Privacy Policy - Focal Point Productivity

Introduction

Mile High Software Solutions LLC ("we", "our", or "us") operates the Focal Point Productivity application ("the App"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our App.

Focal Point is a productivity application designed for individuals, households, families, and small businesses. The App allows users to create tasks, notes, projects, and documents, and to share content with other users.

We limit the collection of personal data to what is necessary to provide and improve the App.

Information We Collect

We collect the following categories of information:

Account Information

Email address
Display name and profile photo (optional)
Authentication credentials (managed by Firebase Authentication, Apple, or Google)
Phone number (optional, for friend discovery)

User Content

Tasks, notes, projects, and reminders you create
Documents and images you upload
Comments on shared content
Tags, folders, and organizational structures

Usage Data

App interactions and feature usage (via Firebase Analytics)
Crash reports and error logs (via Firebase Crashlytics)
Device type, operating system, and app version
General geographic region (country-level, not precise location)

Technical Data

FCM push notification tokens (for delivering notifications)
IP addresses (retained for up to 30 days for security, fraud prevention, and system integrity purposes)
We do not collect advertising identifiers (IDFA/IDFV/Android Advertising ID)

Integration Data

Google Calendar: Event titles, dates, times, and locations (read-only, cached temporarily)
YouTube: Video metadata for saved links (cached for display)

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data under the following legal bases:

Processing Activity	Legal Basis
Account creation and authentication	Contract performance
Storing and syncing your content	Contract performance
Third-party integrations (Calendar, YouTube)	Consent (opt-in)
Contacts access (friend discovery, attendee suggestions)	Consent (device permission prompt)
Phone number (friend discovery)	Consent (optional, user-provided)
Analytics and crash reporting	Legitimate interest
Push notifications	Consent (opt-in via device settings)
Security and fraud prevention	Legitimate interest
Marketing communications	Consent (opt-in)

Service Providers and Subprocessors

We use the following third-party service providers to operate the App. Each provider processes data on our behalf under appropriate data processing agreements:

Provider	Purpose	Data Processed
Google Firebase	Authentication, database, storage, hosting	All user data
Firebase Analytics	Usage analytics	Aggregated usage data
Firebase Crashlytics	Crash reporting	Error logs, device info
Apple (App Store)	Authentication, payments	Apple ID, subscription status
Google (Play Store)	Authentication, payments	Google account, subscription status
Google Calendar API	Calendar integration	Calendar events (read-only)
YouTube Data API	Video previews	Video metadata

Google's Data Processing Terms apply to Firebase services. For details, see Firebase Data Processing Terms.

Data Storage and International Transfers

Storage Location: Your data is stored on Google Cloud/Firebase infrastructure primarily in the United States (us-central1 region).

International Transfers: If you are located outside the United States, your data will be transferred to and processed in the United States. For users in the EEA, UK, or Switzerland, these transfers are protected by:

Google's compliance with Standard Contractual Clauses (SCCs)
Google's additional safeguards for international data transfers

For more information, see Google Cloud GDPR Compliance.

Data Retention

Data Type	Retention Period
Account and user content	Until you delete your account
Cached integration data	Deleted immediately when you disconnect a service
Analytics data	Aggregated and anonymized; retained per Firebase defaults (14 months)
Server logs (IP addresses)	Up to 30 days
Backups	Purged within 30 days of account deletion
Inactive accounts	Accounts with no login activity for 24 months may be flagged for deletion. We will notify you via email before any data is removed.

Account Deletion

When you delete your account:

All personal data and content is permanently deleted within 30 days
Backups containing your data are purged within 30 days
Shared projects you own will be transferred to co-owners or deleted if no co-owners exist
Your comments on others' content may be anonymized rather than deleted to preserve conversation context
Aggregated, anonymized analytics data may be retained

To delete your account, go to Settings > Account > Delete Account, or contact us at support@milehighsoftwaresolutions.com.

Sharing and Collaboration

Focal Point allows you to share projects, tasks, and notes with other users:

Permission Levels

Owner: Full control, can edit content and manage sharing permissions
Co-Owner: Full editing rights and can manage sharing
Editor: Can view and edit content but cannot change sharing settings
Viewer: Read-only access to content

What Shared Users Can See

Project/task/note content you share
Your display name and profile photo
Activity on shared content (edits, comments)

Warning: Be cautious about sharing content containing sensitive personal information. You are responsible for obtaining appropriate consent before sharing content that contains others' personal data.

Your Responsibility for Shared Content

When you share content with other users, you are responsible for the personal data contained within that content, including ensuring you have the necessary rights and consents to share such information. We act as a service provider facilitating this sharing and do not control the content users choose to share.

