Privacy Policy

Locus is a macOS productivity app that helps you block distracting websites and applications during focus sessions. This Privacy Policy explains what data Locus collects, how it is used, and what it shares with third parties.

1. Data We Collect

Locus collects the following categories of data to provide its core functionality. Unless stated otherwise, all data is stored locally on your Mac and is never uploaded to Locus servers.

Web History & Website Content

Locus monitors the URLs and page titles of websites you visit in your browser while a focus session is active. This is required to:

• Determine whether a site should be blocked or allowed based on your current task.
• Detect drift — when an allowed site is being used off-task (e.g., YouTube approved for a lecture, but now playing unrelated content).

URLs and page titles are processed locally and, when an AI decision is needed, forwarded through a Cloudflare Worker to Hack Club AI (see Section 3). They are never stored by Locus on any remote server.

User Activity

Locus tracks which macOS applications are running or in the foreground while a focus session is active in order to block non-allowed apps. This data is used only to enforce blocking rules and is stored locally.

Session Analytics

Locus records information about your focus sessions locally on your device, including:

• Session start and end times.
• Number of block events and unblock requests.
• Session completion status.
• Per-task time totals.

This data powers the in-app Analytics tab. It never leaves your device.

Calendar Data (Optional)

If you connect a calendar via an iCal URL (Google Calendar, Outlook, Schoology, Canvas, etc.), Locus reads your upcoming events to populate session task options. This data is fetched directly from your calendar provider and processed locally. Locus does not store your calendar credentials or event data remotely.

Notion Data (Optional)

If you connect Notion via OAuth, Locus reads your Notion pages and task entries to auto-populate session options. The OAuth token is stored locally on your device. Locus only reads task titles and page names — it does not write to, modify, or delete any Notion content. No Notion data is transmitted to Locus servers.

2. How We Use Your Data

All data collected is used exclusively for the single purpose of Locus: helping you stay focused. Specifically:

• URL & page title monitoring — to decide whether a visited site is on-task or should be blocked.
• App monitoring — to enforce application blocking rules during a session.
• Session analytics — to show you your own focus trends inside the app.
• Calendar & Notion data — to make session setup faster by pre-filling your current tasks.

We do not use your data for advertising, profiling, or any purpose unrelated to focus enforcement.

3. Data Shared with Third Parties

Locus shares data with the following third parties only when strictly necessary:

Hack Club AI & OpenRouter (via Cloudflare Worker)

When Locus needs to make an AI-based decision — such as evaluating an unblock request or checking whether a page has drifted off-task — it sends the relevant URL, page title, and your current session task description to a Cloudflare Worker proxy. That Worker forwards the request to Hack Club AI, which routes it through OpenRouter to the underlying language model. The API key is stored as a Cloudflare Worker secret and is never shipped with the app or stored on your device. No personally identifiable information beyond what you type in the task description is included in these requests.

• Hack Club AI: hackclub.com/privacy
• OpenRouter: openrouter.ai/privacy

Cloudflare

The proxy Worker runs on Cloudflare's infrastructure. Cloudflare may log request metadata (e.g., IP address, timestamps) in accordance with their own privacy policy: cloudflare.com/privacypolicy.

Your Calendar Provider

If you provide an iCal URL, Locus makes an outbound request to that URL to retrieve your calendar events. The request is made from your device directly to your calendar provider (Google, Microsoft, etc.).

Notion

If you connect Notion, Locus makes read-only API calls to Notion's servers using your OAuth token to retrieve task titles. This is governed by Notion's Privacy Policy.

We do not sell, rent, or transfer your data to any other third parties.

4. Data Storage & Retention

All session data, analytics, configuration, and OAuth tokens are stored locally on your Mac, inside the Locus application support directory. Locus does not operate any database or cloud storage for user data. You can delete all Locus data at any time by removing the application and its support files.

5. Children's Privacy

Locus is designed for use by students of all ages and does not knowingly collect any data beyond what is described in this policy. No data is transmitted to Locus-operated servers at any time. Parents or guardians with questions are welcome to contact us (see Section 7).

6. Changes to This Policy

If this policy changes in a material way, we will update the "Last updated" date at the top of this page. Continued use of Locus after a policy change constitutes acceptance of the updated terms.