Privacy Policy

Last Updated: June 3, 2026

Brainsoft Oy
Email: privacy@brnsft.com
Website: www.brnsft.com


Our Privacy Commitment

We believe your productivity data is personal and should stay that way. This Privacy Policy explains what data we collect, why we collect it, and how we protect your privacy across all our services.

Key Principles:

  • Personal Mode by default - Ikuna is designed first for individual productivity and focus.
  • Clear when data is shared - Sync, account, analytics, and future organization reporting are described separately.
  • Minimal telemetry - Cloud analytics uses limited, privacy-shaped events rather than raw workspace names, app names, window titles, file paths, or content.
  • No selling - We never sell your personal data.

Table of Contents

  1. What This Policy Covers
  2. Data We Collect
  3. How We Use Your Data
  4. Data Storage and Security
  5. Third-Party Services
  6. Your Rights (GDPR)
  7. Cookies and Tracking
  8. Children's Privacy
  9. Changes to This Policy
  10. Contact Us

What This Policy Covers

This Privacy Policy applies to:

  • Ikuna - Our macOS productivity tracking application
  • Our Website - www.brnsft.com and associated domains
  • Any other services - Current or future services we may offer

Data We Collect

1. Ikuna Application

A. Productivity and Workspace Data

Ikuna processes productivity and workspace data to provide dashboard, focus, workspace restoration, sync, account, and related app features. Depending on the features you use, this may include:

  • Application names and window titles you use
  • Activity levels (Actions Per Minute - APM)
  • Context switches between applications
  • Deep work session durations
  • Break times and idle periods
  • Workspace configurations, apps, positions, and settings

In Personal Mode, detailed productivity data is processed for your individual use. If you enable sync, account, backup, or future organization reporting features, selected data may be transmitted or shared as described in this Privacy Policy and in the applicable feature UI.

B. Analytics and Telemetry Data

To improve Ikuna, diagnose issues, and understand feature usage, we may collect limited telemetry via Google Analytics 4 and PostHog. Pro and Legacy users can use Opt Out of Analytics & Telemetry in Settings > Account to stop app usage events, research buckets, functional app telemetry, and crash reports sent to Ikuna's analytics providers.

Users who skip account creation enter a no-account shadow mode after onboarding. In that mode, Ikuna may send onboarding telemetry, then stops cloud analytics after onboarding completes unless the user later creates an account or enables features that require data sharing.

System Information:

  • Country (from system locale, not IP address)
  • Language preference
  • Timezone offset
  • macOS version
  • App version
  • Subscription tier (free/premium)

Usage Events:

  • App launches and closes
  • Feature usage (which screens you visit)
  • Workspace switches
  • Settings changes
  • Onboarding completion
  • Whether account creation was skipped during onboarding

Workspace Metadata (Derived):

  • Workspace type (work/personal/development/creative/etc.) - detected from keywords
  • Name length and word count
  • Whether workspace has emojis or numbers
  • Whether the name has date-like text, separators, or title/upper/lowercase styling
  • Whether the name appears generic, too short, too long, or descriptive
  • Whether default name is used
  • NOT the actual workspace name

App Metadata (Derived):

  • Coarse app-name length and word-count buckets
  • Whether an app name has numbers or separators
  • NOT the actual app name, bundle identifier, or window title

What We Don't Collect:

  • Raw workspace names or hashes of workspace names
  • Raw app names, bundle identifiers, or window titles in cloud analytics
  • Keystrokes, screenshots, screen recordings, or window contents
  • File contents
  • Browsing history as a cloud analytics feed
  • Personal names or email addresses in product analytics, except where you explicitly create or use an Ikuna account

Legal Basis: Contract performance for features you request (GDPR Art. 6(1)(b)), legitimate interests for product improvement, diagnostics, security, and limited telemetry (GDPR Art. 6(1)(f)), consent where requested (GDPR Art. 6(1)(a)), and legal obligations where applicable (GDPR Art. 6(1)(c)).

2. Website (www.brnsft.com)

A. Data Collected Automatically

When you visit our website, we automatically collect:

Usage Data:

  • Pages viewed
  • Time spent on pages
  • Clicks and navigation patterns
  • Session statistics
  • Referral sources (how you found us)

Device Information:

  • Device type and operating system
  • Browser type and version
  • Language preference
  • IP address and approximate location (country/city level)

Legal Basis: Legitimate interest in website analytics and security (GDPR Art. 6(1)(f))

B. Data You Provide

If you contact us or fill out forms:

  • Name and email address
  • Message content
  • Any other information you choose to provide

Legal Basis: Consent (GDPR Art. 6(1)(a)) or contract performance (GDPR Art. 6(1)(b))


How We Use Your Data

Ikuna Application

  • Improve the app: Understand which features are used and prioritize development
  • Fix bugs: Identify and resolve technical issues
  • Measure engagement: Track retention and user satisfaction
  • Optimize performance: Ensure compatibility across macOS versions
  • Understand usage patterns: Learn how different user types use Ikuna (developers vs. designers, etc.)

