Datenschutzerklärung under Art. 13 GDPR.
Last updated: 14 July 2026
We sell a subscription. That is the entire business model. We do not run ads, we do not have trackers, we do not sell or share your data, and we do not use analytics. Because we set no non-essential cookies, there is no cookie banner on this site — and under German guidance, showing you one would be misleading, since you would have no real choice to make.
The uncomfortable part, stated plainly: if you connect a mailbox, Focoose downloads and stores your email on our server. Message bodies and attachments are encrypted at rest, but Focoose is not end-to-end encrypted — we hold the keys, which means we are technically capable of reading your mail. We don't, and access is restricted, but you deserve to know that rather than discover it.
Everything below is stored because the service cannot work without it.
Legal bases. Almost all of this is Art. 6 (1)(b) GDPR — processing necessary to perform the contract you entered into. Payment records are additionally kept under Art. 6 (1)(c) to satisfy German tax law. Keeping the service secure and preventing abuse rests on Art. 6 (1)(f), our legitimate interest.
Focoose sets two cookies, both strictly necessary to sign you in and keep you signed in:
session_id — signed and HTTP-only; this is what keeps you signed in._focus_session — carries the CSRF token that protects forms, and remembers
where to send you after you click a sign-in link.There are no analytics, advertising, or tracking cookies, and no third-party scripts. Under §25 (2) TDDDG, cookies needed to deliver the service you asked for do not require consent, so we do not show a consent banner. Our fonts are the ones already on your device — your browser makes no request to Google when you load this page.
We use as few third parties as we can. These are all of them. We do not sell or share your data with anyone else, for any purpose.
Our servers are located at Emden, Germany — our own hardware, at the address given in the Impressum. Internet connectivity is provided by Vodafone; the site is reachable from the public internet through a Cloudflare Tunnel.
We run our own hardware. There is no hosting company holding your data on our behalf, and no data centre operator with a copy of it — the machine is ours, at the address given in the Impressum.
Focoose is served to the public internet through a Cloudflare Tunnel. Cloudflare, Inc. is established in the United States, so every request you make to Focoose is processed by a company outside the EU — this is not an occasional export, it is the path every page takes.
Cloudflare terminates TLS, which means it can see the content of requests in the clear as they pass through. We rely on Cloudflare's certification under the EU–US Data Privacy Framework, and on the Standard Contractual Clauses in its data processing addendum, as the safeguard for that transfer (Art. 45 / Art. 46 GDPR).
Everything else stays in Germany: the application, the database, and your synced email are on our own hardware in Emden, and outbound mail goes through a German relay.
While Focoose is in preview no account locks out at all, so that 12-month clock is not running for anyone. It starts the first day an account is locked, and not before.
Focoose is not end-to-end encrypted. That is a deliberate trade-off: search, the Screener, and reminders all require the server to be able to read your mail. It means we could technically access stored content, and you should weigh that before connecting a mailbox holding highly sensitive correspondence.
The full picture — what is encrypted, what is not, backups, and what happens if something goes wrong — is on the Security page.
When you connect a mailbox, you upload messages written by third parties who never agreed to anything with us. If you use Focoose for business, you are the controller of that data and we act as your processor, which means we should sign a data processing agreement (Auftragsverarbeitungsvertrag, Art. 28 GDPR). Email us and we will provide one.
Under the GDPR you can ask us to:
Email id@werkkasten.com and we will act on it. You also have the right to complain to a data protection supervisory authority, in the country where you live or where we are established.
If we change this policy in a way that materially affects you, we will tell you by email rather than quietly editing this page.
Questions? Our contact details are in the Impressum.