FocusFi Privacy Policy
Dipilato Automations Inc.
A Massachusetts Corporation
Last Updated: January 15, 2025
Our Commitment: We protect your privacy, never sell your personal data, and give you complete control over your information. Your trust is our foundation.
1. Introduction
Dipilato Automations Inc. ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our FocusFi mobile application and related services (collectively, the "Service").
This policy applies to all users of FocusFi, regardless of location, and complies with applicable privacy laws including GDPR, CCPA, and COPPA.
2. Information We Collect
Personal Information
- Name and email address (for account creation)
- Age (for parental controls and age-appropriate features)
- Profile photo and preferences
- Authentication data (encrypted passwords, OAuth tokens)
Usage and Behavioral Data
- Habit tracking data and completion records
- Detox session duration and frequency
- App usage patterns and feature interactions
- Progress metrics and achievement data
Financial Information
- Financial goals and targets (stored encrypted)
- Savings progress and budget categories
- Spending reflection responses
- Payment information (processed by Stripe, not stored by us)
Voice and Communication Data
- Voice recordings (only when using voice coach features)
- Mood and emotional state indicators
- AI coaching conversation history
- Community posts and social interactions
Technical Information
- Device type, operating system, and version
- Unique device identifiers and app version
- Network information and IP address
- Crash reports and performance analytics
3. How We Use Your Information
3.1 Service Provision
- Provide personalized habit recommendations and coaching
- Track your progress, streaks, and achievements
- Generate AI-powered insights and motivational content
- Enable voice coaching and mood-based responses
- Facilitate social features like leaderboards and challenges
3.2 Communication and Support
- Send habit reminders and motivational notifications
- Provide customer support and technical assistance
- Deliver important app updates and security notices
- Share weekly progress reports and insights
3.3 Service Improvement
- Analyze usage patterns to improve app performance
- Develop new features based on user needs
- Conduct research to enhance our coaching algorithms
- Fix bugs and optimize user experience
3.4 Safety and Compliance
- Enforce parental controls and age-appropriate content
- Prevent fraud, abuse, and unauthorized access
- Comply with legal obligations and law enforcement requests
- Protect the safety and security of our users
4. Information Sharing and Disclosure
We DO NOT sell your personal information to third parties for marketing or advertising purposes.
4.1 Limited Sharing Circumstances
We may share your information only in these specific situations:
- With Your Consent: When you explicitly authorize us to share specific information
- Service Providers: With trusted partners who help operate our Service under strict confidentiality agreements
- Legal Compliance: When required by law, court order, or to protect our legal rights
- Safety Protection: To prevent harm to you, other users, or the public
- Business Transfer: In connection with a merger, acquisition, or sale of assets (with prior notice)
4.2 Third-Party Services
- Stripe: Payment processing (they have their own privacy policy)
- Supabase: Secure database hosting and authentication
- Analytics Providers: Anonymized usage statistics only
5. Data Security and Protection
5.1 Security Measures
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Strict employee access controls on a need-to-know basis
- Regular Audits: Periodic security assessments and vulnerability testing
- Secure Infrastructure: Data stored on SOC 2 compliant servers
5.2 Financial Data Protection
- Financial goals and progress data are encrypted with additional security layers
- Payment information is processed by Stripe and never stored on our servers
- Bank account connections (if implemented) use read-only, encrypted APIs
5.3 Voice Data Protection
- Voice recordings are processed locally when possible
- Cloud processing uses encrypted channels and temporary storage
- You can delete voice data at any time through app settings
6. Your Privacy Rights
Access
Request a copy of all personal data we have about you
Correction
Update or correct any inaccurate personal information
Deletion
Request deletion of your personal data (subject to legal requirements)
Portability
Export your data in a machine-readable format
Restriction
Limit how we process your personal information
Objection
Object to certain types of data processing
6.1 Exercising Your Rights
To exercise any of these rights, contact us at privacy@dipilatoautomations.com or use the data management tools in the app settings. We will respond within 30 days for most requests.
7. Children's Privacy and Parental Controls
7.1 Enhanced Protections for Minors
- Users under 13 cannot create accounts without verifiable parental consent
- Users 13-17 have additional privacy protections and restricted features
- Parents can monitor usage, set time limits, and control social features
- We collect minimal data from users under 18 and never use it for advertising
7.2 COPPA Compliance
We comply with the Children's Online Privacy Protection Act (COPPA) and similar international laws protecting children's privacy online.
8. International Data Transfers
Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for certain countries
- Other legally recognized transfer mechanisms
9. Data Retention
9.1 Retention Periods
- Account Data: Retained while your account is active plus 30 days after deletion
- Usage Analytics: Anonymized data retained for up to 2 years for service improvement
- Voice Recordings: Deleted after 90 days unless you choose to save them
- Financial Data: Retained for 7 years for tax and legal compliance
9.2 Deletion Process
When you delete your account, we begin immediate deletion of your personal data, completing the process within 30 days except where retention is required by law.
10. Cookies and Tracking Technologies
We use minimal tracking technologies:
- Essential Cookies: Required for app functionality and security
- Analytics: Anonymized usage statistics to improve the Service
- Preferences: Remember your settings and customizations
You can control cookie preferences through your device settings.
11. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. Material changes will be communicated through:
- In-app notifications with 30 days advance notice
- Email notifications to registered users
- Prominent notice on our website
Continued use of the Service after changes become effective constitutes acceptance of the updated policy.
12. State-Specific Privacy Rights
12.1 California Residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected and how it's used, and the right to opt-out of the sale of personal information (which we don't engage in).
12.2 European Residents (GDPR)
European residents have rights under the General Data Protection Regulation, including the right to data portability, the right to be forgotten, and the right to lodge complaints with supervisory authorities.
This Privacy Policy demonstrates our commitment to protecting your personal information and maintaining your trust.