Your Privacy Matters

Privacy Policy

We are committed to protecting your personal data. This policy explains what we collect, how we use it, and the rights you have over your information.

Effective: January 1, 2026Last Updated: April 24, 2026GDPR & CCPA Compliant
Section 1

Overview

Focura ("we," "our," or "us") is a productivity and collaboration SaaS platform. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit our website or use the Focura platform (collectively, the "Service").

We are committed to data minimisation — we collect only what we need, retain it only as long as necessary, and never sell your personal data to third parties.

Focura is compliant with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws. You can exercise your rights at any time by contacting focurabusiness@gmail.com.
Section 2

Data We Collect

We collect different types of information depending on how you interact with the Service. The table below summarises the categories of personal data we collect, why we collect it, and how long we keep it.

Data CategoryExamplesPurposeRetention
Account DataName, email, password hash, profile photoAuthentication, account managementUntil account deletion + 30 days
Usage DataPages visited, features used, session durationProduct improvement, analytics13 months
Device & Log DataIP address, browser type, OS, timestampsSecurity, fraud prevention, debugging90 days
Workspace ContentTasks, comments, files, project dataCore service deliveryUntil deletion by user + 30 days
Payment DataLast 4 digits, billing address, transaction IDBilling and subscription management7 years (legal obligation)
CommunicationsSupport emails, feedback, survey responsesCustomer support, service improvement3 years

* Retention periods may be extended where required by law or for the resolution of disputes and enforcement of agreements.

Section 3

How We Use Your Data

We process your personal data only when we have a lawful basis to do so. The legal bases we rely on are:

  • Contract performance — to create your account, provide the Service, and handle billing.
  • Legitimate interests — to improve the platform, ensure security, and prevent fraud, provided these interests are not overridden by your rights.
  • Consent — for optional features such as marketing emails and analytics cookies. You may withdraw consent at any time.
  • Legal obligation — to comply with applicable laws, court orders, or regulatory requests.

Specifically, we use your data to:

  • Provide, operate, and maintain the Focura platform and its features.
  • Process transactions and manage your subscription.
  • Send transactional emails such as account verification, password resets, and billing receipts.
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities.
  • Personalise and improve your experience through product analytics.
  • Respond to your support requests, comments, and questions.
  • Send product updates, changelogs, and marketing communications (only with your consent).
  • Comply with legal obligations and resolve disputes.
Section 4

Sharing Your Data

We do not sell, rent, or trade your personal data. We only share information with third parties as described below.

We may share your data with the following categories of recipients:

  • Service Providers — trusted vendors who help us operate the Service (e.g., Vercel for hosting, Stripe for payments, Cloudinary for file storage, Upstash for caching). These parties are bound by Data Processing Agreements (DPAs) and may only use data to perform services for us.
  • Workspace Members — your name, avatar, and activity within a shared workspace are visible to other members of that workspace as necessary for collaboration.
  • Legal Requirements — when disclosure is required by law, subpoena, or court order, or to protect the rights, property, or safety of Focura, its users, or others.
  • Business Transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
Section 5

International Data Transfers

Focura is operated globally and your data may be transferred to, and processed in, countries other than your own. Where we transfer personal data outside the European Economic Area (EEA) or the UK, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions recognising the destination country's data protection standards.
  • Binding Corporate Rules where applicable.

You may request details of the specific safeguards applied to your data transfers by contacting us at focurabusiness@gmail.com.

Section 6

Security & Data Protection

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

  • All data is encrypted in transit using TLS 1.2+ and at rest using AES-256.
  • Passwords are hashed using Argon2id — we never store plaintext passwords.
  • Authentication uses RS256-signed JWTs with short-lived access tokens and secure refresh rotation.
  • Access to production systems is restricted to authorised personnel on a need-to-know basis.
  • We conduct regular security reviews and dependency audits.
  • Security events are logged and monitored with automated alerting.
Despite these measures, no transmission over the Internet is 100% secure. If you discover a security vulnerability, please report it responsibly to focurabusiness@gmail.com rather than opening a public issue.
Section 7

Cookies & Tracking

We use cookies and similar tracking technologies to operate the Service and understand how you use it. The types of cookies we use:

  • Strictly Necessary — required for authentication sessions and core platform functionality. Cannot be disabled.
  • Functional — remember your preferences (theme, language, sidebar state) to personalise your experience.
  • Analytics — collect aggregated, anonymised usage data to help us improve the product. Requires consent.

You can manage cookie preferences via your browser settings or our in-app Cookie Preferences panel. Note that disabling non-essential cookies will not affect your ability to use core features.

For full details, see our Cookie Policy.

Section 8

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data. We honour all of these requests within 30 days (or sooner where required by law):

Right to Access

Request a copy of the personal data we hold about you at any time.

Right to Rectification

Correct inaccurate or incomplete personal information in your account.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Portability

Export your data in a structured, machine-readable format at any time.

Right to Restrict

Ask us to limit how we process your data in certain circumstances.

Right to Object

Object to processing of your data for direct marketing or profiling.

Right to Complain

Lodge a complaint with your local data protection authority at any time.

Right to Withdraw

Withdraw consent for data processing at any time without penalty.

To exercise any of these rights, email us at focurabusiness@gmail.com with the subject line "Privacy Request". We may ask you to verify your identity before processing the request. We will not discriminate against you for exercising your rights.

Section 9

Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information without parental consent, please contact us immediately at focurabusiness@gmail.com and we will take steps to delete such data promptly.

Section 10

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  1. 1We will update the "Last Updated" date at the top of this page.
  2. 2We will notify you via email or an in-app banner at least 14 days before the change takes effect.
  3. 3For significant changes to how we use your data, we will seek fresh consent where required.

We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

Section 11

Contact & DPO

If you have questions, concerns, or requests relating to this Privacy Policy or how we handle your data, please reach out to us:

General Privacy Enquiries

Email: focurabusiness@gmail.com

Response time: within 2 business days

Security Vulnerabilities

Email: focurabusiness@gmail.com

Responsible disclosure welcome

You also have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national DPA within the EU) if you believe we have not handled your data lawfully.