What We Collect

Minimal data footprint — only what's needed to compute focus intelligence:

account:email, display_name

calendar:meeting times + durations (never content)

activity:app_category enum (IDE | browser_work | meeting)

focus:session start_time, duration_ms

phone:app open/close timestamps only

tasks:title, estimate_hrs, status

02

What We Never Collect

✕window_titles, urls, file_paths

✕keystrokes, screenshots, recordings

✕phone_apps (which apps you use)

✕meeting_content, chat_messages

✕location, contacts, photos

03

How We Use Your Data

Processing is scoped to four operations:

→ compute_focus_scores()

→ generate_coaching()

→ predict_timelines()

→ send_push_notifications() // with permission

# We never sell or share data for advertising.

04

Client-Side Processing

Raw behavioral data (app usage, timestamps) is processed on your device. Only anonymized aggregate metrics are transmitted to our servers for ML scoring. The ML engine never receives identifiable behavioral sequences.

05

Storage & Security

database:SOC 2 Type II certified cloud database with row-level access controls

transport:TLS 1.3

tokens:Keychain (iOS/macOS)

config:chmod 600 (owner-only)

encryption:AES-256 at rest, TLS 1.3 in transit

06

Data Retention

We retain your data only as long as necessary for the stated purposes:

activity_data:TTL 90d, auto-deleted

account_data:retained until account deletion

backups:purged within 30d of account deletion

anonymized_aggregates:retained indefinitely (cannot be re-identified)

07

Sub-Processors

We engage the following categories of sub-processors to deliver our services:

cloud_database:SOC 2 Type II certified provider — stores account and session data

push_notifications:Industry-standard push notification service — delivers alerts

ml_compute:SOC 2 certified compute infrastructure — runs ML scoring

oauth_provider:Handles Google sign-in authentication

# All sub-processors are bound by data processing agreements.

08

Your Rights

export → Settings → Export Data (JSON)

delete → Settings → Delete Account (irreversible)

opt_out → Disable phone tracking, notifications, or agent

09

GDPR — Legal Basis & Rights (EU/EEA)

We process personal data under the following Article 6 legal bases:

contract_performance:Core features — focus scoring, coaching, timeline predictions

legitimate_interest:Security monitoring, fraud prevention, service reliability

consent:Marketing communications, optional features (e.g. phone tracking)

As a data subject in the EU/EEA, you have the right to:

access:Request a copy of your personal data

rectification:Correct inaccurate personal data

erasure:Request deletion of your personal data

portability:Receive your data in a structured, machine-readable format

restriction:Restrict processing in certain circumstances

objection:Object to processing based on legitimate interest

# To exercise any right: email privacy@ekachit.app. Response SLA: 30 days.

10

CCPA — California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

right_to_know:Request what personal information we collect, use, and disclose

right_to_delete:Request deletion of your personal information

right_to_opt_out:Opt out of the sale of personal information

non_discrimination:We will not discriminate against you for exercising these rights

disclosure: We do NOT sell personal information. We have never sold personal information.

11

International Data Transfers

Your data is processed and stored in the United States.

eu_eea_users:Standard Contractual Clauses (SCCs) govern cross-border transfers

safeguards:Encryption in transit (TLS 1.3) and at rest (AES-256)

# If you have questions about data transfers, contact privacy@ekachit.app.

12

Cookie Policy

We use essential cookies only — the minimum required to operate the service:

session_cookie:Maintains your authenticated session

auth_token:Verifies your identity across requests

✕No tracking cookies

✕No third-party advertising cookies

✕No analytics cookies

13

Marketing Communications

We may send you product updates and feature announcements with your consent. You can opt out at any time:

method_1 → Account Settings → Notification Preferences

method_2 → Unsubscribe link in any marketing email

# Transactional emails (security alerts, account changes) are not affected by opt-out.

14

Age Requirements

Ekachit is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16. If we discover that a child under 16 has provided us with personal data, we will delete it immediately. Parents or guardians who believe their child has provided data to us may contact privacy@ekachit.app.

15

Changelog & Notifications

Material changes are communicated via email or in-app notification 30 days before taking effect.

16

Contact

Questions? Reach us at privacy@ekachit.app