Third-Party Integrations

Google Calendar Integration

Access Type: Read-only access to your calendar events
Scope: calendar.readonly
Data Accessed: Event titles, dates, times, and locations
Storage: Cached temporarily for display; not permanently stored
Token Handling: OAuth refresh tokens stored securely in Firebase; automatically expire if unused; revoked immediately when you disconnect

YouTube Integration

Data Accessed: Video metadata for links you save
Storage: Titles and thumbnails cached for display
Token Handling: Same as Google Calendar

You can disconnect integrations at any time in Settings. Disconnecting immediately revokes our access and deletes cached data.

Phone Number & Friend Discovery

You may optionally provide your phone number in your profile to help friends find you on Focal Point. Your phone number is:

Stored securely in our database (encrypted at rest)
Stored as a one-way cryptographic hash (SHA-256) for matching purposes
Used only for friend discovery (matching against other users who search for you)
Never shared with third parties or used for marketing
Removable at any time via your profile settings

If you remove your phone number, you will no longer be discoverable by phone number.

Contacts Access

With your permission, Focal Point can access your device contacts for two purposes:

Friend Discovery: Check which of your contacts are already using Focal Point
Calendar Attendees: Suggest contacts when adding attendees to calendar events

When you use the friend discovery feature:

Contact phone numbers are converted to anonymous cryptographic hashes (SHA-256) on your device
Only these anonymous hashes are sent to our server for matching
Your actual contacts are never uploaded or stored on our servers
Matching results are returned to your device and not retained on our servers
Contact data is read fresh each time you use the feature — it is not cached or synced

When you use contacts for calendar attendee suggestions:

Contact names and email addresses are read locally on your device
This data is used only for display in the attendee picker and is not uploaded to our servers

You can revoke contacts permission at any time in your device settings (Settings > Focal Point > Contacts on iOS, or Settings > Apps > Focal Point > Permissions on Android). Revoking permission does not affect any other app functionality.

Document Storage

Free accounts: Up to 100 MB storage, 10 MB max file size
Premium accounts: Up to 2 GB storage, 100 MB max file size

Documents are retained until you delete them. If your Premium subscription lapses and your documents exceed the free-tier 100 MB quota:

30-day grace period: You can view, download, and delete all documents. Editing and uploading are not permitted.
After the grace period: Documents exceeding the free quota become restricted — you can see document names, sizes, and dates, and you can delete them, but you cannot view or download their content.
You can delete documents at any time to reduce your storage below 100 MB and restore full access to remaining documents
No documents are ever automatically deleted — all content is retained indefinitely
Resubscribing to Premium immediately restores full access to all documents

Documents within shared projects are not counted toward your personal storage quota. See Shared Project Data Access below for details on shared project documents.

Shared Project Data Access

Focal Point projects support collaboration between multiple users. Editing project content (tasks, documents, sticky notes, kanban boards, and notes) requires an active Premium subscription.

If your Premium subscription lapses while you are a member of shared projects:

Shared projects transition to read-only mode for you
You retain full viewing access to all content within the project
Project documents remain downloadable by all members regardless of subscription status
No project data is deleted — all content is preserved indefinitely
Creating, editing, and deleting content within the project is disabled until you resubscribe

If all project owners' (primary owner and co-owners) subscriptions lapse:

The project becomes read-only for all members
All members retain full viewing and document download access
The project may be automatically archived after 180 days if no owner resubscribes
Archived projects and their content are not deleted and can be restored by resubscribing

You may always:

View and download any content within shared projects you belong to
Transfer project ownership to another Premium subscriber (if you are the primary owner)
Request a full export of your data via Settings > Account or by contacting support

Local Sync (Premium Feature)

Local Sync allows you to sync documents to a folder on your device:

Files are synced over your local network only
Synced files are stored unencrypted in the folder you specify
You are responsible for securing access to your local device and sync folder
Local Sync does not bypass cloud storage—files exist in both locations

Security Note: Local Sync is provided for convenience. If you store sensitive documents, ensure your device has appropriate security controls (encryption, access controls).

Data Security

We implement industry-standard security measures:

Encryption in Transit: All data transmitted using TLS 1.2+
Encryption at Rest: Data encrypted on Google Cloud infrastructure using AES-256
Authentication: Managed by Firebase Authentication with support for email/password, Apple Sign In, and Google Sign In
Access Controls: Principle of least privilege for administrative access
OAuth Tokens: Stored securely, scoped to minimum necessary permissions, revocable by user

Note: Documents are encrypted at rest on our servers but are not end-to-end encrypted. We (the service operator) have technical ability to access user content for support and legal compliance purposes, though we do not routinely access user content.

