Sumi
MissionFeaturesPricingSign inDownload free
on this page
OverviewData Stored on Your DeviceData We CollectAccount DataiOS App PermissionsChrome Extension PermissionsThird-Party ServicesData Retention and DeletionChildren's PrivacyChangesContact
legal

Privacy Policy

Last updated July 10, 2026
Shft is built to work with as little of your data as possible. Here is exactly what stays on your device and what we sync.
01

Overview

Shft is a focus tool that blocks distracting websites and apps during focus sessions. Shft is available as a desktop app (macOS/Windows), an iOS app, and a Chrome extension. Your privacy is important to us, and Shft is designed to work with minimal data.

02

Data Stored on Your Device

Shft stores data locally on your device to function. This includes authentication tokens, session state, blocked app and website selections, presets, schedules, and your plan limits.

On iOS, the apps and websites you choose to block are represented as opaque tokens provided by Apple's Screen Time API. Shft cannot read or access the names of the apps or websites you select — only Apple's system frameworks can interpret these tokens to apply blocking.

On the Chrome extension, data is stored locally using Chrome's built-in storage API.

03

Data We Collect

We do not collect the contents of the pages you visit, your full browsing or watch history, your keystrokes, or screenshots, and we never sell your personal data.

To show you your own focus statistics, Shft records how much time you spend on the specific apps and websites you have chosen to track. The desktop app and Chrome extension measure per-app and per-website time, and the extension syncs a daily per-domain time summary (each domain and the seconds spent on it) to your account so your statistics are available across your devices. On iOS, this per-app data stays on your device as opaque Screen Time tokens that only Apple's frameworks can interpret.

When you sign in, Shft also communicates with our servers to sync your active focus session (start time, end time, mode, and configured domain lists) and your plan limits. Session metadata (start time, end time, duration, mode, and whether the session ended early) is stored in our database to enable cross-device syncing and statistics.

If you use Intent Mode, we collect the target you requested to unblock, the reason you provided, an optional feeling you select to describe how you're doing, and the outcome (whether you proceeded or stayed focused). This data is used to generate your personal statistics.

04

Account Data

When you create a Shft account, we store your email address and subscription status via Supabase (our authentication and database provider). Authentication is by email and password, confirmed with a one-time verification code sent to your email. Payment processing is handled by Stripe (web) and Apple (iOS App Store). We do not store your payment details.

We also store a device identifier for each device you sign in on (up to 5 devices per account) to enable cross-device session syncing and push notifications. On iOS, this identifier is stored in your device's Keychain.

05

iOS App Permissions

The iOS app requests only the permissions necessary for its functionality:

  • Screen Time — uses Apple's Family Controls framework to block apps and websites during focus sessions. Shft requests individual authorization (not parental controls). All blocking is self-imposed and user-initiated.
  • Notifications — sends push notifications for cross-device session sync and session reminders.
  • Camera — used exclusively for scanning QR codes to import or share presets and schedules. No photos or videos are captured or stored.
  • VPN Configuration — used for DNS-based website filtering. The VPN runs locally on your device and does not route traffic through any external server.
06

Chrome Extension Permissions

The Chrome extension requests only the permissions necessary for its functionality:

  • storage — saves authentication tokens and session state locally
  • alarms — syncs session state with the desktop app every 30 seconds
  • scripting — injects content scripts to hide algorithmic feeds on supported sites
  • tabs — finds open tabs on supported sites to apply blocking when a session starts
  • webNavigation — intercepts navigation to blocked websites in Intent Mode
  • idle — detects when your computer is idle so per-website time tracking pauses accurately
  • nativeMessaging — connects to the Shft desktop app the extension works alongside (the extension has no independent login of its own)
  • host permission (all URLs, optional) — requested after sign-in to enable site blocking and feed hiding across all websites. Only granted with your explicit consent.
07

Third-Party Services

Shft uses the following third-party services:

  • Supabase — authentication, database, and real-time session syncing
  • Stripe — payment processing for web subscriptions
  • Apple — in-app purchase and subscription management on iOS
08

Data Retention and Deletion

You can delete your account at any time from the Account tab in the app or from the dashboard on the website. When you delete your account, all associated data (sessions, statistics, presets, schedules, and device records) is permanently removed from our servers.

09

Children's Privacy

Shft is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

10

Changes

We may update this policy from time to time. Any changes will be reflected on this page with an updated date.

11

Contact

If you have questions about this policy, reach out via our feedback page.

© 2026 Sumi
PricingPrivacyFeedbackSign in