Privacy Policy

📦 What we collect

Pathlight collects only what is strictly necessary to answer your questions:

• Your question — the text you type into the Pathlight side panel.
• Page structure — a structural summary of the current page: headings, navigation items, button labels, link text, form labels, and dialog titles. This is semantic metadata, not the full page source.
• Page text (optional) — a summary of visible body text. This is only sent if you have the Send page text setting enabled. It is off by default for new installs.
• Conversation history — prior messages in the current session, sent with follow-up questions so the AI can maintain context. This history is held in memory only and is discarded when you close the side panel.

We do not collect passwords, form values, payment information, cookies, localStorage, session tokens, or any content inside password-type inputs.

🔄 How data flows

When you ask a question, the following happens:

• The extension extracts the page structure (and optionally page text) from your browser's DOM.
• That data, along with your question, is sent via HTTPS to the Pathlight backend server.
• The backend forwards the request to OpenAI's API (GPT-4o). OpenAI's privacy policy applies to that leg of the request.
• The AI's response is returned to your browser and displayed in the side panel.

💾 Data storage and retention

Pathlight does not store your questions or page data on our servers. Requests are processed in memory and discarded immediately after the response is sent.

Your extension settings (backend URL, privacy toggles, highlight preferences) are stored locally in chrome.storage.sync — they sync across your Chrome profile but are never sent to our servers.

Debug information (the last page context snapshot) is optionally stored in chrome.storage.local on your device and is never transmitted.

🛡️ Your privacy controls

Pathlight gives you direct control over what is sent:

• Send page text — toggle off to strip all body text from requests. Only structural metadata (element labels) is sent.
• Custom backend URL — point the extension at your own self-hosted backend to keep all data within infrastructure you control.
• Highlights on/off — the spotlight overlay is purely local; toggling it off has no effect on what data is sent.

These settings are accessible from the Pathlight Options page (right-click the extension icon → Options).

👤 No accounts, no tracking

Pathlight does not require an account, does not set cookies, and does not use analytics, advertising trackers, or fingerprinting of any kind. We do not know who you are, and we do not track which sites you visit.

🔗 Third-party services

The only third-party service Pathlight communicates with is OpenAI (via our backend). Requests are subject to OpenAI's API data usage policies. As of the date of this policy, OpenAI does not use API-submitted data to train models by default.

If you use a self-hosted backend, no data is sent to OpenAI unless your backend forwards it.

👶 Children's privacy

Pathlight is not directed at children under 13. We do not knowingly collect any information from children. If you believe a child has submitted information through Pathlight, please contact us and we will address it promptly.

📝 Changes to this policy

We may update this policy as the extension evolves. Material changes will be noted on this page with an updated date. Continued use of the extension after changes constitutes acceptance of the revised policy.

✉️ Contact

Questions or concerns about this privacy policy? Reach out: