Sumi

Privacy Policy

Last updated: June 12, 2026

Overview

Sumi is a focus tool that blocks distracting websites and apps during focus sessions. Sumi is available as a desktop app (macOS/Windows), an iOS app, and a Chrome extension. Your privacy is important to us, and Sumi is designed to work with minimal data.

Data Stored on Your Device

Sumi stores data locally on your device to function. This includes authentication tokens, session state, blocked app and website selections, presets, schedules, and your plan limits.

On iOS, the apps and websites you choose to block are represented as opaque tokens provided by Apple's Screen Time API. Sumi cannot read or access the names of the apps or websites you select — only Apple's system frameworks can interpret these tokens to apply blocking.

On the Chrome extension, data is stored locally using Chrome's built-in storage API.

Data We Collect

Sumi does not track your browsing history, watch history, or any activity on the websites or apps you use. We do not sell any personal data.

When you sign in, Sumi communicates with our servers to sync your active focus session (start time, end time, mode, and configured domain lists) and your plan limits. Session metadata (start time, end time, duration, mode, and whether the session ended early) is stored in our database to enable cross-device syncing and statistics.

If you use Intent Mode, we collect the target you requested to unblock, the reason you provided, and the outcome (whether you proceeded or stayed focused). This data is used to generate your personal statistics.

Account Data

When you create a Sumi account, we store your email address and subscription status via Supabase (our authentication and database provider). Authentication is available via Google sign-in or email/password with a one-time verification code. Payment processing is handled by Stripe (web) and Apple (iOS App Store). We do not store your payment details.

We also store a device identifier for each device you sign in on (up to 5 devices per account) to enable cross-device session syncing and push notifications. On iOS, this identifier is stored in your device's Keychain.

iOS App Permissions

The iOS app requests only the permissions necessary for its functionality:

  • Screen Time — uses Apple's Family Controls framework to block apps and websites during focus sessions. Sumi requests individual authorization (not parental controls). All blocking is self-imposed and user-initiated.
  • Notifications — sends push notifications for cross-device session sync and session reminders.
  • Camera — used exclusively for scanning QR codes to import or share presets and schedules. No photos or videos are captured or stored.
  • VPN Configuration — used for DNS-based website filtering. The VPN runs locally on your device and does not route traffic through any external server.

Chrome Extension Permissions

The Chrome extension requests only the permissions necessary for its functionality:

  • storage — saves authentication tokens and session state locally
  • alarms — syncs session state with the desktop app every 30 seconds
  • scripting — injects content scripts to hide algorithmic feeds on supported sites
  • tabs — finds open tabs on supported sites to apply blocking when a session starts
  • webNavigation — intercepts navigation to blocked websites in Intent Mode
  • host permission (all URLs, optional) — requested after sign-in to enable site blocking and feed hiding across all websites. Only granted with your explicit consent.

Third-Party Services

Sumi uses the following third-party services:

  • Supabase — authentication, database, and real-time session syncing
  • Stripe — payment processing for web subscriptions
  • Apple — in-app purchase and subscription management on iOS

No data is shared with advertising networks, analytics providers, or any other third parties.

Data Retention and Deletion

You can delete your account at any time from the Account tab in the app or from the dashboard on the website. When you delete your account, all associated data (sessions, statistics, presets, schedules, and device records) is permanently removed from our servers.

Children's Privacy

Sumi is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

Changes

We may update this policy from time to time. Any changes will be reflected on this page with an updated date.

Contact

If you have questions about this policy, reach out via our feedback page.