Privacy Policy

Introduction

Welcome to InfiniteArc. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and browser extension. Please read this privacy policy carefully.

Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Name (optional)
• Password (encrypted and hashed)
• Profile picture (if provided via OAuth)

Usage Data

We automatically collect certain information when you use our service:

• Focus session data (duration, completion status, categories)
• Session notes and intentions
• Custom timer settings and preferences
• Blocked website lists
• Achievement and rank progress
• Analytics data (completion rates, streaks)

Browser Extension Data

Our Chrome extension collects and stores:

• Blocked site preferences
• Short-form content blocking settings
• Timer state and synchronization data
• Extension settings and preferences

Third-Party Integration Data

If you connect third-party services, we may collect:

• Google Calendar: Event titles, times, and descriptions (for session scheduling)
• Slack: Workspace access for status updates during focus sessions
• OAuth Providers: Profile information from Google or GitHub when you sign in

How We Use Your Information

We use the collected information to:

• Provide and maintain the InfiniteArc service
• Sync your data across devices and the browser extension
• Generate analytics and insights about your productivity
• Send you service-related emails (verification, password reset)
• Integrate with calendar and communication tools you've connected
• Block distracting websites during focus sessions
• Improve and personalize your experience

Browser Extension Permissions

Our Chrome extension requires specific permissions to function:

Data Storage and Security

Your data is stored securely on Neon PostgreSQL servers with encryption at rest and in transit. We implement industry-standard security measures including:

• Password hashing using bcrypt
• HTTPS/SSL encryption for all data transmission
• Secure session management with encrypted tokens
• Regular security audits and updates

Third-Party Services

We use the following third-party services:

• Vercel: Web hosting and infrastructure
• Neon: Database hosting
• Google OAuth: Authentication (optional)
• GitHub OAuth: Authentication (optional)
• Google Calendar API: Calendar integration (optional)
• Slack API: Status updates (optional)
• PostHog: Privacy-focused analytics (may be added)

Each service has its own privacy policy. We recommend reviewing them if you use those integrations.

Your Rights (GDPR Compliance)

If you are in the European Economic Area, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your account and all associated data
• Data Portability: Export your data in a machine-readable format
• Object: Object to processing of your personal data
• Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, please contact us using the information below.

Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will permanently delete all your data within 30 days, except where we are required to retain it by law.

Children's Privacy

InfiniteArc is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of InfiniteArc after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: