Last Update: 15 Mar, 2025
Privacy Policy
Privacy Policy
Last Updated: January 2025
Effective Date: January 2025
Flow State Defender ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our macOS application ("App"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the App.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address (required for account creation and authentication)
- User ID (automatically generated unique identifier)
- Account creation date
- Last login and active timestamps
- App version and build number (for support and compatibility)
1.2 Activity Monitoring Data
To provide flow state detection and productivity monitoring, we collect:
- Keyboard and mouse activity (events per minute) - used to calculate productivity metrics
- Active window information including:
- Application name
- Application bundle identifier
- Window title (when accessible)
- Flow state classifications (flow, active, distracted, idle states)
- State events and time intervals - timestamps when you enter/exit different states
- Device identifier (hardware UUID) - used for analytics and device-specific features
1.3 Detected Applications Data
We track applications you use to provide personalized app classification:
- Application names and bundle identifiers
- App classifications (flow state, distraction, or neutral)
- Productivity scores (calculated by our ML classifier)
- Detection timestamps (first seen, last seen)
- Detection counts
- User classification overrides (when you manually change an app's classification)
1.4 Analytics and Productivity Data
We aggregate your activity data to provide insights:
- Daily, weekly, and monthly analytics including:
- Total flow time, active time, and idle time
- Flow session counts
- Hourly flow distribution
- Productivity streaks
- Pomodoro session data including:
- Session start/end times
- Time breakdown by state
- Events per minute (EPM) metrics
- Break information
1.5 Flow Context Data
When you capture flow context, we store:
- User-entered context descriptions (what you were working on)
- Project names (optional)
- Tags (optional)
- Notes (optional)
- Associated flow session information
1.6 User Preferences
We store your preferences to personalize the app:
- Profession (used for app classification)
- Service integration settings (enabled/disabled status for integrations)
1.7 Integration Data
If you connect third-party services, we collect:
- Slack integration:
- User ID, team ID, team name, workspace
- Display name and email (from Slack profile)
- OAuth access tokens (stored securely in macOS Keychain)
- Microsoft Teams integration:
- User ID, display name, job title, office location, email
- OAuth access tokens (stored securely in macOS Keychain)
- Spotify integration:
- User ID, display name, email
- OAuth access and refresh tokens (stored securely in macOS Keychain)
1.8 Subscription Information
We collect subscription data to manage your access:
- Subscription status (pro)
- Entitlement level
- Expiration dates
- Renewal status
- Billing information (processed by Apple App Store and RevenueCat)
1.9 Feedback and Support Data
If you submit feedback or bug reports, we collect:
- Feedback content (title, description)
- Feedback type (suggestion or bug report)
- Your email address
- App version and macOS version (for troubleshooting)
1.10 Usage Analytics
We automatically collect usage analytics to improve the app:
- App events (screen views, feature usage, button clicks)
- Error and crash reports (via Firebase Crashlytics)
- Performance metrics (app launch time, feature response times)
- Device information (macOS version, device model)
1.11 Permissions Required
The App requires the following macOS permissions:
- Accessibility Permission - To monitor keyboard and mouse activity for productivity metrics
- Screen Recording Permission - To detect active windows and applications
- Input Monitoring Permission - To track keyboard and mouse events
- Apple Events Permission - To control macOS Focus Mode and Spotify playback
- Bluetooth Permission - To connect to Android devices for Do Not Disturb sync
2. How We Use Your Information
We use the information we collect to:
2.1 Provide Core Services
- Flow state detection - Analyze your activity to detect when you're in a flow state
- Productivity monitoring - Track and display your productivity metrics
- App classification - Classify applications as flow-enabling, distracting, or neutral
- Analytics dashboard - Provide insights into your productivity patterns
- Pomodoro sessions - Manage dynamic Pomodoro sessions based on your flow state
2.2 Integrations
- Slack/Teams status updates - Automatically update your status when entering flow state
- Spotify playback control - Automatically play focus music during flow sessions
- macOS Focus Mode - Automatically enable Do Not Disturb during flow sessions
- Android DND sync - Sync Do Not Disturb status with your Android device
2.3 Account Management
- Authentication - Verify your identity and manage your account
- Subscription management - Process and manage your subscription
- Cross-device sync - Sync your data across multiple devices
2.4 App Improvement
- Analytics - Understand how users interact with the app to improve features
- Crash reporting - Identify and fix bugs and crashes
- Performance monitoring - Optimize app performance
- Remote configuration - Update app behavior without requiring updates
2.5 Communication
- Support - Respond to your feedback and support requests
- Email verification - Verify your email address for account security
- Service updates - Send important service-related notifications
3. How We Store Your Information
3.1 Remote Storage (Firebase Firestore)
Most of your data is stored securely in Google Firebase Firestore:
- User account information
- Detected applications
- Analytics and productivity data
- Flow sessions and state events
- User preferences
- Subscription status
- Feedback submissions
- Flow context data
All data is encrypted in transit and at rest. We use Firebase security rules to ensure users can only access their own data.
