Privacy Policy

EVOTECH SGP PTE. LTD values your privacy. This Privacy Policy (the “Policy”) explains how we collect, use, share, and protect your Personal Data when you use our websites, (ii) devices (“Devices”), (iii) mobile or desktop software (“Applications”),(iv) use our AI-powered voice assistant and chatbot services through the Device or third-party messaging platforms such as Telegram, WhatsApp, and Feishu/Lark ("AI Service"), or (v) any other products, programs, or services we provide (together with "Site", "Device","Application", and "AI Service", the "Service").New or additional features we launch are covered by this Policy unless we provide a separate notice.

Your Personal Data may be processed in the countries/regions where you use the Service and where we, our affiliates, or service providers operate, subject to Applicable Law. References to “we”, “us” or “our” mean “EVOTECH SGP PTE. LTD”. “You” means any individual whose Personal Data we process.

1. INTRODUCTION AND SCOPE

This Policy describes: (a) what we collect, (b) how we use it, (c) how we share it, and (d) your rights and choices (including under GDPR and U.S. state privacy laws; see section 14). It does not cover anonymous, aggregated, or de-identified data unless it is linked back to you.

2. WHO WE ARE & DATA RESPONSIBILITY

We act as the “Controller” of your Personal Data (the entity that decides how and why your data is used). EVOTECH SGP PTE. LTD is the primary controller responsible for processing your Personal Data in connection with the Service, unless we provide a separate notice stating otherwise.

Key Partners & Operational Modes To provide our service effectively, we may rely on established third parties. Specifically note the following data relationships:

3. HOW TO CONTACT US

Your feedback and resolving complaints efficiently are important to us. If you have questions about your data rights:

• Email: support@focusaur.com

4. PERSONAL DATA WE COLLECT

We collect only what we need to provide and improve the Service. We do not collect Social Security Numbers, biometric identifiers (e.g., fingerprints/facial templates), or health information as part of our standard Services, and we do not collect precise geolocation unless you enable a feature that requires it. If we need sensitive data for a specific feature or to meet legal obligations, we will provide additional notice and, where required, obtain your consent, and use it only for that purpose.

Categories：

• Identity Data: name/preferred name; usernames/display names; user ID; avatar/profile image (if provided); and, where required by law or for certain transactions, government-issued identifiers.

• Contact Data: mailing address, email, phone, billing address.

• Credentials & Settings: login credentials/tokens; account preferences and settings. Passwords are stored in hashed form.

• Financial & Services Data: purchase, payment method type, transaction history, returns, warranty claims. Payments are processed by third-party payment providers (we generally do not store full card numbers).

• Device & Content Data: device identifiers (e.g., serial number), firmware/app versions, crash/error logs; content you create/upload or that is generated/uploaded from your Device when you use enabled features (e.g., feature-generated photos, files, or diagnostic artifacts).

• Voice and Audio Data: audio recordings of your voice captured through the Device's microphone during voice interaction sessions with our AI Service. This data is processed in real-time for speech-to-text conversion. By default, Audio data is processed in real-time in memory and is not written to persistent storage by default. Temporary audio buffers are discarded after speech recognition processing is complete. Audio recordings are transmitted to third-party speech recognition providers for transcription.

• Usage Data: pages/features used, time spent, interaction logs, referrers, and (where enabled) usage metadata for features such as chat and local networking (including Wi-Fi).

• Technical Identifiers: IP address (approximate location), browser/device details, time zone, server/request logs.

• Profile Data: profile fields you choose to share (e.g., bio/interests).

• Marketing & Communications Data: marketing preferences and related interactions.

• Sensitive Personal Data: Certain data may be considered sensitive under some laws (e.g., account credentials and, where enabled, precise geolocation). We use or disclose such data only as permitted by Applicable Law and as described in this Policy.

• Aggregated/de-identified data: may be used for analytics; treated as Personal Data if re-linked to you.

