Privacy Policy

Information We Collect

We collect the following information depending on how you use our service.

  • Authentication info — iOS app: Apple ID (via Sign in with Apple; Apple may provide a private relay email address). Web app: email address and password, or Google account info (via Google OAuth)
  • Display name or nickname
  • Device identifiers (Device ID, advertising identifiers such as IDFA/IDFV, etc.)
  • Push notification tokens
  • Device information such as OS version and app version
  • App usage data including launch times, operation history, and timer/focus session history
  • Crash logs and performance data

How We Use Your Information

We use the information collected from you for the following purposes.

  • To register you for our service and verify your identity
  • To manage your usage history of our service
  • To send push notifications
  • To improve app quality, fix bugs, and enhance features
  • To respond to your inquiries
  • To address violations of our terms or applicable laws
  • To notify you of changes, suspension, or termination of our service
  • To notify you of changes to our terms
  • For other purposes related to providing, maintaining, protecting, and improving our service

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, or as required by law. Specifically:

  • Account information is retained for the duration of your account and deleted within 90 days of account deletion
  • Usage and session data (e.g., timer history, focus records) is retained for up to 2 years
  • Crash and diagnostic logs are retained for up to 12 months
  • You may request deletion of your data at any time by contacting us

Data Storage

Your data is stored in up to three locations depending on your usage:

  • On-device (iOS only): Focus session records and app settings are stored locally using SwiftData. This data never leaves your device unless synced.
  • iCloud (iOS only, if enabled): Local data may be synced to your iCloud account to enable cross-device access. This is governed by Apple's Privacy Policy.
  • Backend (Supabase): Account information and usage statistics (focus records, etc.) are stored on Supabase servers located in the United States, protected by industry-standard encryption at rest and in transit.

Third-Party Services

We use the following third-party services. Each has its own privacy policy governing use of your information.

  • Apple (Sign in with Apple / iCloud)iOS authentication is handled via Sign in with Apple. iCloud may be used to sync on-device data if enabled by the user. Privacy Policy
  • Google (OAuth)Web app authentication supports sign-in via Google account (OAuth 2.0). Privacy Policy
  • SupabaseUsed as our backend database to store account and usage data (e.g., focus session records). Data is stored on servers located in the United States. Privacy Policy
  • Google AnalyticsUsed to collect and analyze traffic data. Privacy Policy
  • Firebase (Crashlytics / Analytics)Used to collect crash reports and app usage data. Privacy Policy

Disclosure to Third Parties

We will not sell, trade, or otherwise transfer your personal information to outside parties without your consent, except in the following cases.

  • When outsourcing the handling of personal data to a service provider (e.g., Supabase)
  • When our company or service is acquired or merged
  • When sharing data with business partners (details will be announced separately)
  • When otherwise required or permitted by law

Children's Privacy

buckets Flow is a general-purpose productivity app and is not specifically directed at or marketed to children under the age of 13. If we become aware that we have inadvertently collected personal information from a child under 13 without appropriate context, we will take steps to delete it promptly. Parents or guardians with concerns are welcome to contact us.

California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You may request that we delete your personal information, subject to certain exceptions
  • Right to Opt-Out: We do not sell your personal information to third parties
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, please contact us at the email address below.

Do Not Track

Some browsers include a "Do Not Track" (DNT) feature. We currently do not respond to DNT signals, as there is no industry-wide standard for their interpretation. We will continue to monitor developments in this area.

Changes to This Privacy Policy

We may revise this Privacy Policy as necessary. In such cases, we will notify you of the effective date and content of the changes through appropriate means.

Contact Us

For questions about this Privacy Policy, or to exercise your data rights (access, correction, deletion), please contact us at:

📧 contact@sho-horiguchi.jp

Enacted: September 16, 2024
Revised: February 22, 2026