Privacy Policy

Introduction

Concurrent Space built the Blobodoro app as a freemium focus timer and tracker. The core timer and focus logging functionality are provided at no cost, with optional premium subscription tiers (Monthly, Yearly, Lifetime) that unlock enhanced features such as cloud sync, export tools, cosmetic customisations, ad removal and advanced presets.

This page informs users regarding our policies with the collection, use, and disclosure of information if anyone decides to use our Service or join our waitlist.

By using Blobodoro or joining our waitlist, you agree to the collection and use of information in relation to this policy. The information we collect is used only for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

Website Waitlist Information Collection

When you join our waitlist through this website, we collect your email address. This is the only personal information we collect through the waitlist form.

How we use your email:

• Notify you when Blobodoro launches
• Send you exclusive early access invitations
• Provide updates about the app development
• Share important announcements related to Blobodoro

Your email address is securely stored in Airtable, a trusted third-party database service. We implement appropriate security measures to protect your information from unauthorised access, alteration, or disclosure.

Marketing Communications & Unsubscribe: If you join the waitlist, we may send occasional product updates and announcements. You can unsubscribe at any time by clicking the "Unsubscribe" link in any email or by emailingblobodoro@concurrent.space.

Data Collection Overview

Blobodoro is designed with privacy in mind. The app collects minimal data necessary for functionality. All data is stored locally on your device by default and is NOT transmitted to our servers unless you explicitly enable cloud backup (Premium feature).

We do NOT collect: Full Names, phone number, physical address, health data, financial data, precise location, contacts, photos, camera/microphone access, or biometric data.

Locally Stored Data (On Your Device)

The following data is stored exclusively on your device and is automatically deleted when you uninstall the app:

• Focus Session Data: Session history (date, subject, duration), custom timer presets, and aggregate statistics
• Virtual Currency & Progression: Currency balances, streak data, earning history, and usage counters
• Collectible Items: Owned items and variants, display preferences, custom names, and acquisition records
• Premium Status: Subscription tier, metadata, and purchase validation identifiers
• App Settings: Audio, notification, and privacy consent preferences
• Temporary Data: Short-lived backup snapshots used for data recovery features

Log Data

In case of an error in the app, we collect anonymous data through Sentry (a third-party crash reporting service) called Log Data. This may include:

• Device type and operating system version
• App version and configuration when the error occurred
• Stack traces and error details
• Time and date of the error

This information is anonymous, contains no personally identifiable information, and is used only for troubleshooting and improving the Service. Crash data is retained for 90 days before automatic deletion.

Cookies

This Service does not use cookies directly. However, third-party services such as AdMob may use cookies or similar tracking technologies to collect information and improve their services.

You have the option to accept or refuse these cookies. If you choose to refuse, some features of the Service (such as ad rewards) may not function properly.

Third-Party Services & Data Sharing

Blobodoro integrates with the following third-party services. Each service processes data according to their own privacy policies:

Third-Party Independence: While we configure and select reputable providers, we do not control their internal infrastructure, uptime, pricing, or independent security events. Incidents originating solely within a provider are addressed by that provider. We will communicate material impacts to users when relevant.

User Suggestions (Lifetime Premium Only): If you submit a content suggestion in-app, we store only the suggestion text, category, and your account ID. No additional personal information is required. Suggestions are removed automatically if your account is deleted.

1. Supabase (Cloud Backup - Premium Only)

Provider: Supabase Inc.
Privacy Policy: supabase.com/privacy

Purpose: User authentication and cloud backup storage (premium feature only)

Data Collected:

• Email address (provided by you during sign-up)
• Password (securely hashed, never stored in plaintext)
• Unique user identifier and authentication tokens
• IP address (for rate limiting and security)
• Full backup snapshot of your app data if you enable cloud sync

User Control: You can sign out, stop cloud sync, or delete your cloud account at any time directly within the app. See Supabase's Privacy Policy for details on their data handling.

Cloud Data Retention:

• All Users: You may delete your cloud data at any time from within the app.