• Calendar and Third-Party Account Data: if you connect Google Calendar, Microsoft Outlook, or Apple Calendar, we collect and store OAuth tokens, your third-party account name, and calendar event data (titles, descriptions, times, recurrence rules). Tokens are used to read and write events on your behalf until you disconnect.

• AI Conversation Data: text transcriptions of your voice interactions. These transcripts exist only transiently in memory during your active session to enable real-time responses and are not persistently stored. (Note: specific facts, preferences, or instructions extracted from these transient transcripts may be stored securely as "AI Memory" associated with your account, so the AI can remember your preferences for future interactions).

• Memory Data: our AI Service may extract, store, and recall personal information from your conversations to provide personalized responses, including your preferences, facts about your life, past events, and behavioral patterns. This information is stored as structured memory records with vector embeddings. You may correct or request deletion of specific memories through voice interaction or by contacting us.
• Behavioral and Productivity Data: habit tracking records (names, check-ins, streaks, completion rates), focus session records (times, duration, deep focus mode), schedule and task management data (titles, status, recurrence rules), and gamification data (virtual currency, achievements, collected items).

• Messaging Platform Data: if you use our chatbot via Telegram, WhatsApp, or Feishu/Lark, we collect your platform user identifier (e.g., Telegram user ID, WhatsApp phone number, or Feishu Open ID), platform display name, and messages you send to our chatbot. We maintain a record linking your messaging platform account with your Focusaur account.

5. CONSEQUENCES OF NOT PROVIDING DATA

Where we need to process specific data either by law or under the terms of a contract (for example, fulfilling a physical shipping order or activating device software), and you fail to provide required fields, we may be unable to accept the order or fully activate features dependent on specific input (for example, warranty activation or verification of ID/serial-number mismatches). If active Services exist and required data is not provided or maintained, we may need to suspend or cancel affected Services where delivery becomes commercially unviable or impossible. We distinguish required (“Mandatory”) information from strictly voluntary (“Recommended only”) information at the point of collection.

6. METHODOLOGY FOR COLLECTION

We collect Personal Data from multiple sources:

A. Direct Interactions (Information you give us): you enter data when creating/registering an account, subscribing to newsletters/alerts, requesting support or troubleshooting, providing feedback, signing agreements, or participating in competitions, surveys, or promotions.

B. Automated Technologies (Information collected via use): browsing and use of the Service generate technical data (for example through cookies, server logs, web beacons, pixels, embedded scripts, and standard mobile SDKs). We may also engage in behavioral tracking via these technologies. Depending on your browser and device, you may be able to limit certain tracking through browser settings and cookie controls. Please note that “Do Not Track” (DNT) signals are not uniformly interpreted, and our Sites may not respond to all DNT signals. You can control cookies via the methods described in Section 12 and you can opt out of certain targeted advertising/sharing as described in section 13. If you disable cookies, certain features of the Services may not function properly.

C. Data via Third Parties & Public Sources: where permitted by law, we may receive or enrich information from:

• Linked Sign-on partners and providers: our Services may allow you to log in through a third-party social network or authentication service, such as Shopify, Apple, Google, and Facebook. When you use these single sign-on services, we do not receive your login credentials. Instead, we receive authentication tokens and any Personal Data you choose to share through the relevant third-party service (for example, Identity Data, Contact Data, and Profile Data, depending on your settings with that third party).

• Analytics partners: such as Google Analytics and similar tools that provide aggregated reporting.

7. HOW WE USE YOUR PERSONAL DATA: PURPOSES & LEGAL BASES

We use Personal Data in accordance with applicable law. For transparency (including GDPR Article 13 / CCPA obligations), below are the main purposes for which we process Personal Data and the lawful basis we rely on:

A. To Enable Service Functionality & Delivery (Contract Performance): we process Identity Data, Contact Data, Financial Data, and Services Data to fulfill our contract with you, including processing orders, payments, shipments, enabling device usage, and providing core software features.

