Plan It Focus
Sign inCreate account

Plan It Focus Privacy Policy

Effective Date: February 25, 2026

Plan It Focus ("Plan It Focus," "we," "us," or "our") provides a productivity and planning software service (the "Service"), available through our websites and web application (together, the "Sites").

Plan It Focus is a brand name of Finn Advisor, LLC, doing business as Plan It Focus.

This Privacy Policy explains how we collect, use, disclose, and retain information when you use the Sites or Service.

Quick statements (for clarity)

  • No targeted ads: We do not use personal information for cross-context behavioral advertising.
  • No sale/share: We do not sell or share personal information as those terms are defined under certain U.S. state privacy laws (including California's "sell" and "share").
  • Washington Consumer Health Data: We do not ask for or require consumer health data; please do not submit medical/mental health info; if you do submit it in your content, we process it as user content to provide the Service.
  • AI training: We do not use your AI feature content to train our own general-purpose AI models by default.
  • OpenAI API default: Data sent to OpenAI's API is not used to train OpenAI models by default unless you opt in, and OpenAI may retain prompts/responses in abuse monitoring logs for up to 30 days by default.

1) Scope

This Privacy Policy applies when you:

  • visit the Sites;
  • create an account and Sign in;
  • use the Service to create/manage tasks, lists, goals, notes, and appointments;
  • connect calendar integrations (Google Calendar, Microsoft Calendar, or CalDAV);
  • use AI features, including AI Coach and Overwhelm Reset; or
  • contact us.

This Privacy Policy does not cover third parties' processing of information under their own terms (for example, Google, Microsoft, Stripe, or your CalDAV provider).

2) Information We Collect

A) Account and profile information

We collect:

  • Identifiers and contact information, such as your email address.
  • Account settings and preferences, such as analytics opt-out status and research preference status.
  • Authentication and security information, such as password hashes, session information, multi-factor authentication factors (if enabled), recovery codes, and login/security event logs.

B) Productivity and planning content

We process content you create or store in the Service, such as:

  • tasks, lists, goals, notes, and appointments; and
  • associated metadata used to support features (for example recurrence rules, links between objects, and sync settings).

C) Calendar integration information

If you connect Google Calendar, Microsoft Calendar, or CalDAV, we process information needed to provide the integration, including:

  • connection details and settings;
  • OAuth tokens (Google/Microsoft) or credentials you provide (CalDAV), stored encrypted at rest; and
  • calendar event data you choose to sync or manage through the Service (which may include event title/summary, description/body preview, and start/end times).

Depending on the integration and your actions, the Service may read and write calendar events (create/update/delete).

D) AI features information (AI Coach and Overwhelm Reset)

If you use AI features, we process:

  • prompts/messages and other content you submit;
  • responses generated by AI features; and
  • conversation metadata used to operate the feature.

AI Coach history: AI Coach conversations and related data are stored with your account so conversation history and related features can function.

AI training (Plan It Focus/Finn Advisor): We do not use your AI feature content to train our own general-purpose AI models by default.

OpenAI as our current AI model provider: Our AI features are currently powered by OpenAI's API. OpenAI states that data sent to the OpenAI API is not used to train or improve OpenAI models by default unless you explicitly opt in. OpenAI also states that, by default, abuse monitoring logs may contain prompts/responses and are retained for up to 30 days unless legally required longer, and that "Zero Data Retention"/"Modified Abuse Monitoring" may be available for eligible customers.

E) Billing and subscription information

If you subscribe, we process:

  • subscription status and plan tier;
  • Stripe customer/subscription identifiers and billing metadata; and
  • billing webhook/event records used to keep subscription status accurate.

Stripe processes payment card data. We do not store full payment card numbers.

F) Usage, diagnostics, and security logs

We process information about how the Sites and Service are accessed and used, including device/browser/app information, pages/screens used, and security logs (which may include IP address and user agent).

G) Accessibility/readability preferences

If you enable optional accessibility/readability features (for example, alternative fonts or display settings), we store your preference so the Service can apply it consistently. We treat these settings as usability preferences and do not use them to diagnose or infer health status.

3) Sources of Information

We collect information:

  • from you (account creation, content, settings);
  • from third-party services you connect (calendar providers, at your direction); and
  • automatically (usage, diagnostics, and cookies/similar technologies).

4) How We Use Information

We use information to:

  • provide, operate, maintain, and secure the Service;
  • authenticate users and prevent abuse (rate limiting/lockouts);
  • provide calendar integrations you choose to enable;
  • provide AI features (including generating AI Coach responses);
  • provide customer support;
  • process subscriptions and manage billing (via Stripe);
  • measure and improve the Sites and Service (analytics, where enabled); and
  • comply with law and enforce our Terms.

