Privacy Policy

This policy explains what data the Attentus desktop application and the Attentus Browser Handle browser extension (the “extension”) handle, why, and where it goes. Attentus is a focus tool that uses an on-device AI model to decide whether the tab you’re looking at matches what you said you’re working on, and closes or blocks it when it doesn’t.

1. Our core principle: nothing leaves your device

Attentus was deliberately built without a cloud backend for content analysis. The AI model that evaluates your tabs runs entirely on your own hardware — not on our servers, not on any third-party cloud service. The browser extension is a thin “handle” that lets the local app see and act on your tabs. It talks only to the Attentus app on your machine, over a loopback connection (http://localhost:11435) that is physically incapable of leaving your computer.

This is not just a policy commitment — it is architecture. There is no server endpoint that could receive your browsing data even if we wanted one.

2. What the extension accesses

To do its job, the extension reads the following from your browser and passes it to the local Attentus app:

This information is sent only to the Attentus app on 127.0.0.1. It is processed in the moment to make a focus decision and is not written to disk or transmitted anywhere.

3. What we do not collect

• We do not transmit your browsing history, page content, or screenshots to Attentus servers or to anyone else.
• We do not sell or share your data with third parties.
• We do not use the data for advertising, profiling, or any purpose unrelated to enforcing your focus session on your own device.
• There is no analytics SDK, telemetry, crash reporting, or usage tracking in either the app or the extension.
• There is no session replay, heatmapping, A/B testing framework, or any third-party script with access to your activity.
• We do not use any cloud AI service (OpenAI, Google, Anthropic, etc.) to process your tabs. The model is a local file on your disk.

4. The AI model runs on your hardware

When Attentus evaluates a tab, here is the complete data path:

1. Your browser extension captures a screenshot of the active tab.
2. That image is sent to http://127.0.0.1:11435 — the Attentus app running on your own computer.
3. The app passes the image to a local vision model (≈ 3.3 GB, stored at ~/.attentus/models/ on macOS or %APPDATA%\Attentus\models\ on Windows) running on your GPU or CPU.
4. The model returns a verdict: on-task or off-task.
5. The app instructs the extension to allow or close the tab.

At no step does any of your tab data leave your machine. You can confirm this yourself with a network monitor such as Little Snitch (macOS) or GlassWire (Windows): Attentus will show no outbound connections while a focus session is running.

5. The app’s network activity

The Attentus desktop app only ever downloads public files — it pulls data down, it never uploads your data up. Its entire outbound surface is two hosts, plus a connection that never leaves your computer:

• App updates — an anonymous request to attentus.app/update/appcast.json, a public file that is byte-for-byte identical for every user, and (when a newer version exists) the update download. The request has no body, no query parameters, and no cookies — there is no field in which your data could ride.
• AI model download — a one-time fetch of the ≈ 3.3 GB model file on first run, from atentus.tech (a Cloudflare-backed static file host we run purely to serve the model). It is a plain download — no body, no account, no identifying parameters.
• Local only — your browser extension talks to the app at http://127.0.0.1:11435. That traffic stays on your own machine and never reaches the network.

Subscription checks happen in your browser, not in the app. When Attentus needs to confirm your subscription, it opens your normal web browser — visible in the address bar — which carries only an anonymous, one-way hash of your device to mint a signed license. The app itself opens no connection to our servers for this; your browsing history, focus goals, and session data are never involved.

There are no analytics, no telemetry, and no error beacons — the app contains no tracking code of any kind.

Don’t take our word for it — verify it. A network monitor such as Little Snitch (macOS) or GlassWire (Windows) will show Attentus contacting only attentus.app (updates) and atentus.tech (the one-time model download), and nothing at all while a focus session is running. For full proof of content, route the app through a TLS-intercepting proxy (e.g. mitmproxy, Charles, or Proxyman): because you own your machine, you can decrypt your own traffic and read every request — you will see plain download requests and no upload of your data. Encryption hides traffic from third parties, never from you.

6. Account data, authentication & payments

Attentus uses two third-party services for account management and billing. Neither service has any access to your browsing data, tab screenshots, or focus sessions — those never leave your machine. Your account identity and your usage are architecturally separate: Clerk knows your email, not your tabs. Stripe knows your card, not your focus goals.

Authentication — Clerk

When you create an Attentus account (required only to subscribe — the 7-day trial works with no account at all), your sign-up is handled by Clerk, a third-party authentication provider. Clerk holds:

• Your email address and the authentication method you chose (email & password, or OAuth via Google/Apple).
• Session tokens used to keep you signed in.
• A subscription status flag (trial / active / expired) that Attentus sets via a secure webhook when your payment is confirmed.

Attentus does not pass any browsing history, tab data, focus goals, or session content to Clerk. The subscription flag is the only thing written to your Clerk profile by our servers. Clerk is governed by its own Privacy Policy.

Payments — Stripe

Subscriptions are processed by Stripe. When you subscribe, you are redirected to a Stripe-hosted checkout page. Attentus never sees your card number or full payment details — Stripe handles the transaction entirely. Stripe holds:

• Your billing email and the tokenised payment method (card type and last 4 digits, never the full number).
• Transaction history for your subscription (charges, refunds, invoices).
• Billing address, if you chose to enter one during checkout.

Attentus receives from Stripe only a confirmation that a payment succeeded or failed, used solely to update your subscription status in Clerk. Stripe is governed by its own Privacy Policy.

The 7-day free trial

The free trial requires no account and no payment method. A temporary anonymous token is minted for your device and stored on our server as a device hash — no name, no email, no identifiable data. If you later sign up for a subscription, that token is linked to your account. Otherwise it expires silently after 7 days.

7. Data retention

Tab data, page screenshots, and focus-session content are processed transiently by the local app and are never retained beyond what the app needs in the moment. Because nothing is uploaded, there is no server-side copy of your browsing activity to retain or delete.

Account data (email, plan status) is retained by Clerk for as long as your account exists. Payment records are retained by Stripe as required by financial regulations. You can request account deletion at any time by contacting us at dev@attentus.app.

8. Children’s privacy

Attentus is a productivity tool intended for general audiences and is not directed at children under 13. We do not knowingly collect personal information from children.

9. Changes to this policy

If we change how data is handled, we will update this page and revise the “Last updated” date above. Material changes will be communicated in the app and in the extension listing.

10. Contact

Questions about this policy or your data? Email dev@attentus.app.