Privacy Policy

Last updated: December 25, 2025

1. Overview

This Privacy Policy explains how we collect, use, store, and share information when you use Headlamp.

2. Information We Collect

2.1 Information You Provide

  • Repository URLs
  • Codebases and file contents you make accessible
  • Prompts, queries, and interactions with the Service
  • Communications with us (support emails, feedback)

If accounts are introduced in the future, we may also collect:

  • Email address
  • Account credentials (stored securely)
  • Organization information

2.2 Repository and Code Data

We collect and store:

  • Repository files and directory structures
  • File contents
  • Metadata (file paths, hashes, dependencies, configuration)
  • Derived data (summaries, embeddings, graphs, explanations)

Repository data may be stored in our databases, including Supabase-hosted PostgreSQL.

2.3 Automatically Collected Information

We may collect limited technical information such as:

  • IP address
  • Browser type and operating system
  • Timestamps and basic usage events
  • Error and performance logs

We do not currently run third-party analytics, but may add them in the future.

3. How We Use Information

We use collected information to:

  • Operate and provide the Service
  • Analyze and index repositories
  • Generate explanations and insights
  • Improve performance and reliability
  • Provide support and communicate with users
  • Maintain security and prevent abuse

4. AI Processing and External APIs

To provide AI-powered features, we may send repository content, excerpts, prompts, or derived context to third-party AI providers, including:

  • OpenAI
  • Anthropic

These providers process data in accordance with their own privacy policies and terms. We do not control their internal data handling practices beyond contractual arrangements.

5. Data Storage and Retention

  • Repository data and derived artifacts are stored until manually cleared, replaced, or otherwise removed as part of system operations
  • We do not currently offer self-service deletion of repository data
  • Retention periods may change as features evolve

6. Sharing of Information

We may share information with:

  • Infrastructure and hosting providers
  • Database and vector storage providers
  • AI model providers
  • Legal authorities if required by law

We do not sell personal data.

7. Subprocessors

Our subprocessors may include:

  • GitHub (repository access)
  • Supabase (database and vector storage)
  • OpenAI (AI model inference)
  • Anthropic (AI model inference)
  • Cloud hosting providers (e.g., Vercel)

This list may change over time.

8. International Users

Your information may be processed and stored in the United States or other jurisdictions where our service providers operate. By using the Service, you consent to these transfers.

9. Your Rights

Depending on your location, you may have rights to access or request deletion of personal information. Due to the current design of the Service, deletion capabilities may be limited.

Requests can be sent to privacy@headlamp.dev.

10. Security

We implement reasonable technical and organizational safeguards, but no system is completely secure.

11. Children’s Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted with a revised “Last Updated” date.

13. Contact

Privacy questions: privacy@headlamp.dev