5) How We Disclose Information

A) Service providers (processors)

We share information with vendors that process data on our behalf to provide the Service, such as:

  • hosting/infrastructure providers (web/app/API hosting),
  • email delivery providers,
  • analytics providers (where enabled),
  • error monitoring providers,
  • billing (Stripe),
  • calendar APIs you connect (Google/Microsoft/CalDAV provider),
  • AI model provider (OpenAI),
  • export storage provider (where configured),
  • password breach checking (partial-hash method), and
  • avatar generation (if used).

These vendors are authorized to process information only as needed to provide services to us and are subject to contractual obligations.

B) Legal, safety, and compliance

We may disclose information if reasonably necessary to comply with law, respond to lawful requests, protect rights/safety, and prevent fraud or abuse.

C) Business transfers

We may disclose information in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets.

6) Cookies, Analytics, and Error Monitoring

A) Essential cookies/technologies

We use essential technologies to operate the Service, including authentication/session functionality.

B) Cookie consent and analytics

We provide a cookie consent experience on the Sites. Where required, we enable analytics that store or access information on your device only after you consent. You can also opt out of analytics associated with your account through in-app settings.

C) Error monitoring (Sentry)

We use Sentry to help detect, diagnose, and fix errors.

On our websites, client-side Sentry error monitoring is enabled only after you accept our cookie consent. If you do not consent, client-side Sentry will not initialize and user-level attribution (such as user ID/email) will not be set.

We may still collect server-side error logs and diagnostics to operate and secure the Service.

D) Do Not Track

Some browsers offer a "Do Not Track" signal. Our Sites do not currently respond to "Do Not Track" signals.

7) Your Choices and Rights

A) In-product controls

You can update account information and preferences, enable/disable MFA, opt out of analytics, set research preference status, and manage certain notification settings.

B) Data export

You can request an export of your account data in supported formats. Export files are time-limited and cleaned up automatically (typically available for ~24 hours).

C) Account deletion

You can request account deletion:

  • while signed in through the Service, or
  • without signing in through a public deletion request flow that uses an email confirmation token.

When you request deletion, we revoke active sessions and mark your account as deleted so it is no longer accessible. We schedule deletion for approximately 30 days after your deletion request. Because deletion may involve administrative processing, completion time can vary. Backup retention is described below.

D) U.S. state privacy rights

Depending on your location and applicable law, you may have rights to request access, deletion, or correction of personal information.

How to exercise rights: Email contactus@planitfocus.com. We may verify your request (for example, by confirming you control the account email address or asking you to Sign in).

E) EEA/UK rights (if applicable)

If applicable law gives you data protection rights (including in the EEA/UK), you may have rights to access, correct, delete, object, restrict processing, and request portability, and to withdraw consent where processing is based on consent.

Where applicable, we generally rely on:

  • contract (to provide the Service),
  • legitimate interests (security, abuse prevention, and improvement),
  • consent (for cookies/analytics where required), and
  • legal obligations.

8) International Transfers

We are based in the United States, and information may be processed in the United States and other countries where we and our service providers operate.

Where required for transfers of personal data from the EEA/UK to other countries, we use approved safeguards such as the European Commission Standard Contractual Clauses (Decision (EU) 2021/914) and the UK International Data Transfer Addendum/IDTA, as applicable.

9) Data Retention

We retain information for as long as reasonably necessary to provide the Service and for legitimate and lawful business purposes, including security, compliance, and dispute resolution.

Implementation-based points:

  • Export files expire automatically (typically ~24 hours).
  • Deletion confirmation tokens expire automatically (time-limited).
  • Account deletion removes access promptly via deletion/soft-delete; deletion completion may require administrative processing.
  • Backups: We maintain backups/snapshots. Deletions generally apply to active systems; backup copies expire through rotation. We retain backups for up to 45 days, aligned to our infrastructure backup retention settings.

10) Security

We use safeguards designed to protect information, including strong password hashing, optional MFA, token flows, rate limiting/lockout protections, and encryption at rest for certain sensitive secrets such as integration tokens and credentials.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11) Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

12) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Privacy Policy and update the Effective Date.

13) Contact Us

Email: contactus@planitfocus.com

Mail: Finn Advisor, LLC (d/b/a Plan It Focus)
2525 Arapahoe Ave Unit E4 PMB 1343
Boulder, CO 80302-6746

Security: security@planitfocus.com