headlight

Legal

Privacy Policy

Last updated: May 14, 2026

The short version

headlight is a desktop app. Your Google Drive files go directly between Google and your Mac. We don't read, transmit, store, or process the content of your files. There is no server in the middle. The only data we collect is what you explicitly submit through the beta signup form on this website, plus standard website analytics described below.

What headlight (the Mac app) does with your Drive data

When you sign in with Google, headlight requests access to your Drive using Google's standard OAuth flow. It uses two scopes:

  • drive.readonly: to list folders and files so we can render your file tree in the sidebar.
  • drive.file: to read and write files you specifically open or create through the app.

All Drive API calls go directly from your Mac to Google. The content of your files is never routed through, copied to, or cached on a headlight server. We don't operate a server that touches your Drive content at all.

Where your Google access token lives

Your OAuth access and refresh tokens are stored on your Mac in the macOS Keychain via Electron's safeStorage API. They never leave your machine and we never see them. You can revoke headlight's access to your Google account at any time via myaccount.google.com/permissions.

What this website collects

When you visit headlightapp.com, the following services run:

  • Google Analytics 4 (measurement ID G-9RQC3D6DLE). Collects page views, referrer, country, and an anonymized identifier used to estimate unique visitors. Used to understand which pages get attention and where visitors come from.
  • Vercel Analytics. Page views and Core Web Vitals (load speed, layout stability). No cookies, no cross-site tracking.
  • Vercel (our hosting provider). Standard server logs (IP address, user agent, requested path) used for security and uptime.

The beta signup form

The signup form on this site is an embedded Notion form. When you submit it, the responses are stored in our private Notion workspace. We use those responses to decide who to admit to the beta and how to prioritize features. We don't share signup responses with any third party.

What we don't do

  • We don't sell, rent, or trade your information.
  • We don't run ads, and we don't share data with ad networks.
  • We don't read, store, or transmit the content of your Google Drive files.
  • We don't profile or score users based on their behavior.

Your rights

You can ask us to access, correct, or delete any data we hold about you. That means your signup form response and any analytics data tied to your identifiers. Just email getheadlight@gmail.com. We aim to respond within 14 days. If you're in the EU/EEA, UK, or Canada, you also have rights under GDPR, UK GDPR, and PIPEDA respectively.

Changes to this policy

We'll update the date at the top of this page when we make changes. For material changes, we'll also notify beta testers by email.

Contact

Privacy questions? Email getheadlight@gmail.com.