B. To Manage Relationship, Notifications, and Support (Contract or Legitimate Interests): we process Contact Data and Profile Data to notify you about changes to terms or products (including software updates and bug alerts) and to provide troubleshooting and customer support (including warranty and account issues).

C. Operations: Security & Business Integrity (Legitimate Interests and sometimes Legal Obligation): we analyze Usage Data and Technical Identifiers to maintain systems, detect and prevent fraud and misuse, investigate violations of terms, and prevent automated traffic that may affect Service performance.

D. Analysis (Growth) Improvement (Legitimate Interests; with privacy controls): we use analytics (often aggregated) to improve features and user experience, including models guiding Service logic, subject to applicable privacy controls and legal requirements.

E. Marketing & Advertising Recommendations (Legitimate Interests or Consent): we may send newsletters, offers, or product recommendations. Where required, we rely on consent for certain marketing-related tracking. You can opt out at any time through the unsubscribe link in promotional emails, through cookie controls as described in Section 12, or by contacting us as described in Section 13.

F. Specific App & AI Service Processing Details:In addition to the general business purposes above, our Application and AI devices process specific data categories to deliver core functionalities. The detailed purposes, data categories, and corresponding lawful bases are outlined in the table below:

8. WHO WE SHARE WITH

To provide the Service and achieve the purposes described above, we may share Personal Data with authorized parties that need it.

A. Structured Shared Network (Inter-company group transfers): for efficiency, data may flow among affiliated corporate organizations worldwide for joint administrative and operational purposes, subject to appropriate confidentiality and safeguards.

B. External Processors (Vendors): we use vendors under contractual obligations to protect Personal Data. Categories include:

• Hosted Cloud/IT Platforms: hosting providers and IT tools supporting online store and Service functions (including the Shopify ecosystem).

• Payment & Anti-fraud Processors: checkout facilitators and payment processors (including Shop Pay, Stripe, Affirm, Afterpay, PayPal, and Google Pay) that process payments in accordance with applicable security standards.

• Supply Chain Logistic Providers: warehouse and courier partners to deliver products, using the minimum contact and address details necessary for delivery.

• Business Tools / Analytics: tools we use to manage communications and to assist us with user analytics (if you have not opted out) (for example, Google Analytics reporting suites and Shopify Analytics, Google Firebase/Crashlytics, and Sensors Data), subject to applicable law and your settings.

• AI and Machine Learning Service Providers: tools and APIs we use to provide core app functionalities, including text-to-speech, speech recognition, conversational AI responses, and language model inference (for example, Microsoft Azure Cognitive Services, including Azure OpenAI Service).

• Communication & Messaging Platforms: services facilitating our chatbot functions and user communications (for example, Telegram, Meta/WhatsApp Business API, and ByteDance/Feishu).

• Calendar & System Integrations: APIs used to sync or integrate Services with your personal schedules, subject to your device permissions (for example, Google Calendar API, Microsoft Graph API, and Apple Calendar).

C. Legal / Safety Imperatives: where required by law or necessary to protect rights, safety, and property, data may be disclosed to regulators, governmental tax authorities, law enforcement (valid court orders/warrants), or parties involved in corporate transactions (such as mergers or asset sales). We may disclose Personal Data to enforce or apply our terms (including for billing and collection purposes). If necessary, we may also disclose or exchange information with other companies and organizations for fraud protection and credit risk reduction, and to protect the rights, property, or safety of us, our customers, or others.

Categories of Personal Data disclosed. The categories of Personal Data we may disclose include Identity Data, Contact Data, Financial Data, Services Data, Marketing and Communications Data, Profile Data, Usage Data, Technical Identifiers, Device Data, and Content Data, depending on the nature of the Service and the recipients described above.

International Transfers: we may transfer data across borders, including outside the EEA/UK. Where required, we use safeguards recognized by relevant jurisdictions (such as Standard Contractual Clauses (“SCCs”) or equivalent mechanisms) to help ensure continued protection. You may request further information about the safeguards we use for international transfers by contacting us as set out in Section 3.

Marketing / Ads Opt-outs: sharing with advertising networks (if applicable) typically depends on your cookie choices. See Section 12 for cookie controls and opt-out options.

9. DATA SECURITY

We use technical and organizational safeguards designed to protect Personal Data, including:

• Pseudonymisation and encryption: removing direct identifiers from certain internal analysis datasets where appropriate; using encryption and other safeguards to protect Personal Data in transit and at rest.

• Access controls: limiting access to personnel with a legitimate business need, under role-based controls.

• Incident response: procedures to assess and notify relevant authorities and affected individuals where required by law.

• Your responsibility: you are responsible for keeping your account credentials confidential and using strong passwords.

Public areas. If the Services include public or interactive areas (for example, forums or message boards), any information you submit there may be viewed by any user and should be treated as public.

Transmission over the internet. The transmission of information via the internet is not completely secure. While we use reasonable safeguards, we cannot guarantee the security of Personal Data transmitted to or through our Services; any transmission is at your own risk.

10. HOW LONG WE KEEP YOUR DATA

EVOTECH SGP PTE. LTD. retains Personal Data only for the period necessary to provide you with Focusaur term of use and for achieving legitimate and essential business purposes, such as making data-driven business decisions about new features and offerings, complying with legal obligations, or resolving disputes. We apply retention periods across the following key categories:

• Data retained until you request us to remove it: for example, we may retain surveys, research, and promotions data until you withdraw consent or opt-out to honor your preferences and comply with marketing regulations.

• Legal / Admin / Tax laws: sales transactional records (for example invoice history) may be retained for the minimum period required by applicable tax and accounting laws.

• Legal defense windows: we retain necessary records for the duration of applicable statutes of limitations so we can establish, exercise, or defend legal rights if disputes arise.

• Active utility period: certain technical and transient logs (for example crash logs) may be retained for shorter periods and deleted, anonymized, or otherwise securely destroyed when no longer needed, subject to legal requirements.

We will not keep your Personal Data longer than necessary for the purposes stated in this Policy. When it is no longer needed, we will delete it or irreversibly anonymize it unless a longer retention period is required by law.

11. YOUR RIGHTS & CONTROLS

Depending on your jurisdiction (for example EU/EEA, UK, or certain U.S. states), you may have rights regarding your Personal Data. We honor applicable rights unless an exception applies. You may have the right to request:

• Access (“Right to Know”)

• Correction / Rectification

• Deletion (“Erasure”) (subject to legal exceptions)

• Data Portability (where applicable)

• Restrict or Object to Processing (including direct marketing)

• Withdraw Consent (where we rely on consent)

• Automated decision-making and profiling. Our Service uses automated processing, including profiling, in the following ways: (a) AI Memory Extraction: Our AI Service automatically extracts and stores personal facts, preferences, and patterns from your conversations to provide personalized responses. You can correct or delete memories through voice commands or by contacting us. (b) AI Conversation Analysis: Your voice interactions are automatically transcribed and analyzed by language models to understand intent and generate personalized responses. (c) Behavioral Pattern Analysis: Your habit completion rates, focus patterns, and productivity data may be analyzed to provide personalized coaching insights.

These processes do not produce legal or similarly significant effects. Where Applicable Law provides an opt-out right for certain profiling or targeting activities, you may exercise it as described in Sections 11–13.

• Lodge a Complaint: if you are in the EEA/UK, you may lodge a complaint with your local data protection supervisory authority.

How to exercise your rights: contact us using the details in Section 3, or use self-service tools (such as delete-account functions) where available. No fees usually required: requests are generally free, but we may charge a reasonable fee or refuse requests where permitted by law if they are manifestly unfounded or excessive. Response time: we normally respond within one month after verifying your identity. Where legally permitted, we may extend for complex requests (up to 60 days total) and will notify you.

