🎞️
FocusDiffusion
HomePrivacy PolicyTerms of Use
Back to FocusDiffusion
Privacy Policy

Privacy Policy

Service: FocusDiffusion · Provider: Kortress (the "Company", "we", "us")
Effective: June 28, 2026 · Last updated: June 28, 2026

This Privacy Policy explains what information FocusDiffusion collects, how we use, share, store and protect it, and the choices and rights you have. By using the app you acknowledge the practices described here. If you do not agree, please do not use the service.

01Information we collect

We collect only what we need to run the service.

CategoryExamplesWhen
AccountSocial sign-in identifier (Apple/Google), email (if provided), handle, display name, birth year, profile photoSign-up & profile setup
User contentPhotos, voice notes, videos, captions and messages you attach, and the recipient you chooseWhen you send a photo or focus on one
UsageFocus sessions, your collection of unlocked photos, friend connections, blocks and reportsWhile using the app
Device & technicalPush token (FCM), device and OS type, app version, language and time zone, log data and IP addressOn app launch / push registration
PurchasesSubscription and entitlement status, receipt identifiers, transaction recordsOn purchase

We do not collect or store your payment card details — those are handled directly by Apple App Store and Google Play.

02How we use information

  • Authenticate you and provide the core service — delivering photos, revealing them through focus, and keeping your collection.
  • Deliver friend-to-friend photos, voice and messages, and send notifications (push).
  • Detect illegal or harmful content and protect the service (see Section 3).
  • Process subscriptions and purchases, handle refunds and disputes, and prevent fraud and abuse.
  • Respond to your requests, improve the service, and comply with legal obligations.

Where required (e.g. EEA/UK), our legal bases are: performance of a contract (providing the app); legitimate interests (safety, security, abuse prevention, product improvement); legal obligation (content-safety reporting, tax and commerce record-keeping); and consent where specifically requested (e.g. push notifications), which you may withdraw at any time.

03Content safety & moderation

To keep the service safe, uploaded images are checked with automated moderation tools. Child sexual abuse material (CSAM) and clearly illegal content are blocked and preserved, and where legally required are reported to the National Center for Missing & Exploited Children (NCMEC) and/or competent authorities. Records created for this purpose are kept separately from ordinary moderation logs and are retained for the period required by law.

Uploading illegal content results in immediate restriction and may be reported to authorities. See the Terms of Use for prohibited conduct.

04How we share information

We do not sell your personal information. We share it only as needed to operate the service, with the service providers below acting on our behalf, with recipients you choose, and with authorities where legally required.

RecipientPurpose
SupabaseDatabase and file storage. Photos, voice and video are kept in private storage and accessed only via short-lived signed URLs.
Google FirebasePush notification delivery (FCM).
Apple · GoogleIn-app purchases and subscription processing.
RevenueCatSubscription / receipt validation and entitlement management.
SightengineAutomated image content moderation.
NCMEC & law enforcement / regulatorsMandatory CSAM reporting and responding to lawful requests.
Recipients you choosePhotos, voice and messages you send are delivered to the recipient you specify, who can view and keep them.

We may also share information in connection with a merger, acquisition or asset sale, subject to this Policy.

05International transfers

Our providers (e.g. Supabase, Firebase) may operate infrastructure outside your country, including in the United States. Your information may therefore be processed and stored internationally. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for these transfers.

06Retention & deletion

  • When you delete your account, we delete your personal information or irreversibly anonymize it.
  • However, payment and transaction records may be retained for up to 7 years to meet legal obligations (e.g. Korea’s Act on Consumer Protection in Electronic Commerce and the Framework Act on National Taxes). In that case, identifying details are anonymized.
  • To prevent abuse, a 30-day cool-down period may apply before the same account can re-register.
  • Content-safety reports are retained separately for the period required by law.

07Your rights & choices

Subject to applicable law, you may access, correct, delete, restrict or object to the processing of your information, and withdraw consent.

  • Edit your profile directly in the app’s profile screen.
  • Delete your account from in-app settings; data is handled as described in Section 6.
  • Manage push notifications in your device settings.
  • To exercise any right, contact us at the address in Section 14. You may also lodge a complaint with your local data protection authority.

08EEA / UK (GDPR)

If you are in the EEA or UK, you have the rights of access, rectification, erasure, restriction, portability and objection, and the right to withdraw consent, under the GDPR / UK GDPR. The Company is the controller of your personal data for the purposes described here. Our legal bases are set out in Section 2.

09California (CCPA/CPRA)

California residents have the right to know what personal information we collect (the categories listed in Section 1), to request deletion or correction, and to opt out of "sale" or "sharing." We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. We will not discriminate against you for exercising your rights. To make a request, contact us at the address in Section 14.

10Children

The service is not directed to children under 14, and we do not knowingly collect personal information from them. (In jurisdictions with a lower threshold, we do not knowingly collect from children under 13.) If we learn that we have collected such information, we delete it promptly. Parents or guardians who believe a child has provided information without consent may contact us.

11Security

  • Data is encrypted in transit (HTTPS).
  • Photos, voice and video are kept in non-public storage and accessed only through short-lived signed URLs.
  • We apply access controls and technical and organizational measures to guard against unauthorized access or disclosure.

No method of transmission or storage is completely secure; we cannot guarantee absolute security.

12Cookies & this website

The mobile app does not use advertising cookies. This website uses only what is necessary to serve the pages and does not run advertising trackers.

13Changes to this Policy

We may update this Policy as the service or the law changes. Material changes will be announced in the app or on this page before they take effect. The "Last updated" date above indicates the current version.

14Contact

For privacy questions, requests or complaints, contact us:

Provider: Kortress

Email: fortressofko@kortress.com