Privacy Policy

Last Updated: November 3, 2025

This Privacy Policy describes how PUCA ("we", "our", or "us") collects, uses, and protects your personal information when you use our Chrome extension and website services.

1. Information We Collect

1.1 Authentication Information

When you create an account and log in to PUCA, we collect:

Email Address: Used for account identification and communication
User ID: A unique identifier assigned to your account
Authentication Tokens: JWT tokens used to verify your identity

1.2 Subscription Information

If you subscribe to PUCA Premium, we collect:

Subscription Status: Whether you have an active, trialing, or expired subscription
Subscription Periods: Start and end dates of your subscription
Payment Information: Handled securely by Stripe (we do not store credit card details)

1.3 Extension Settings

The extension stores your preferences locally on your device, including:

YouTube blocking preferences
Instagram blocking preferences
Website blocking list
Scheduling preferences

Note: These settings are stored locally in your browser and are not transmitted to our servers.

1.4 Website Usage

When you visit our website, we may collect:

IP address (for security and analytics)
Browser type and version
Pages visited and time spent
Referral source

2. How We Use Your Information

2.1 Authentication and Authorization

We use your authentication information to:

Verify your identity when you log in
Grant access to PUCA Premium features
Prevent unauthorized access to your account

2.2 Subscription Management

We use your subscription information to:

Provide access to premium features
Process payments through Stripe
Manage subscription renewals and cancellations
Send subscription-related notifications

2.3 Service Improvement

We use aggregated, anonymized data to:

Improve our extension functionality
Fix bugs and technical issues
Understand how users interact with our service

3. How We Store Your Information

3.1 Extension Storage

Authentication tokens and user preferences are stored locally in your browser using Chrome's encrypted storage system (chrome.storage.local). This data:

Is encrypted by Chrome's security systems
Remains on your device
Is never transmitted to our servers except for authentication and subscription verification

3.2 Server Storage

Your account information and subscription data are stored securely on Supabase servers, which:

Are protected by industry-standard security measures
Use encryption at rest and in transit
Comply with GDPR and other privacy regulations

4. Third-Party Services

4.1 Supabase

We use Supabase for:

User authentication
Database storage
API services

Supabase's privacy policy: https://supabase.com/privacy

4.2 Stripe

We use Stripe for:

Payment processing
Subscription management

Stripe's privacy policy: https://stripe.com/privacy

Important: We do not store your credit card information. All payment data is handled securely by Stripe.

5. Data Security

We implement security measures to protect your information:

Encryption: All data transmitted between your browser and our servers uses HTTPS encryption
Token Security: Authentication tokens expire automatically (access tokens: 1 hour, refresh tokens: 30 days)
Row Level Security: Database access is restricted so users can only access their own data
Server-Side Validation: All authentication and subscription checks are verified on our servers, not in the extension code

6. What We DON'T Collect

PUCA does NOT collect:

Your browsing history (except for websites you explicitly add to your block list)
Personal information from websites you visit
Credit card information (handled by Stripe)
Passwords (handled securely by Supabase)
Data from other Chrome extensions

7. Your Rights

You have the right to:

Access: Request a copy of your personal data
Correction: Update or correct your account information
Deletion: Request deletion of your account and data
Data Portability: Export your extension settings
Opt-Out: Cancel your subscription at any time

To exercise these rights, please contact us using the information provided below.

8. Data Retention

We retain your information for as long as necessary to:

Provide our services to you
Comply with legal obligations
Resolve disputes

When you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal purposes.

9. Children's Privacy

PUCA is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date
Sending you an email notification (for significant changes)

Your continued use of PUCA after any changes constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@pucafocus.com

Website: www.pucafocus.com

12. Compliance

This Privacy Policy is designed to comply with:

General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
Chrome Web Store Developer Program Policies