Data Breach Notification

In the event of a data breach that affects your personal data:

We will notify affected users within 72 hours of becoming aware of the breach (as required by GDPR)
Notification will be sent via email to your registered email address
We will also notify relevant supervisory authorities as required by law
Notification will include: nature of the breach, data affected, steps we are taking, and recommended actions for you

Security concerns can be reported to support@milehighsoftwaresolutions.com.

Legal Requests and Disclosure

We may disclose your information if required to do so by law, subpoena, or other legal process, or if we believe such action is necessary to:

Comply with legal obligations
Protect and defend our rights or property
Prevent fraud or abuse of our services
Protect the safety of users or the public

Sensitive Data

Focal Point is a general-purpose productivity tool. While you may store various types of content, we recommend:

Do not store highly sensitive data such as government IDs, financial account numbers, or health records unless necessary
If you store sensitive content, understand it is encrypted at rest but not end-to-end encrypted
Be cautious when sharing content that may contain sensitive information about others

Analytics and Crash Reporting

We use Firebase Analytics and Firebase Crashlytics to improve the App:

Firebase Analytics: Collects aggregated usage data (screens viewed, features used) to help us improve the App. Does not collect advertising identifiers.
Firebase Crashlytics: Collects crash reports including device type, OS version, and error stack traces to help us fix bugs.

This data is used for product improvement only, not for advertising. You can limit analytics collection through your device's privacy settings.

We may use aggregated and anonymized data for analytics, product improvement, and business purposes. This data does not identify individual users.

Payment Processing

Premium subscriptions are processed through:

iOS: Apple In-App Purchases
Android: Google Play Billing

We do not collect, store, or process payment card information. All payment processing is handled directly by Apple or Google. We only receive confirmation of subscription status.

Children's Privacy

We do not knowingly collect personal data from children under 13 (or 16 in the EEA). Users must be at least 13 years old to create an account independently.

Families may share access to Focal Point through Apple Family Sharing or Google Play Family Library, which are managed by the respective platform. Parents or guardians using these features are responsible for supervising their children's use of the App and consent to the processing of their data as described in this policy.

If you believe a child under 13 has created an account independently, please contact us immediately at support@milehighsoftwaresolutions.com and we will delete the account.

Your Rights

Depending on your location, you have the following rights:

Access: Request a copy of your personal data
Correction: Update inaccurate information
Deletion: Delete your account and associated data
Portability: Export your data in a machine-readable format
Restriction: Request we limit processing of your data
Objection: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent for optional processing (integrations, marketing)

How to Exercise Your Rights

You can exercise most rights directly in the App (Settings > Account). For formal requests:

Email support@milehighsoftwaresolutions.com with your request
Include the email address associated with your account
We will verify your identity before processing
Requests will be processed within 30 days (or 45 days for complex requests, with notice)

There is no fee for reasonable requests. We may decline requests that are manifestly unfounded or excessive.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights:

Right to Know: What personal information we collect, use, and disclose
Right to Delete: Request deletion of your personal information
Right to Correct: Request correction of inaccurate information
Right to Opt-Out: Opt out of sale or sharing of personal information
Right to Non-Discrimination: We will not discriminate against you for exercising your rights

We Do Not Sell or Share Your Personal Information for cross-context behavioral advertising or other purposes that would constitute a "sale" or "share" under California law.

Do Not Track: The App does not respond to "Do Not Track" signals from browsers or devices.

To submit a request, email support@milehighsoftwaresolutions.com with subject line "California Privacy Request."

International Users (GDPR)

If you are located in the EEA, UK, or Switzerland:

See "Legal Basis for Processing" above for how we justify processing your data
You may withdraw consent at any time by disconnecting integrations or deleting your account
You have the right to lodge a complaint with your local data protection authority
See "Data Storage and International Transfers" for information about transfers outside the EEA

Marketing Communications

We may send you marketing communications about new features or offers if you have opted in. You can opt out at any time by:

Clicking "Unsubscribe" in any marketing email
Contacting us at support@milehighsoftwaresolutions.com

Opting out of marketing does not affect transactional emails (account confirmations, security alerts, subscription receipts).

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting a notice in the App
Sending an email to your registered address
Updating the "Last Updated" date at the top of this page

Continued use of the App after changes constitutes acceptance of the updated policy. For significant changes, we will provide at least 30 days notice before the changes take effect.

Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, user information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice in the App before your personal data becomes subject to a different privacy policy.

Contact Us

If you have questions about this Privacy Policy or our data practices:

Mile High Software Solutions LLC

2057 Arroyo Ct

Windsor, CO 80550

United States

support@milehighsoftwaresolutions.com