Appeals (certain U.S. states). If we decline to take action on your request, you may appeal our decision by emailing support@focusaur.com with the subject line “Privacy Request Appeal”. Please include your original request and our response. We will respond to appeals within the timeframe required by Applicable Law. Authorized agents (California and certain jurisdictions). In some jurisdictions, you may designate an authorized agent to submit requests on your behalf. We may require the authorized agent to provide proof of authorization and may also require you to verify your identity directly with us.

12. COOKIES

We use cookies and similar technologies on our Sites and Applications to (i) operate core functions (such as account login, security, and checkout), (ii) measure performance and improve the Service, and (iii) where permitted by Applicable Law and your choices, support marketing and advertising.

Application and AI Service Technologies. In addition to cookies on our Sites, our Application and AI Service use the following tracking and similar technologies:

• (a) Firebase Analytics (Google LLC): Collects app usage data including feature interactions, screen views, and session duration. Your user ID is linked to analytics events for analysis purposes.

• (b) Firebase Crashlytics (Google LLC): Automatically collects crash data and device information when errors occur.

• (c) Firebase Cloud Messaging: Assigns a persistent device token for push notifications, which is stored linked to your account.

• (d) Sensors Data Analytics SDK (Sensors Data, PRC): Collects mobile application usage analytics on Android and iOS devices.

• (e) Device Authentication: Our AI Device connections use HMAC signature-based authentication rather than cookies.

Your choices. You can manage cookies and similar technologies through your browser and device settings (for example, blocking or deleting cookies). If we make a cookie banner or preference tool available on a particular Site or Application, you may also use it to manage non-essential cookies. If you disable certain cookies, parts of the Service may not function properly.

Third-party technologies. Some third parties may place cookies/pixels/SDKs on our Sites or in our Applications to provide content, analytics, or advertising. Their use of these technologies is governed by their own policies.

Where required by Applicable Law (including the ePrivacy Directive as implemented in EU member states), we will obtain your consent before placing non-essential analytics trackers on your device. You may withdraw consent at any time through the Application's settings. Essential cookies and tokens (such as authentication tokens and session management) do not require consent as they are strictly necessary for the Service to function.

13. PRIVACY CHOICES / OPT-OUTS

(a) Email marketing. You may opt out of promotional emails at any time by using the unsubscribe link in our emails. You may continue to receive non-promotional messages (e.g., order, account, and service notices).

(b) Targeted advertising / cross-context behavioral advertising. Where applicable under State Privacy Laws, you may opt out of our processing of Personal Data for targeted advertising by contacting us at support@focusaur.com with the subject line “Opt out of Targeted Advertising”.

(c) “Sale” / “Share” of Personal Data (U.S. states). Where applicable, you may opt out of the “sale” or “sharing” of your Personal Data (as those terms are defined by State Privacy Laws, including California) by contacting us at support@focusaur.com with the subject line “Do Not Sell or Share My Personal Data”.

(d) Cookies and similar technologies. You can manage cookies through your browser/device controls. If a cookie banner or preference tool is available on a particular Site or Application, you can also use it to manage non-essential cookies. See Section 12.

14. ADDITIONAL REGIONAL / STATE NOTICES

A. United States State Privacy Notice.

These disclosures supplement the main body of this Policy for residents of certain U.S. states (this “U.S. State Privacy Notice”). For details on how we collect, use, disclose, and otherwise process Personal Data, please read the main body of this Policy. Capitalized terms not defined here have the meanings given elsewhere in this Policy or under applicable U.S. state privacy laws (“State Privacy Laws”). If there is any conflict between this U.S. State Privacy Notice and the rest of this Policy, this U.S. State Privacy Notice controls only for covered U.S. state residents and their Personal Data.

Covered U.S. States. This U.S. State Privacy Notice applies to residents of the following states (as applicable, now or in the future): California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia.

