The short version: Your tasks, lists, notes, and focus sessions live on your device and, when you're signed in to iCloud, sync privately across your Apple devices through Apple's iCloud service — Ebbi has no servers that hold them. We collect only your email address if you joined the email list or optionally provided one when sending feedback, the text of any feedback you choose to send us from within the app, your subscription status through the App Store, and anonymized crash and usage diagnostics to keep the app stable. We do not sell or share your personal information, and we do not use your data for advertising. We may evolve Ebbi over time to add features such as expanded sync, sharing, or new platforms; if any change affects how your content is stored or transmitted, we will update this policy and notify you in-app before the change takes effect. Platform note: the specifics above describe Apple devices. On Android, Ebbi collects less: there is no iCloud sync (your content stays on your device) and no analytics or crash-reporting service, and subscription status is verified through Google Play using RevenueCat. Where a data practice differs by platform, the sections below say so.
Ebbi is a focus companion built for people with ADHD, developed and published by The Forge Hut, LLC, a limited liability company organized under the laws of the State of Kansas, United States.
Ebbi is offered worldwide in Apple App Store territories, with the following exceptions: we do not offer Ebbi in the European Union, European Economic Area, United Kingdom, Switzerland, China, or Russia. Residents of those excluded jurisdictions will not find Ebbi available in their App Store.
Ebbi is available on Apple devices (iPhone and iPad) through the Apple App Store and on Android devices through Google Play, offered in the same territories with the same exclusions listed above. Where our data practices differ between the two platforms, this policy notes the difference inline using the labels "On Apple devices" and "On Android devices."
For the purposes of the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, the "CCPA/CPRA"), Canadian privacy law (including PIPEDA and Quebec Law 25), and the privacy laws of other jurisdictions where Ebbi is offered, The Forge Hut, LLC acts as the data controller (or, for CCPA/CPRA, the "business") for any personal data we process.
You can reach us at any time at [email protected].
Ebbi runs on both Apple devices and Android devices, and the two builds do not collect the same data. This subsection summarizes the differences; the detailed subsections below note them inline as well.
All content you create inside Ebbi (every task, list, project, note, focus session, and any setting or preference) is stored on your device. When you are signed in to iCloud, this content also syncs privately across your other Apple devices through Apple's iCloud service. Ebbi does not run servers that hold this content; we do not collect it, view it, store it on our infrastructure, or transmit it to any third party. It belongs entirely to you.
On Android devices: your content is stored on the device only. Android builds do not use iCloud or any other cloud sync, so the iCloud statements in this section do not apply on Android. As on Apple devices, Ebbi runs no servers that hold your content and does not transmit it to any third party; you can clear it on the device through Settings.
This includes the detailed per-session telemetry Ebbi captures to enable on-device intelligence (the kind of feedback that helps you spot patterns in your own focus over time): each task's interaction timeline (pauses, time-extension taps, skip vs done early), per-task soundscape pinning, pause events with trigger and duration, settings snapshots taken at session start, and aggregate session counters. All of this lives in the Ebbi app's container on your device, in JSON files plus an indexed SQLite database, and (when you are signed in to iCloud) syncs to your iCloud account. None of it is shared with third parties. You can delete it via Settings → Delete All My Data, which clears the local store immediately; iCloud-synced copies are removed in the normal course of iCloud sync.
Future features. We may, in the future, introduce new capabilities such as expanded cross-device sync, optional sharing of plans or sessions, additional platforms beyond iOS, or aggregate analytics. Some of these features may involve transmitting content to or storing content on infrastructure operated by us or our service providers. If we introduce any feature that changes the way your content is stored or transmitted as described above, we will update this policy and notify you in-app before the change takes effect. Where the law requires your consent for the new processing, we will obtain it before the change applies to you.
We also do not collect:
Ebbi uses two third-party services for anonymized diagnostics and stability reporting. We disclose both here so you know exactly what reaches third parties. Neither receives your tasks, lists, notes, schedules, or email address.
You can disable product usage signals to TelemetryDeck at any time in the app's Settings (the "Share anonymous usage data" toggle). Crash reports continue to be collected so the app can be repaired. Neither service includes behavioral advertising or any cross-app tracking.
