Privacy policy

Foclock is local-first. Your block patterns, schedules, statistics, Pomodoro state, and commitment-lock timers are stored in your browser, not on our servers.

We collect the minimum data necessary to operate sign-in, the lifetime purchase, and (if you turn it on) cross-device sync. That is everything.

We do not run third-party analytics on the extension. We do not sell data — there is barely any data to sell.

Block rules (domains, URL fragments, wildcards), block groups, schedules, behaviour settings, Pomodoro and commitment-lock state, statistics (per-domain time and visits), preferences (language, theme, favicon provider).

These never leave your device unless you explicitly enable sync.

When you turn sync on, a subset of your storage — block rules, groups, and a few preferences (language, theme, custom CSS) — is written to your browser's built-in sync area. Statistics, Pomodoro state, license details, and session data are not synced.

From there, the data travels through your browser vendor's account: Google Sync for Chrome / Edge, Firefox Sync for Mozilla accounts. You must be signed into the same browser account on each device for sync to work. Chrome and Firefox cannot sync with each other.

Foclock's servers do not receive or store this payload. It is held by the browser vendor on your behalf, under their terms and security model — we have no access to it.

The payload is plain JSON; Foclock does not add a separate encryption layer on top of the browser vendor sync. If you would rather your block list and preferences not be stored in your browser vendor cloud, leave sync turned off.

Account email and Google account ID (only if you sign in).

License records (free vs. lifetime, purchase timestamp, Stripe customer ID).

Webhook records from Stripe necessary for fraud prevention and refunds.

Cloudflare (hosting and DDoS protection for foclock.app, api.foclock.app).

Stripe (payment processing for paid tiers).

Google (OAuth sign-in, only if you choose to sign in).

Each receives only what is strictly necessary to perform their function. None of them are used for tracking or behavioural advertising.

The marketing site (this one) records anonymous hit counts via Cloudflare. We do not run Google Analytics, Facebook Pixel, Mixpanel, or similar.

The extension itself does not phone home. The only network calls it makes are: signing in, buying lifetime, and fetching the community categories list. Sync, when enabled, goes through your browser vendor (Google or Mozilla) and never touches our servers.

You can export and delete all your data from the extension at any time, without an account.

You can delete your account (and all server-side data) from the dashboard. Stripe receipts are retained for the period legally required for tax and accounting.

Questions: reach out via the Contact button in the extension. Every email is read.