Nevada Residents. Nevada provides a limited right to opt out of certain sales of personal information. Although we do not currently “sell” Personal Data in a manner that triggers Nevada’s opt-out requirements, Nevada residents may submit an opt-out request using the contact details in Section 3.

Personal Data Disclosures, “Sales,” and Targeted Advertising We disclose the categories of Personal Data we collect to the categories of recipients described in Section 8. Under certain State Privacy Laws, some disclosures may be considered the “sale” of Personal Data or the processing/sharing of Personal Data for “targeted advertising” (also called cross-context behavioral advertising). You can opt out where required (see Sections 11–13 and “Your Additional U.S. Privacy Rights” below). We do not sell the Personal Data of individuals we know to be under 16 years of age and we do not share such information for targeted advertising purposes.

Sensitive Personal Data Certain data elements may be considered “Sensitive Personal Data” under some State Privacy Laws, such as account credentials and, where enabled, precise geolocation. Payment card details are generally collected and processed by third-party payment providers. We use or disclose Sensitive Personal Data only as reasonably necessary and proportionate to provide the products and services you request; verify and improve services; detect and prevent security incidents, fraud, and unlawful activity; ensure physical safety; perform services on behalf of the business; and for short-term, transient use. We do not use Sensitive Personal Data to infer characteristics about you, and we do not sell Sensitive Personal Data or share it for targeted advertising.

De-Identified Information We may create or receive de-identified information that cannot reasonably be linked to an individual or household. Where we maintain de-identified information, we keep it in de-identified form and do not attempt to re-identify it except as permitted or required by law.

Automated Decision-Making and Profiling We do not conduct automated processing of Personal Data for decisions that produce legal or similarly significant effects. If Applicable Law nevertheless provides an opt-out right for certain profiling/targeting activities, you may exercise it as described in Sections 11–13.

Your Additional U.S. Privacy Rights Depending on your state of residency and subject to legal limitations and exceptions, you may have the right to know/access, portability, correction, deletion, opt-out of targeted advertising, opt-out of “sales,” and (in some states) control of Sensitive Personal Data.

Past 12 months (California and certain states). In the past 12 months, we may have disclosed the categories of Personal Data listed in Section 4 to the categories of recipients described in Section 8 for business purposes (e.g., order fulfillment, payment processing, customer support, security, analytics, and marketing communications). We do not knowingly “sell” Personal Data in exchange for money. However, some disclosures (such as to advertising/analytics partners via cookies or similar technologies) may be considered “sale” or “sharing” under certain State Privacy Laws. You may opt out as described in Section 13.

B. EEA/UK/Switzerland Privacy Supplement 

If you are located in the EEA, the UK, or Switzerland, this Section supplements the Policy. If there is any conflict, this Section prevails for those jurisdictions. Where GDPR/UK GDPR applies, our legal bases include performance of a contract, legal obligation, legitimate interests, and consent (see Section 7 ). Where we rely on legitimate interests, you may object as described in Section 11. International transfers: where we transfer Personal Data outside the EEA/UK, we use lawful transfer mechanisms such as adequacy decisions and Standard Contractual Clauses (or equivalent mechanisms), as applicable. You may also have the right not to receive retaliatory or discriminatory treatment for exercising these rights, subject to Applicable Law.

C.CHILDREN’S PRIVACY

The Service is not directed to children under 13 (or under the applicable age of digital consent in your jurisdiction, for example 16 in some EU member states). We do not knowingly collect Personal Data from children under these ages without verifiable parental consent. Our Application includes productivity and habit-building features that may be used by individuals under the applicable age of digital consent with parental or guardian supervision and consent. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete such information. Parents or guardians should contact us at support@focusaur.com.

15. UPDATES & CHANGES

Technologies and laws evolve. If we make material changes that reduce protections or materially affect your rights, we will provide prominent notice where required (for example by email or account notices) before changes take effect. Minor administrative or clarifying changes may be effective upon posting. We encourage you to review this Policy periodically by checking the “Last updated” date above.

Last updated: 2026.03.04

 

---