3.2 Local Storage
Some data is stored locally on your device:
- macOS Keychain (encrypted):
- OAuth tokens for Slack, Teams, and Spotify
- Accessible only when your device is unlocked
- UserDefaults (local preferences):
- Cached user preferences (profession)
- Cached subscription status (for offline access)
- App state (onboarding completion, etc.)
- Local cache:
- App classification results (temporary cache for performance)
- Remote configuration cache
3.3 Data Retention
- Account data - Retained while your account is active
- Analytics data - Retained indefinitely for historical analysis
- Detected apps - Retained while your account is active
- Flow sessions - Retained indefinitely for analytics
- Feedback - Retained for support and product improvement purposes
- OAuth tokens - Stored until you disconnect the integration
- Crash reports - Retained for 90 days
You can request deletion of your data at any time (see Section 8).
4. Information Sharing and Disclosure
We do not sell your personal information. We may share your information only in the following circumstances:
4.1 Third-Party Service Providers
We use the following third-party services that may have access to your data:
- Google Firebase (Google LLC):
- Authentication, database (Firestore), analytics, crash reporting, remote config, performance monitoring
- Data is subject to Google's Privacy Policy: https://policies.google.com/privacy
- Firebase data is stored in Google Cloud infrastructure
- RevenueCat (RevenueCat, Inc.):
- Subscription management and App Store receipt validation
- Data is subject to RevenueCat's Privacy Policy: https://www.revenuecat.com/privacy
- RevenueCat processes subscription transactions and validates receipts
- Google Gemini API (Google LLC):
- App classification using machine learning
- App names and bundle IDs are sent to Gemini for classification
- Data is subject to Google's Privacy Policy: https://policies.google.com/privacy
- Slack API (Slack Technologies, LLC):
- Status updates and Do Not Disturb control
- Only when you connect your Slack account
- Data is subject to Slack's Privacy Policy: https://slack.com/privacy-policy
- Microsoft Teams API (Microsoft Corporation):
- Presence status updates
- Only when you connect your Teams account
- Data is subject to Microsoft's Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement
- Spotify API (Spotify AB):
- Playback control
- Only when you connect your Spotify account
- Data is subject to Spotify's Privacy Policy: https://www.spotify.com/us/legal/privacy-policy/
4.2 Integration Data Sharing
When you connect integrations:
- Slack/Teams: We send status updates (e.g., "In Flow State") to update your presence
- Spotify: We send playback commands (play/pause) to control music
- We do not share your activity data, analytics, or other personal information with these services
4.3 Legal Requirements
We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).
4.4 Business Transfers
If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.
5. Data Security
We implement appropriate technical and organizational measures to protect your information:
- Encryption in transit - All data transmitted to our servers uses TLS/SSL encryption
- Encryption at rest - Data stored in Firebase is encrypted
- Keychain storage - OAuth tokens are stored in macOS Keychain with encryption
- Access controls - Firebase security rules ensure users can only access their own data
- Authentication - Secure authentication via Firebase Auth
- Regular security audits - We regularly review and update our security practices
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
6. Your Privacy Rights
You have the following rights regarding your personal information:
6.1 Access and Portability
- Access your personal data through the App
- Export your data (contact us for assistance)
6.2 Correction
- Update your account information in the App settings
- Correct your preferences and app classifications
6.3 Deletion
- Delete your account and all associated data by contacting us at [support email]
- Disconnect integrations to remove associated data
- Note: Some data may be retained for legal or legitimate business purposes (e.g., transaction records)
6.4 Opt-Out
- Disable analytics tracking (contact us)
- Disconnect third-party integrations at any time
- Unsubscribe from email communications
6.5 Data Portability
- Request a copy of your data in a machine-readable format
To exercise these rights, please contact us at [support email].
7. Children's Privacy
The App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to have that information removed.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. Specifically:
- Firebase data is stored in Google Cloud data centers (location may vary)
- RevenueCat processes data in the United States
- Third-party APIs (Slack, Teams, Spotify) process data according to their respective privacy policies
By using the App, you consent to the transfer of your information to these countries.
9. California Privacy Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information (we do not sell your data)
- Right to access your personal information
- Right to request deletion of your personal information
- Right to non-discrimination for exercising your privacy rights
To exercise these rights, please contact us at [support email].
10. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
Our legal basis for processing your data:
- Consent - For optional features like integrations
- Contract performance - To provide the services you've requested
- Legitimate interests - For analytics and app improvement
- Legal obligation - To comply with applicable laws
To exercise these rights, please contact us at [support email].
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy in the App
- Updating the "Last Updated" date
- Sending you an email notification (for material changes)
Your continued use of the App after any changes constitutes acceptance of the new Privacy Policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: andrey@elevalabs.io
Website: elevalabs.io
Address: San Jose, Costa Rica
13. App Store Privacy Policy URL
For App Store Connect, please use this URL: www.flowstatedefender.com/privacy-policy