FocusLedger service to you.
- No third-party analytics sold to others. Our analytics data is for internal product improvement only.
If this changes in any way, we will notify you by email at least 30 days before the change takes effect.
8. Data Retention
We retain your data for as long as your account is active, plus a grace period:
- Active accounts: Data retained indefinitely while you use the service.
- Deleted accounts: All personal data deleted within 30 days of account deletion request.
- Bank transactions: Transaction data retained for 24 months after sync. Older transactions are purged.
- Server logs: Retained for 90 days maximum, then purged.
- Marketing emails: If you delete your account, you are unsubscribed from all marketing emails immediately.
We may retain aggregated, anonymized data indefinitely for product improvement purposes. This data cannot be linked back to you.
9. Children's Privacy
FocusLedger is not designed for or directed at children under 13. We do not knowingly collect personal information from anyone under 13 years of age.
If we learn that we have collected personal information from a child under 13, we will take immediate steps to delete that data. If you are a parent or guardian and believe your child has provided us with personal information, contact us at privacy@focusledger.app with "Children's Data" in the subject line.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- We update the "Last updated" date at the top of this page
- For material changes affecting your rights or data handling, we notify you by email
- We post a notice in the app dashboard
Continued use of FocusLedger after changes constitutes acceptance of the updated policy.
11. Contact
Questions, concerns, or requests about your data? We're here:
Email: privacy@focusledger.app
Company: Polsia, Inc.
Website: https://focusledger.net
We aim to respond to all privacy inquiries within 72 hours.