Legal Basis (GDPR): Contractual necessity (cloud backup service)

2. RevenueCat (In-App Purchases)

Provider: RevenueCat Inc.
Privacy Policy: revenuecat.com/privacy

Purpose: Manage subscriptions, validate purchases, restore purchases across devices

Data Collected:

• Anonymous user ID (generated by RevenueCat SDK)
• Purchase receipts (from Apple App Store)
• Product IDs purchased
• Subscription status (active/expired/canceled)
• Device information (iOS version, device model)
• Country/region (from App Store)

Account Linking: When you sign in for cloud sync, we link your cloud account to our subscription management provider to enable subscription verification across devices. This linking is necessary to verify your subscription status.

User Control: You can restore purchases or cancel subscriptions via iOS Settings. See RevenueCat's Privacy Policy for details on their data handling.

Legal Basis (GDPR): Contractual necessity (IAP processing)

3. Google AdMob (Advertising)

Provider: Google LLC
Privacy Policy: policies.google.com/privacy
AdMob Privacy: AdMob Privacy Policy

Purpose: Display optional rewarded video ads for free-tier users

Data Collected (with "Allow Tracking" consent):

• Device Advertising Identifier (IDFA on iOS)
• IP address (for geolocation and fraud prevention)
• Device information (model, OS version)
• Ad interaction data (impressions, clicks, completions)
• App usage data (session duration, frequency)

Data Collected (if tracking denied or "Basic Ads" selected):

• Limited contextual data (no IDFA)
• IP address (coarse geolocation only)
• Device information (non-identifying)

User Control: You can reset your advertising identifier through your device's privacy settings

Legal Basis (GDPR): Consent (explicit via Apple ATT prompt)

5. Sentry (Crash Reporting & Error Monitoring)

Provider: Functional Software Inc. (Sentry)
Privacy Policy: sentry.io/privacy

Purpose: Crash reporting and error monitoring to identify and fix bugs, improve app stability, and ensure a reliable user experience

Data Collected:

• Anonymous crash reports and error logs
• Stack traces (technical error details)
• Device type and model
• Operating system version
• App version

No personally identifiable information is collected via Sentry. IP addresses are anonymised on receipt.

Data Processing & Retention: Crash data is processed in the United States and automatically deleted after 90 days.

User Control: Crash reporting runs automatically to help maintain app quality. Since no personal data is collected, there is no opt-out required.

Legal Basis (GDPR): Legitimate interest in maintaining app stability and diagnosing errors. No personal data is processed.

6. Apple Push Notification Service (Notifications)

Purpose: Send timer completion alerts and daily reminder notifications

Data Collected:

• Push notification token (device-specific, generated by Apple)
• Notification permission status

Important: All notifications are local-only (scheduled on your device, not sent from our servers)

User Control: You can enable or disable notifications within the app or through your device settings

Legal Basis (GDPR): Consent (optional feature)

Data Security Measures

Local Storage Security:

• Stored in the app's sandboxed container with platform-level encryption at rest
• Not accessible by other apps
• Automatically deleted when the app is uninstalled

Cloud Storage Security:

• Data encrypted in transit and at rest using industry-standard encryption
• Access controls ensure users can only access their own data

Password Security:

• Never stored in plaintext in the app or logs
• Securely hashed using industry-standard algorithms
• Password reset via email verification only

While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we strive to protect your data using best practices.

Data Breach Notification

We take data security seriously. In the unlikely event of a data breach affecting personal data stored by our processors (e.g. Supabase, RevenueCat) or our systems, we will take the following actions:

• Initial Assessment: Immediately investigate scope, impact, and affected data
• Containment: Revoke compromised credentials, rotate keys, and apply fixes
• Notification (GDPR): Notify applicable supervisory authority within 72 hours when required
• User Communication: Notify affected users via email without undue delay when the breach is likely to result in a high risk to rights and freedoms
• Details Provided: Nature of breach, categories and approximate number of data subjects affected, likely consequences, and measures taken
• Point of Contact: blobodoro@concurrent.space for breach-related inquiries

Note: Most user data is stored locally on the device. Cloud backups (Premium) are hosted via Supabase; purchase data is processed via Apple and RevenueCat.

Links to Other Sites

This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us, and we have no control over their content or privacy practices. We strongly advise you to review the Privacy Policy of any website you visit.

Data Retention Policy

Waitlist Data:

• Request removal anytime via blobodoro@concurrent.space

Local App Data:

• Retained on your device until you manually delete it or uninstall the app
• All app data is automatically deleted when you uninstall Blobodoro
• You can delete all local data at any time from within the app
• Important: Deleting local data does NOT affect your cloud backup. You can restore your progress from cloud after local deletion.

Cloud Backups (Premium Only):

Free users do not have access to cloud backup features. Cloud backup requires an active Blobodoro Premium subscription (Monthly, Yearly, or Lifetime).

• You can delete your cloud account from within the app at any time
• Deletion is immediate and cannot be undone

Purchase Receipts:

• Retained by Apple and RevenueCat per their policies (typically indefinitely for refund/fraud prevention)
• Cannot be deleted by us (managed by Apple)

Ad Data:

• Retained by Google AdMob per their privacy policy (up to 26 months for ad personalisation)
• You can reset your ad identifier in iOS Settings

Crash Report Data (Sentry):

• Anonymous crash reports retained for 90 days, then automatically deleted
• No personal data is included in crash reports

International Data Transfers

We may transfer and process your information on servers located outside of your country of residence. These transfers are necessary to provide the Service. The following third-party providers may process data internationally:

• Airtable (Waitlist): Stores website waitlist emails. Global infrastructure; transfers subject to Airtable's safeguards.
• Supabase (Cloud Backups): Hosted in the United States. EU transfers rely on Standard Contractual Clauses (SCCs).
• RevenueCat (IAP): Processes purchase receipts and subscription status; uses SCCs for EU data transfers.
• Google AdMob (Ads): Global ad delivery; participates in the EU-U.S. Data Privacy Framework where applicable.
• Sentry (Crash Reporting): Processes anonymous crash reports in the United States. No personal data is transferred.
• Apple (Platform): Processes payments and notification tokens under Apple's global policies.

Where required by law, we use appropriate safeguards such as SCCs to protect your data during international transfers. You may contact us for copies of the relevant transfer mechanisms.

Website Cookies and Analytics

This website may use cookies for basic functionality and may employ analytics services to understand website usage patterns. These services may collect information such as:

• Pages visited and time spent on site
• Device type and browser information
• General geographic location (country/region level)
• Referring websites

You can disable cookies in your browser settings, though some website features may not function properly.

Law Enforcement Requests

We disclose information only when required by applicable law, court order, or law enforcement request. We evaluate each request for legal validity and scope before responding.

Do Not Track & Automated Decisions

We do not sell personal data or use it for cross-context behavioral advertising. Browser "Do Not Track" signals are not acted upon beyond the controls provided in the app.

Blobodoro does not perform individualised profiling or automated decision-making that has legal or similarly significant effects.

Beta Testing Program

If you participate in our beta testing program, you may be asked to provide additional feedback and may receive special in-app rewards. Beta participants agree to:

• Test pre-release features that may contain bugs
• Provide feedback on app functionality
• Keep beta features confidential until public release

Beta rewards (such as exclusive fish) are granted at our discretion and may be modified or removed without notice.

GDPR Compliance (EU Users)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:

• Contractual Necessity: Focus session tracking, IAP processing, cloud backup
• Consent: Notifications, ad personalisation
• Legitimate Interest: Fraud prevention, security, crash reporting and error monitoring (Sentry)

Data Controllers & Processors:

• Data Controller: Blobodoro by Concurrent Space (blobodoro@concurrent.space)
• Data Processors: Supabase (cloud storage), RevenueCat (IAP), Google (ads), Sentry (crash reporting)

Your GDPR Rights:

• Right of Access: Request a copy of your personal data
• Right of Rectification: Correct inaccurate personal data
• Right of Erasure: Request deletion of your personal data
• Right of Portability: Receive your data in a structured format (CSV export)
• Right to Object: Object to processing of your personal data
• Right to Restrict Processing: Limit how we use your data

Data Transfers:

• Supabase: US-based, uses Standard Contractual Clauses (SCCs)
• RevenueCat: US-based, uses SCCs for EU data
• Google AdMob: Global, EU-US Data Privacy Framework certified

To exercise these rights, contact us at blobodoro@concurrent.space with "GDPR Request" in the subject line. We aim to respond promptly in accordance with applicable law.

California Privacy Rights (CCPA)

California residents have specific rights under the California Consumer Privacy Act:

Categories of Personal Information Collected:

• Identifiers: Email address (for cloud sync)
• Commercial Information: In-app purchase history, premium subscription status
• Internet Activity: App usage data (focus sessions, fish collection)
• Device Identifiers: IDFA (for advertising, with ATT consent only)

Business Purposes for Collection:

• Providing core app functionality (focus timer, fish collection)
• Cloud backup and sync services
• Processing in-app purchases
• Delivering personalised ads (with consent)
• Security and fraud prevention

Third Parties We Share With:

• Supabase (cloud storage provider)
• RevenueCat (IAP processing)
• Google AdMob (advertising, with consent)
• Sentry (anonymous crash reporting)

Your CCPA Rights:

• Right to Know: Request details about personal data collected
• Right to Delete: Request deletion of personal data
• Right to Opt-Out: Opt-out of the sale of personal data
• Right to Non-Discrimination: Equal service regardless of privacy choices

Important: We do NOT sell your personal data. We do NOT share personal data for cross-context behavioral advertising. AdMob ads are shown with your explicit ATT consent only.

To exercise your rights, email blobodoro@concurrent.space with "CCPA Request" in the subject line. We respond as required by applicable law. Verification required via email confirmation.

Children's Privacy (COPPA Compliance)

Blobodoro is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

Age Restrictions:

• The app is rated 13+ in most regions, with some regions having different age ratings as required by local regulations
• Cloud sync requires email registration (13+ per platform policies)
• In-app purchases require a platform account with a payment method (parental controls available)
• Ads shown comply with applicable age-appropriate advertising policies

If Your Child Uses the App:

• Without Cloud Sync: All data stored locally on device, no personal information collected
• With Cloud Sync: Email required (13+ only), parental supervision recommended
• In-App Purchases: We recommend enabling parental controls to approve purchases

Parents/Guardians: If you discover your child under 13 has provided personal information (email for cloud sync), contact us immediately at blobodoro@concurrent.spacewith the subject line "Child Data Deletion Request". We will verify parental/guardian relationship by sending a 6-digit verification code to the child's registered email address that you must provide to confirm ownership before deletion. Account will be deleted after verification is completed.

Your Rights & Data Control

Right to Access

You can view all locally stored data within the app. Premium users may also export their focus session data in CSV format.

Right to Deletion

Local Data:

• You can delete all local data from within the app at any time
• This cannot be undone unless you have a cloud backup
• Your cloud backup (if any) is NOT affected by local deletion

Cloud Data:

• You can delete your cloud account directly from within the app
• Your backup data is immediately and permanently removed from our servers
• Third-party services may retain anonymised data per their own retention policies
• This action cannot be undone

Waitlist Data:

• Email blobodoro@concurrent.space to remove your email from our waitlist

Right to Data Portability

Premium users can export their focus session data in CSV format from within the app.

Right to Opt-Out

You can opt out of:

• Ad Personalisation: Reject personalised ads during onboarding or via device settings
• Notifications: Disable within the app or via your device settings
• Cloud Sync: Sign out from within the app at any time
• Premium Features: Cancel your subscription through your device's subscription settings

Right to Restrict Processing

You can limit data processing by:

• Denying notification permissions
• Declining ad personalisation (disables advertising identifier tracking)
• Not enabling cloud sync (keeps all data local)
• Using the app without purchases (avoids purchase-related data collection)

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. You are advised to review this page periodically for any changes. We will notify you of any updates by posting the new Privacy Policy on this page and notifying waitlist members via email of significant changes.

Changes are effective immediately upon posting.

Contact Us

If you have any questions, concerns, or suggestions about our Privacy Policy, please contact us at: blobodoro@concurrent.space

This Privacy Policy was adapted from templates provided by PrivacyPolicyTemplate.net and modified for Blobodoro.