On Android devices: Ebbi does not use TelemetryDeck, Firebase Crashlytics, or any other analytics or crash-reporting service. The Android app contains no analytics SDK and no crash-reporting SDK, so the diagnostics described in this section apply to Apple devices only.
Ebbi uses a Cloudflare Workers backend operated by The Forge Hut to deliver Live Activity updates (the rich Dynamic Island and Lock Screen indicators that show your current task and timer) and to receive anonymous aggregate counters about session lifecycle events. We disclose both flows here so you know exactly what reaches our infrastructure.
The Cloudflare Worker that handles both flows runs on Cloudflare's global edge network. We do not store the content of your tasks, lists, notes, or schedules on this Worker. The only schedule data the Worker holds is the timestamp list for the upcoming Live Activity boundaries of an active session, which is automatically discarded when the session ends.
On Android devices: Ebbi does not use Live Activities or the Cloudflare Workers backend described in this section. The Android home and lock screen widget is rendered entirely on the device from local data; Ebbi sends no push tokens, schedule boundaries, session IDs, or session telemetry to any server. The flows described in this section apply to Apple devices only.
If you submitted your email address to join the Ebbi email list, contacted us for support, or sent feedback from within the app and optionally provided an email address so we could reply, we store your email address for those purposes only. Providing an email address with in-app feedback is optional; we will not add it to any marketing list without your separate consent. Email List submission is voluntary and consent-based. You can withdraw consent and request deletion at any time (see Section 10).
When you submit feedback through the Send Feedback screen in the Ebbi app, we receive:
Your feedback message is not stored in a searchable database or analytics system. It is relayed via email infrastructure to our support inbox, where it is retained until you or we delete it. You may request deletion of any feedback you have sent us at any time (see Section 10).
When you purchase an Ebbi subscription through the Apple App Store or Google Play Store, the payment transaction is handled entirely by Apple or Google. We receive only a transaction receipt and basic subscription status (active, expired, cancelled, in trial) sufficient to unlock app features. We do not receive or store your payment card details, billing address, or full purchase history. Apple's and Google's own privacy policies govern their handling of your payment data.
Subscription verification through RevenueCat. On Android devices, and on Apple devices running app version 1.1 and later, Ebbi uses RevenueCat (operated by RevenueCat, Inc., United States) to verify your subscription status with the app store and determine whether Pro features should unlock. RevenueCat receives the app store purchase token, an anonymized RevenueCat app-user identifier generated on your device (not your Apple ID, Google account, or email address), device identifiers, and your IP address, used solely to validate the subscription. RevenueCat does not receive your tasks, lists, notes, schedules, or email address, and acts as our data processor. Apple devices running app version 1.0 verify subscriptions directly through Apple without RevenueCat. See the RevenueCat Privacy Policy.
Under the CPRA, "sensitive personal information" includes information concerning a consumer's health. Ebbi is positioned as a general-wellness productivity tool and is not a medical device. We do not knowingly collect sensitive personal information as that term is defined in Cal. Civ. Code § 1798.140(ae). The ADHD-related content you create inside Ebbi is stored on your device and synced through your iCloud account when you are signed in; it is not transmitted to or stored by The Forge Hut. Because we do not collect sensitive personal information, there is no "Limit the Use of My Sensitive Personal Information" choice to offer; if that changes, we will update this policy and provide a mechanism.
We use the data we collect for the following purposes only:
We do not use your data for profiling, automated decision-making producing legal or similarly significant effects, cross-context behavioral advertising, or any purpose not listed above.
We process personal data on the following bases, which align with the core concepts used by the privacy laws of the jurisdictions where Ebbi is offered:
The following categories of recipients may process personal data on our behalf, each as a service provider or data processor under applicable law (including the CCPA/CPRA and the privacy laws of the other jurisdictions where Ebbi is offered). We have the contractual agreements required by applicable law with each.
Platform note: TelemetryDeck (Section 5.3), Firebase Crashlytics (operated by Google, Section 5.2), and the Live Activity and aggregate-telemetry Cloudflare Workers backend (Section 5.4) currently apply to Apple devices only. On Android devices, Ebbi does not use an analytics SDK, a crash-reporting SDK, or that Cloudflare app backend; the recipients that apply on Android are Google (Google Play billing), Cloudflare (website hosting and the in-app feedback endpoint), RevenueCat (subscription verification, Section 5.7), and our email delivery provider.
