Privacy Policy

Introduction

Welcome to InfiniteArc. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and browser extension. Please read this privacy policy carefully.

Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Name (optional)
• Password (encrypted and hashed)
• Profile picture (if provided via OAuth)

Usage Data

We automatically collect certain information when you use our service:

• Focus session data (duration, completion status, categories)
• Session notes and intentions
• Custom timer settings and preferences
• Blocked website lists
• Achievement and rank progress
• Analytics data (completion rates, streaks)

Browser Extension Data

Our Chrome extension collects and stores:

• Blocked site preferences
• Short-form content blocking settings
• Timer state and synchronization data
• Extension settings and preferences

Third-Party Integration Data

If you connect third-party services, we may collect:

• Google Calendar: Event titles, times, and descriptions (for session scheduling)
• Slack: Workspace access for status updates during focus sessions
• OAuth Providers: Profile information from Google or GitHub when you sign in

Google User Data Disclosure

This section specifically addresses how we handle data obtained from Google APIs, in compliance with Google API Services User Data Policy.

Data We Access from Google

When you connect your Google account, we may access:

• Basic Profile Information: Name, email address, and profile picture (for authentication)
• Google Calendar Events: Event titles, dates, times, and descriptions (to create focus session events)

How We Use Google User Data

We use Google user data exclusively to:

• Authenticate you and create your InfiniteArc account
• Display your profile information within the application
• Create, read, and manage calendar events for your focus sessions

Data Sharing, Transfer, and Disclosure

Specifically:

• No Sale of Data: We never sell your Google user data to advertisers, data brokers, or any other third parties.
• No Transfer to Third Parties: Your Google user data is not transferred to external parties for their own purposes.
• No Sharing for Advertising: We do not use your Google user data for advertising, marketing, or promotional purposes.
• No AI/ML Training: We do not use your Google user data to train artificial intelligence or machine learning models.

Data Storage and Retention

Google OAuth tokens and related data are securely stored in our database with encryption. You can revoke access at any time by:

• Disconnecting the integration from your InfiniteArc settings
• Removing InfiniteArc from your Google Account permissions

Upon disconnection or account deletion, all stored Google user data and tokens will be permanently deleted within 30 days.

How We Use Your Information

We use the collected information to:

• Provide and maintain the InfiniteArc service
• Sync your data across devices and the browser extension
• Generate analytics and insights about your productivity
• Send you service-related emails (verification, password reset)
• Integrate with calendar and communication tools you've connected
• Block distracting websites during focus sessions
• Improve and personalize your experience

Browser Extension Permissions

Our Chrome extension requires specific permissions to function:

Data Storage and Security

Your data is stored securely on Neon PostgreSQL servers with encryption at rest and in transit. We implement industry-standard security measures including:

• Password hashing using bcrypt
• HTTPS/SSL encryption for all data transmission
• Secure session management with encrypted tokens
• Regular security audits and updates

Third-Party Services

We use the following third-party services:

• Vercel: Web hosting and infrastructure
• Neon: Database hosting
• Google OAuth: Authentication (optional)
• GitHub OAuth: Authentication (optional)
• Google Calendar API: Calendar integration (optional)
• Slack API: Status updates (optional)
• PostHog: Privacy-focused analytics (may be added)

Each service has its own privacy policy. We recommend reviewing them if you use those integrations.

Your Rights (GDPR Compliance)

If you are in the European Economic Area, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your account and all associated data
• Data Portability: Export your data in a machine-readable format
• Object: Object to processing of your personal data
• Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, please contact us using the information below.

Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will permanently delete all your data within 30 days, except where we are required to retain it by law.

Children's Privacy

InfiniteArc is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of InfiniteArc after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: