Privacy Policy

Introduction

Concurrent Space built the Blobodoro app as a freemium focus timer and tracker. The core timer and focus logging functionality are provided at no cost, with optional premium subscription tiers (Monthly, Yearly, Lifetime) that unlock enhanced features such as cloud sync, export tools, cosmetic customizations, ad removal and advanced presets.

This page informs users regarding our policies with the collection, use, and disclosure of information if anyone decides to use our Service or join our waitlist.

By using Blobodoro or joining our waitlist, you agree to the collection and use of information in relation to this policy. The information we collect is used only for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

Website Waitlist Information Collection

When you join our waitlist through this website, we collect your email address. This is the only personal information we collect through the waitlist form.

How we use your email:

• Notify you when Blobodoro launches
• Send you exclusive early access invitations
• Provide updates about the app development
• Share important announcements related to Blobodoro

Your email address is securely stored in Airtable, a trusted third-party database service. We implement appropriate security measures to protect your information from unauthorized access, alteration, or disclosure.

Marketing Communications & Unsubscribe: If you join the waitlist, we may send occasional product updates and announcements. You can unsubscribe at any time by clicking the "Unsubscribe" link in any email or by emailingblobodoro@concurrent.space.

Data Collection Overview

Blobodoro is designed with privacy in mind. The app collects minimal data necessary for functionality. All data is stored locally on your device by default and isNOT transmitted to our servers unless you explicitly enable cloud backup (Premium feature).

We do NOT collect: Name, phone number, physical address, health data, financial data, precise location, contacts, photos, camera/microphone access, or biometric data.

Locally Stored Data (On Your Device)

The following data is stored exclusively on your device using iOS secure storage and is automatically deleted when you uninstall the app:

Focus Session Data

• Session history (date, subject/name, duration, emoji, timestamp)
• Custom timer presets (name, emoji, timer settings)
• Total focus minutes and session counts

Currency & Progression

• Coin and pearl balances (virtual currency with no real-world value)
• Daily check-in streak and last check-in date
• Currency earning history (focus session, ads, purchases, Variant Rolling rolls)
• Ad boost usage counter (daily limit tracking)
• Variant Rolling pity counters (rare/epic/legendary drop guarantees)

Fish Collection

• Owned fish species and variants (blobfish, clownfish, cowfish, neon tetra)
• Fish currently displayed in your virtual tank
• Custom fish names and skin selections
• Variant acquisition method (rolled/purchased/default) and timestamp
• Recent Variant Rolling history (last 10 rolls)

Premium Status

• Active subscription tier (free/monthly/yearly/lifetime)
• Subscription metadata (expiry date, tier name)
• Purchase validation identifiers (managed by RevenueCat)

App Settings

• Audio mute preference
• Notification preferences (timer alerts, daily reminders)
• Ad personalization choice (personalized vs. basic ads)
• App Tracking Transparency (ATT) consent status and timestamp
• System notification permission status

Temporary Data

• Emergency backup snapshot (7-day expiry, for "Undo Last Load" feature)
• Emergency backup timestamp

Log Data

In case of an error in the app, we collect data and information (through third-party products) on your phone called Log Data. This may include:

• Device Internet Protocol (IP) address
• Device name and operating system version
• App configuration when using the Service
• Time and date of use

This information is used only for troubleshooting and improving the Service.

Cookies

This Service does not use cookies directly. However, third-party services such as AdMob may use cookies or similar tracking technologies to collect information and improve their services.

You have the option to accept or refuse these cookies. If you choose to refuse, some features of the Service (such as ad rewards) may not function properly.

Third-Party Services & Data Sharing

Blobodoro integrates with the following third-party services. Each service processes data according to their own privacy policies:

Third-Party Independence: While we configure and select reputable providers, we do not control their internal infrastructure, uptime, pricing, or independent security events. Incidents originating solely within a provider (e.g., a global outage at Supabase or RevenueCat) are addressed by that provider. We will communicate material impacts to users when relevant.

Fish Suggestions (Lifetime Premium Only): If you submit a fish or variant suggestion in-app, we store only the suggestion text, desired rarity, and your account ID in a separate suggestions table. No personal info is required. Suggestions are removed automatically if your account is deleted.

1. Supabase (Cloud Backup - Premium Only)

Provider: Supabase Inc.
Privacy Policy: supabase.com/privacy

Purpose: User authentication and cloud backup storage (premium feature only)

Data Collected:

• Email address (provided by you during sign-up)
• Encrypted password (hashed by Supabase, never stored in plaintext)
• User ID (UUID generated by Supabase)
• Session tokens (JWT for authentication)
• IP address (for rate limiting and security)
• Full backup snapshot (sessions, presets, fish, currency) if you enable cloud sync

User Control: You can sign out, stop cloud sync, or request account deletion at any time via blobodoro@concurrent.space. See Supabase's Privacy Policy for details on their data handling.

Data Retention: Backups persist while premium is active. Inactive accounts (no activity for 90 days after premium cancellation) are automatically deleted.

Legal Basis (GDPR): Contractual necessity (cloud backup service)

2. RevenueCat (In-App Purchases)

Provider: RevenueCat Inc.
Privacy Policy: revenuecat.com/privacy

Purpose: Manage subscriptions, validate purchases, restore purchases across devices

Data Collected:

• Anonymous user ID (generated by RevenueCat SDK)
• Purchase receipts (from Apple App Store)
• Product IDs purchased
• Subscription status (active/expired/canceled)
• Device information (iOS version, device model)
• Country/region (from App Store)

User Control: You can restore purchases or cancel subscriptions via iOS Settings. See RevenueCat's Privacy Policy for details on their data handling.

Legal Basis (GDPR): Contractual necessity (IAP processing)

3. Google AdMob (Advertising)

Provider: Google LLC
Privacy Policy: policies.google.com/privacy
AdMob Privacy: AdMob Privacy Policy

Purpose: Display optional rewarded video ads for coin multipliers and unlocking Variant Rolling for free users

Ad Placements: Timer page (ad roll after session), Shop page (double coins reward)

Data Collected (with "Allow Tracking" consent):

• Device Advertising Identifier (IDFA on iOS)
• IP address (for geolocation and fraud prevention)
• Device information (model, OS version)
• Ad interaction data (impressions, clicks, completions)
• App usage data (session duration, frequency)

Data Collected (if tracking denied or "Basic Ads" selected):

• Limited contextual data (no IDFA)
• IP address (coarse geolocation only)
• Device information (non-identifying)

User Control: You can toggle "Ad Personalization" in Account settings or reset your ad identifier in iOS Settings → Privacy & Security → Tracking

Legal Basis (GDPR): Consent (explicit via Apple ATT prompt)

4. Apple Push Notification Service (Notifications)

Purpose: Send timer completion alerts and daily reminder notifications

Data Collected:

• Push notification token (device-specific, generated by Apple)
• Notification permission status

Important: All notifications are local-only (scheduled on your device, not sent from our servers)

User Control: Toggle in app settings or iOS Settings → Blobodoro → Notifications

Legal Basis (GDPR): Consent (optional feature)

Data Security Measures

Local Storage Security:

• Stored in app's sandboxed container (iOS encryption at rest)
• Not accessible by other apps
• Automatically deleted when app is uninstalled
• No additional encryption beyond iOS system-level security

Cloud Storage Security (Supabase):

• Data encrypted in transit (HTTPS/TLS 1.3)
• Data encrypted at rest (AES-256, managed by Supabase/AWS)
• Row-level security (RLS) policies enforce user isolation
• Only authenticated users can access their own backups

Password Security:

• Never stored in app or logs
• Hashed by Supabase (bcrypt)
• Password reset via email verification only

While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we strive to protect your data using best practices.

Data Breach Notification

We take data security seriously. In the unlikely event of a data breach affecting personal data stored by our processors (e.g., Supabase, RevenueCat) or our systems, we will take the following actions:

• Initial Assessment: Immediately investigate scope, impact, and affected data
• Containment: Revoke compromised credentials, rotate keys, and apply fixes
• Notification (GDPR): Notify applicable supervisory authority within 72 hours when required
• User Communication: Notify affected users via email without undue delay when the breach is likely to result in a high risk to rights and freedoms
• Details Provided: Nature of breach, categories and approximate number of data subjects affected, likely consequences, and measures taken
• Point of Contact: blobodoro@concurrent.space for breach-related inquiries

Note: Most user data is stored locally on the device. Cloud backups (Premium) are hosted via Supabase; purchase data is processed via Apple and RevenueCat.

Links to Other Sites

This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us, and we have no control over their content or privacy practices. We strongly advise you to review the Privacy Policy of any website you visit.

Data Retention Policy

Waitlist Data:

• Retained until you request removal or 2 years after app launch, whichever comes first
• Request removal anytime via blobodoro@concurrent.space

Local App Data:

• Retained indefinitely on your device until you manually delete it or uninstall the app
• iOS automatically deletes all app data when you uninstall Blobodoro
• You can manually delete all data via Account → Delete All Data button

Cloud Backups (Premium):

• Retained while premium subscription is active
• Automatic deletion: Inactive accounts (no activity for 90 days after premium cancellation) will be automatically deleted
• You can request manual deletion anytime via blobodoro@concurrent.space
• Deletion confirmation sent via email after processing

Purchase Receipts:

• Retained by Apple and RevenueCat per their policies (typically indefinitely for refund/fraud prevention)
• Cannot be deleted by us (managed by Apple)

Ad Data:

• Retained by Google AdMob per their privacy policy (up to 26 months for ad personalization)
• You can reset your ad identifier in iOS Settings

International Data Transfers

We may transfer and process your information on servers located outside of your country of residence. These transfers are necessary to provide the Service. The following third-party providers may process data internationally:

• Airtable (Waitlist): Stores website waitlist emails. Global infrastructure; transfers subject to Airtable's safeguards.
• Supabase (Cloud Backups): Hosted in AWS US-EAST-1 (United States). EU transfers rely on Standard Contractual Clauses (SCCs).
• RevenueCat (IAP): Processes purchase receipts and subscription status; uses SCCs for EU data transfers.
• Google AdMob (Ads): Global ad delivery; participates in the EU-U.S. Data Privacy Framework where applicable.
• Apple (Platform): Processes payments and notification tokens under Apple's global policies.

Where required by law, we use appropriate safeguards such as SCCs to protect your data during international transfers. You may contact us for copies of the relevant transfer mechanisms.

Website Cookies and Analytics

This website may use cookies for basic functionality and may employ analytics services to understand website usage patterns. These services may collect information such as:

• Pages visited and time spent on site
• Device type and browser information
• General geographic location (country/region level)
• Referring websites

You can disable cookies in your browser settings, though some website features may not function properly.

Law Enforcement Requests

We disclose information only when required by applicable law, court order, or law enforcement request. We evaluate each request for legal validity and scope before responding.

Do Not Track & Automated Decisions

We do not sell personal data or use it for cross-context behavioral advertising. Browser "Do Not Track" signals are not acted upon beyond the controls provided in the app.

Blobodoro uses probabilistic mechanics for fish rolls (published odds and pity counters). We do not perform individualized profiling or automated decision-making that has legal or similarly significant effects.

Beta Testing Program

If you participate in our beta testing program, you may be asked to provide additional feedback and may receive special in-app rewards. Beta participants agree to:

• Test pre-release features that may contain bugs
• Provide feedback on app functionality
• Keep beta features confidential until public release

Beta rewards (such as exclusive fish) are granted at our discretion and may be modified or removed without notice.

GDPR Compliance (EU Users)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:

• Contractual Necessity: Focus session tracking, IAP processing, cloud backup
• Consent: Notifications, ad personalization
• Legitimate Interest: Fraud prevention, security

Data Controllers & Processors:

• Data Controller: Blobodoro by Concurrent Space (blobodoro@concurrent.space)
• Data Processors: Supabase (cloud storage), RevenueCat (IAP), Google (ads)

Your GDPR Rights:

• Right of Access: Request a copy of your personal data
• Right of Rectification: Correct inaccurate personal data
• Right of Erasure: Request deletion of your personal data
• Right of Portability: Receive your data in a structured format (CSV export)
• Right to Object: Object to processing of your personal data
• Right to Restrict Processing: Limit how we use your data

Data Transfers:

• Supabase: US-based (AWS US-EAST-1), uses Standard Contractual Clauses (SCCs)
• RevenueCat: US-based, uses SCCs for EU data
• Google AdMob: Global, EU-US Data Privacy Framework certified

To exercise these rights, contact us at blobodoro@concurrent.space with "GDPR Request" in the subject line. We aim to respond promptly in accordance with applicable law.

California Privacy Rights (CCPA)

California residents have specific rights under the California Consumer Privacy Act:

Categories of Personal Information Collected:

• Identifiers: Email address (for cloud sync)
• Commercial Information: In-app purchase history, premium subscription status
• Internet Activity: App usage data (focus sessions, fish collection)
• Device Identifiers: IDFA (for advertising, with ATT consent only)

Business Purposes for Collection:

• Providing core app functionality (focus timer, fish collection)
• Cloud backup and sync services
• Processing in-app purchases
• Delivering personalized ads (with consent)
• Security and fraud prevention

Third Parties We Share With:

• Supabase (cloud storage provider)
• RevenueCat (IAP processing)
• Google AdMob (advertising, with consent)

Your CCPA Rights:

• Right to Know: Request details about personal data collected
• Right to Delete: Request deletion of personal data
• Right to Opt-Out: Opt-out of the sale of personal data
• Right to Non-Discrimination: Equal service regardless of privacy choices

Important: We do NOT sell your personal data. We do NOT share personal data for cross-context behavioral advertising. AdMob ads are shown with your explicit ATT consent only.

To exercise your rights, email blobodoro@concurrent.space with "CCPA Request" in the subject line. We respond as required by applicable law. Verification required via email confirmation.

Children's Privacy (COPPA Compliance)

Blobodoro is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

Age Restrictions:

• App is rated 4+ on iOS App Store (suitable for all ages)
• Cloud sync requires email registration (13+ per Apple's policies)
• In-app purchases require Apple ID with payment method (parental control available)
• Ads shown are age-appropriate (Google AdMob Families Policy compliant)

If Your Child Uses the App:

• Without Cloud Sync: All data stored locally on device, no personal information collected
• With Cloud Sync: Email required (13+ only), parental supervision recommended
• In-App Purchases: Enable "Ask to Buy" in Family Sharing to approve purchases

Parents/Guardians: If you discover your child under 13 has provided personal information (email for cloud sync), contact us immediately at blobodoro@concurrent.spacewith the subject line "Child Data Deletion Request". We will verify parental/guardian relationship by sending a 6-digit verification code to the child's registered email address that you must provide to confirm ownership before deletion. Account will be deleted after verification is completed.

Your Rights & Data Control

Right to Access

You can view all locally stored data via:

• Account → Statistics (focus session history)
• Account → Currency balances (coins and pearls)
• Shop → Fish collection
• Account → Export Data (Premium only, CSV format)

Right to Deletion

Local Data:

• Account → Delete All Data (immediately erases all local data)
• Cannot be undone (unless emergency backup exists within 7 days)

Cloud Data:

• Email blobodoro@concurrent.space with deletion request
• We verify ownership via 6-digit code sent to your account email
• Manual deletion processed with confirmation email

Waitlist Data:

• Email blobodoro@concurrent.space to remove your email from our waitlist

Right to Data Portability

Premium users can export focus session data:

• Account → Export Data
• CSV format with columns: Date, Subject, Duration (minutes), Emoji, Coins Earned
• Share via iOS share sheet (save to Files, email, etc.)

Right to Opt-Out

You can opt out of:

• Ad Personalization: Account → Notifications & Consent → toggle off
• Notifications: Account → toggle off Timer Notifications / Daily Reminders
• Cloud Sync: Sign out via Account → Cloud Sync → Sign Out
• Premium Features: Cancel subscription via iOS Settings → Subscriptions

Right to Restrict Processing

You can limit data usage by:

• Denying notification permission (disables timer alerts)
• Choosing "Basic Ads" (disables IDFA tracking)
• Not enabling cloud sync (keeps all data local)
• Using app without purchases (avoids RevenueCat data collection)

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. You are advised to review this page periodically for any changes. We will notify you of any updates by posting the new Privacy Policy on this page and notifying waitlist members via email of significant changes.

Changes are effective immediately upon posting.

Contact Us

If you have any questions, concerns, or suggestions about our Privacy Policy, please contact us at: blobodoro@concurrent.space

This Privacy Policy was adapted from templates provided by PrivacyPolicyTemplate.net and modified for Blobodoro.