FocusAI Coach ("we", "our", the "Service") is an AI productivity coach mobile and web application. This Privacy Policy explains what data we collect, why, how we use it, and your rights as a data subject. By using FocusAI Coach you agree to the practices described here.

1. Data controller

FocusAI Coach operates under the Turkish legal entity disclosed on our contact page. For any data-protection request — access, rectification, erasure, portability, restriction, objection — email info@focusai.com.tr.

2. Data we collect

Account data: name, email, phone (optional), date of birth, hashed password, grade level (optional).
Usage data: Pomodoro sessions, focus score, streaks, flashcard reviews, mood check-ins, in-app messages with coaches (if any).
Payment data: we do not store card numbers. Payment is handled by Apple App Store, Google Play Store, or iyzico (Turkish market). We retain invoice metadata as required by local tax law.
Device data: push tokens, device ID, OS version, app version.
Content you upload: notes, question photos (for AI review), avatar.

3. Minimum age

FocusAI Coach is not intended for users under 13. We do not knowingly collect data from children under 13. If we discover such an account, we delete it. In Turkey we enforce this via KVKK Article 8. In the US, this aligns with COPPA. In the EU, users under 16 (14–16 depending on member state) require parental consent; in such cases we recommend registration is completed by a parent.

4. Why we process your data (legal bases)

Contract performance: creating your account, delivering AI coaching, processing purchases.
Legitimate interest: product improvement, anti-abuse, security.
Consent: analytics cookies (only when you accept the banner), marketing emails (opt-in).
Legal obligation: tax records (invoices retained per applicable law, up to 10 years in Turkey).

5. Third-party processors

We share data only with processors required to operate the Service:

OpenAI (USA) — for AI chat, plan generation, question solving. Your prompts and limited context are sent to OpenAI under their API terms. Data is not used to train their models.
Anthropic (Claude) (USA) — select AI coaching features use Anthropic's Claude under their commercial API terms with equivalent no-training guarantee.
Firebase / Google Cloud (USA/EU) — push notifications, media storage, analytics.
Google Analytics — anonymized usage metrics, only when you accept the cookie banner.
Apple / Google Play — app distribution and in-app purchase processing.
iyzico (Turkey) — payment processing for Turkish customers.
Email provider — transactional emails (account verification, coach messages).

Data transferred outside the EU / UK to the USA is protected under Standard Contractual Clauses and / or the Data Privacy Framework where applicable.

6. Data retention

Active account: data retained for the lifetime of the account.
After account deletion: full removal within 30 days, except:
Invoice / tax records: retained per statutory requirement (up to 10 years).
Security logs: retained 6 months.

7. Your rights

You have the right to:

Access and receive a copy of your data
Correct inaccurate data
Delete your data (right to erasure)
Restrict or object to processing
Data portability (machine-readable export)
Withdraw consent at any time for consent-based processing (e.g., analytics)
Lodge a complaint with your supervisory authority

EU / UK residents: your supervisory authority is the data-protection regulator in your country of residence. California residents: additional rights under CCPA / CPRA apply. Turkish residents: KVKK rights under Article 11.

8. Cookies

We use a small number of cookies. Details and opt-out controls are on the cookies page.

9. Security

Passwords are hashed with bcrypt. All data is transmitted over TLS. Production infrastructure uses encrypted storage and access controls. No system is perfectly secure; we notify users within 72 hours of any breach that affects their personal data (GDPR Article 33).

10. Changes to this policy

We will update this policy as the Service evolves. Material changes are announced by email and in-app. The "last updated" date at the top reflects the most recent revision.

11. Contact

Questions: info@focusai.com.tr. Data protection officer inquiries: same address, subject line "DPO".