App distribution and subscription billing for iOS users is handled by Apple, Inc. Apple's data practices are governed by the Apple Privacy Policy. Apple participates in the EU-U.S. Data Privacy Framework, the UK Extension, and the Swiss-U.S. Data Privacy Framework.
App distribution and subscription billing for Android users (when Android support is offered) is handled by Google, LLC, whose data practices are governed by the Google Privacy Policy. Google also operates Firebase Crashlytics (see Section 2.2). Google is certified under the EU-U.S. Data Privacy Framework, the UK Extension, and the Swiss-U.S. Data Privacy Framework.
See Section 2.2. TelemetryDeck is based in Germany and processes data on servers in the European Union. See the TelemetryDeck Privacy Policy.
The ebbi.app website is served by Cloudflare Pages. The Ebbi iOS app's Live Activity push delivery and anonymous aggregate telemetry are handled by a Cloudflare Workers backend operated by The Forge Hut on Cloudflare's global edge network (see Section 2.2.1 for what each flow transmits). Cloudflare processes server logs, caches static content, and provides the edge runtime for our Workers. Cloudflare is certified under the EU-U.S. Data Privacy Framework. See the Cloudflare Privacy Policy.
Outbound email from Ebbi, including email list confirmations, in-app feedback relays, and support replies, is delivered through a third-party email delivery service that acts as a data processor on our behalf. That provider is located in the United States and is certified under the EU-U.S. Data Privacy Framework. The provider processes message content and recipient addresses solely to deliver messages on our behalf and does not use that data for its own purposes. Your email address is not shared with any third-party email marketing service or advertiser.
The categories of third parties that may receive personal information: analytics service providers (TelemetryDeck), crash reporting service providers (Firebase / Google), platform providers (Apple, Google Play), infrastructure providers (Cloudflare), and email delivery service providers. We do not disclose personal information to third parties for their own advertising or marketing purposes, and we do not engage in cross-context behavioral advertising.
On Android devices, and on Apple devices running app version 1.1 and later, your subscription status is verified through RevenueCat, Inc. (United States). See Section 2.5 for the specific data RevenueCat receives and does not receive. RevenueCat acts as our data processor and may process data in the United States. See the RevenueCat Privacy Policy.
We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law.
If you are a resident of a U.S. state with a comprehensive consumer privacy law (including but not limited to California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Kentucky, Rhode Island, New Hampshire, New Jersey, Delaware, Maryland, Minnesota, Nebraska, and Florida), you may have one or more of the following rights, depending on your state of residence.
California residents have each of the rights above, plus the right to limit the use and disclosure of sensitive personal information (not applicable here because we do not collect sensitive personal information; see Section 2.6). We do not sell or share personal information as those terms are defined in Cal. Civ. Code § 1798.140. We have not sold personal information in the preceding 12 months.
The Texas Data Privacy and Security Act applies to any business targeting Texas residents, without a revenue threshold. Texas residents have the access, delete, correct, portability, and opt-out rights listed above.
Several states (including Virginia, Colorado, Connecticut, Oregon, and New Jersey) require affirmative opt-in consent before processing sensitive personal data, which some laws define to include information about physical or mental health. Ebbi's focus and task data is stored on your device and synced through your iCloud account when you are signed in; The Forge Hut does not collect, transmit, or process this content on its own infrastructure. We therefore do not process sensitive personal data of this kind. If a future feature changes how this content is processed, we will update this policy and obtain any required consents before the change applies to you.
To exercise any state privacy right, email [email protected] with "State Privacy Request" in the subject line and identify your state of residence. We respond to verified requests within 45 days (or the shorter period required by your state). We may need to verify your identity before fulfilling the request. An authorized agent may submit a request on your behalf with written authorization.
If you are a resident of Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and, if you reside in Quebec, the Act to modernize legislative provisions as regards the protection of personal information ("Law 25"), may apply to our processing of your personal data.