Website

  • Operate and secure: Keep the website running and protected
  • Analytics: Understand visitor behavior and improve content
  • Communication: Respond to your inquiries
  • Marketing: Measure campaign effectiveness

Data Storage and Security

Ikuna Application

Personal Mode Storage:

  • Ikuna stores app preferences and productivity data in macOS application storage such as ~/Library/Application Support/Ikuna/
  • Data may be stored in local databases such as Core Data/SQLite
  • Sync, backup, account, or organization features may transmit selected data when enabled or used

Analytics Data:

  • Transmitted over HTTPS to Google Analytics and PostHog
  • Stored by those providers according to their privacy and retention practices
  • Retained for 14 months, then automatically deleted

Security Measures:

  • Local app data is protected by macOS file permissions
  • Analytics transmission uses encrypted HTTPS
  • We limit cloud telemetry to privacy-shaped events and derived/bucketed fields

Website

Hosting:

  • Hosted on Squarespace servers (United States)
  • Protected by industry-standard security measures
  • HTTPS encryption for all connections

Third-Party Services

We use the following third-party services that may process your data:

Google Analytics 4

  • Provider: Google LLC
  • Purpose: App and website analytics
  • Data Processed: Usage statistics, device info, pseudonymous analytics identifiers, privacy-shaped events
  • Location: United States
  • Privacy Policy: Google Privacy Policy
  • Opt-out: Google Analytics Opt-out

Squarespace

  • Provider: Squarespace, Inc.
  • Purpose: Website hosting and platform services
  • Data Processed: Device info, geography, language, usage data
  • Location: United States
  • Privacy Policy: Squarespace Privacy Policy

Google Tag Manager

  • Provider: Google LLC
  • Purpose: Manage website tracking tags
  • Data Processed: Trackers, usage data
  • Location: United States
  • Privacy Policy: Google Privacy Policy

Meta Events Manager (Facebook Pixel)

  • Provider: Meta Platforms, Inc.
  • Purpose: Website analytics and advertising
  • Data Processed: Browsing history, clicks, trackers, usage data
  • Location: United States
  • Privacy Policy: Meta Privacy Policy
  • Opt-out: Your Meta account settings and browser settings

Paddle (Payment Processing)

  • Provider: Paddle.com Market Limited
  • Purpose: Payment processing and license management
  • Data Processed: Payment information, email, license details
  • Location: United Kingdom/United States
  • Privacy Policy: Paddle Privacy Policy

PostHog

  • Provider: PostHog, Inc.
  • Purpose: Product analytics, feature management, and error tracking
  • Data Processed: Usage events, device info, subscription tier, pseudonymous analytics identifiers, account identifiers for authenticated users, and sanitized exception data
  • Location: United States / EU
  • Privacy Policy: PostHog Privacy Policy

Your Rights (GDPR)

If you are in the European Union, you have the following rights:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data.

For Ikuna: You may uninstall the app to remove local app data from your device. For account, sync, organization, or analytics data, contact us at privacy@brnsft.com.

Right to Restriction

Request that we limit how we use your data.

Right to Data Portability

Request your data in a machine-readable format.

Right to Object

Object to processing based on legitimate interests.

Right to Withdraw Consent

Withdraw consent at any time (where processing is based on consent).

How to Exercise Your Rights

Email us at: privacy@brnsft.com

We will respond within 30 days as required by GDPR.


Cookies and Tracking

Website Cookies

Our website uses cookies and similar tracking technologies:

Essential Cookies:

  • Session management
  • Security features
  • Required for website functionality

Analytics Cookies:

  • Google Analytics
  • Meta Pixel
  • Usage tracking

Managing Cookies: You can control cookies through:

  • Your browser settings
  • Our cookie consent banner (when you first visit)
  • Third-party opt-out tools

Ikuna Application

The Ikuna app does not use cookies. It stores:

  • User preferences in macOS UserDefaults
  • Productivity and workspace data in local databases
  • A random or pseudonymous analytics identifier when telemetry is enabled
  • A no-account shadow mode preference when account creation is skipped
  • Privacy settings: Pro users can opt out of analytics in Settings > Account.

Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@brnsft.com.


Data Retention

Ikuna Application

  • Personal Mode app data: Retained on your device until you delete it or uninstall the app
  • Account/sync/organization data: Retained as needed to provide the relevant feature, comply with law, resolve disputes, and enforce agreements
  • Analytics data: Automatically deleted after 14 months where supported by the provider configuration

Website

  • Analytics data: Retained according to third-party policies (typically 14-26 months)
  • Contact form data: Retained as long as necessary to respond to your inquiry

International Data Transfers

We are based in Finland (EU), but some of our service providers are in the United States:

  • Google Analytics (US)
  • Squarespace (US)
  • Meta (US)

These transfers are protected by:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Privacy Shield successor frameworks (where applicable)

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Updating the "Last Updated" date at the top
  • Posting a notice on our website
  • Sending an email notification (if we have your email)
  • In-app notification (for Ikuna users)

Your continued use of our services after changes constitutes acceptance of the updated policy.


Contact Us

For privacy questions, to exercise your rights, or to report concerns:

Email: privacy@brnsft.com
Website: www.brnsft.com
Company: Brainsoft Oy (Finland)

Data Protection Officer: For GDPR inquiries, contact privacy@brnsft.com


Legal Information

Data Controller:
Brainsoft Oy
Finland
privacy@brnsft.com

Supervisory Authority:
If you are in the EU and have concerns about how we handle your data, you can lodge a complaint with your local data protection authority or the Finnish Data Protection Ombudsman.


Last Updated: June 3, 2026
Version: 1.1