You may also file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or, for Quebec residents, the Commission d'accès à l'information du Québec (cai.gouv.qc.ca).
Ebbi is offered in Apple App Store territories worldwide except the European Union, European Economic Area, United Kingdom, Switzerland, China, and Russia (see Section 1). Many of those territories have their own consumer privacy laws. We honor the following core rights for residents of those jurisdictions, to the extent those rights are granted by applicable local law:
Specific notes for certain jurisdictions:
For any other jurisdiction where Ebbi is offered and local law grants privacy rights, we will honor those rights on request. To exercise any of these rights, email [email protected] with your country of residence in the subject line. We will respond within 30 days or within the shorter period required by your local law.
Deleting the Ebbi app from your device removes all Ebbi content stored locally on that device. The app's Settings screen also includes a "Delete All My Data" option that clears local content without uninstalling. When you are signed in to iCloud, your Ebbi content also lives in your iCloud account; you can manage that copy through Apple's iCloud settings (Settings → [your name] → iCloud → Manage Account Storage), and Apple's iCloud retention is governed by Apple's privacy policy. Because The Forge Hut does not store this content on its own infrastructure, there is nothing on our end to delete.
To have your email address removed from our email list, you can:
We will process your request and permanently delete your email address within 30 days. We will confirm deletion by email before removing your address.
Subscription records retained for tax and accounting purposes (see Section 6) will be deleted at the end of the applicable retention period. Earlier deletion is subject to legal recordkeeping obligations.
Ebbi is not directed to and is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information as soon as reasonably practicable.
If you believe that a child under 13 has provided us with personal information, please contact [email protected].
The Children's Online Privacy Protection Act (COPPA) applies to operators of commercial websites and online services directed to children under 13. It does not require parental consent for users aged 13 and older. We do not impose an age gate for users 13 and older; the product does not collect personal information that would make such a gate legally required. U.S. state-level laws protecting minors aged 13 through 17 may apply in some states; where applicable, we will honor the rights and protections those laws provide.
The Forge Hut, LLC is based in the United States. Personal data we process may be transferred to, stored, or processed in the United States, the European Union (where TelemetryDeck's servers are located), or other jurisdictions where our service providers operate. Apple, Google, and Cloudflare operate globally and may process data in any of their data-center regions.
By submitting your email address or using Ebbi, you acknowledge that your data may be transferred to and processed in the United States and other jurisdictions as described above. Where applicable law in your country of residence requires specific transfer mechanisms, we rely on lawful mechanisms such as our service providers' certifications or contractual commitments.
Global Privacy Control (GPC) is a browser-level signal that allows consumers to opt out of the sale and sharing of their personal information. Our website at ebbi.app is designed not to sell or share personal information for cross-context behavioral advertising in the first place, so there is nothing for a GPC signal to opt you out of. If that ever changes, we will honor GPC signals as required by California law and by any other state that adopts an equivalent requirement.
We take the security of your data seriously. Our email infrastructure is maintained with industry-standard security practices, including:
App content (tasks, lists, settings) is stored on your device and, when you are signed in to iCloud, syncs through Apple's iCloud service. Your focus data is therefore protected by the security features of your operating system and Apple's iCloud security architecture. We encourage you to use a strong device passcode or biometric lock and to enable two-factor authentication on your Apple ID.
No method of transmission or storage is 100% secure. While we work to protect your information, we cannot guarantee absolute security. If you believe your data has been compromised, please contact us immediately at [email protected].
We may update this Privacy Policy from time to time as our practices evolve or as required by law. When we make changes, we will update the "Last updated" date at the top of this page.
For material changes (changes that significantly affect your rights or how we handle your data), we will notify email list subscribers by email before the changes take effect. We encourage you to review this page periodically.
Your continued use of Ebbi after a policy update constitutes your acceptance of the revised policy, except where additional consent is required by law.
If you have questions, concerns, or requests related to this Privacy Policy or how we handle your personal data, please reach out:
The Forge Hut, LLC
Auburn, Kansas, United States
Email: [email protected]
Website: ebbi.app
We aim to respond to all privacy-related inquiries within 5 business days, and to fulfill verified data-rights requests within 30 days (or 45 days for California residents, with an extension where permitted by statute).