Headroom

Legal

Privacy Policy

Last updated: April 13, 2026

The short version

Headroom runs locally on your machine. Your prompts, code, and files never leave your device or reach our servers. The App collects your email address, token savings statistics, anonymous usage events (via Aptabase), and crash reports (via Sentry). For users outside the European Economic Area and United Kingdom, the App also records in-app interactions via Microsoft Clarity, and the website uses Google Ads conversion tracking. The website uses Simple Analytics for privacy-first page view statistics. We do not sell your data.

1. Who We Are and What This Policy Covers

Headroom is operated by Garm Tech B.V., registered in the Netherlands under Chamber of Commerce number 99602075, with registered address at Staalkade 6 O, 1011 JN Amsterdam, the Netherlands. Garm Tech B.V. is the data controller under the GDPR. If you have any questions about this Privacy Policy, email us at [email protected].

This policy covers two contexts: the Headroom desktop app and the extraheadroom.com website. Sections 2 through 6 relate primarily to the App. Section 2a covers data collected on the website.

2. What We Collect

We collect the following categories of data:

  • Email address. Provided when you create a Headroom account. Used for authentication, sending sign-in codes, and communicating about your account or subscription.
  • Token savings statistics. The App tracks the cumulative number of tokens saved through Headroom's local optimization. This aggregate count is synced to our servers so we can display it to you across sessions and track milestones. No prompt content or file data is included - only the numeric count.
  • Anonymous usage events. The App sends named usage events to Aptabase, a privacy-focused analytics service. Each event includes: OS name and version, system locale, WebKit engine version, app version, and an anonymous session ID that resets after four hours of inactivity. No directly identifying data such as names or email addresses are attached. Events cover app lifecycle actions such as starting the app, completing setup, connecting an AI client, pausing or resuming the proxy, signing in, starting a checkout, and quitting the app.
  • Crash and error reports. The App uses Sentry to capture errors and crashes. This may include stack traces, error messages, and technical context such as app version and OS. A 10% sample of frontend sessions also includes performance traces. We configure Sentry to avoid capturing prompt or file content, but cannot guarantee that no personal data appears in diagnostic context such as error messages or variable state at the time of a crash.
  • In-app interaction data. The App uses Microsoft Clarity to record UI interactions such as clicks and mouse movements within the Headroom interface. This helps us understand how the interface is used and identify usability issues. Clarity is active while the app window is in the foreground and is only enabled for users outside the European Economic Area and United Kingdom, as determined by the system timezone. No Claude Code input or output is visible to the app UI and is therefore not captured.

2a. What the Website Collects

When you visit extraheadroom.com, we collect the following:

  • Anonymous page view statistics. We use Simple Analytics, a privacy-first analytics service that collects no personal data, sets no cookies, and respects the Do Not Track browser setting. Simple Analytics records only aggregated, non-identifiable data such as page views and referrers.
  • Advertising conversion data (non-EEA/UK visitors only). For visitors whose system timezone is outside the European Economic Area and United Kingdom, we load Google Ads conversion tracking (gtag.js). This records when a visitor downloads the App, so we can measure the effectiveness of our advertising campaigns. Google Ads sets cookies and sends conversion data to Google. For EEA and UK visitors, this script is not loaded and no cookies are set.

The website does not require you to create an account or provide any personal data to browse it. If you submit a contact request, we collect your email address solely to respond to your enquiry.

3. What We Do Not Collect

Headroom's core function is local prompt optimization. The App intercepts and compresses your Claude Code prompts entirely on your machine. We do not intentionally receive, store, or process your prompts, code, file contents, or any other data that Claude Code reads or writes. By design, the proxy runs locally and does not route your input data through our servers. As noted above, crash reports sent to Sentry may incidentally contain such data if it is present in diagnostic context at the time of an error; we configure Sentry to minimise this.

4. How We Use Your Data

  • Email: to authenticate you, send sign-in codes, and communicate about your account or subscription
  • Token savings count: to display your cumulative savings in the App and on your account
  • Usage events: to understand feature adoption and improve the product
  • Crash reports: to identify and fix bugs
  • Interaction recordings: to identify usability issues in the App UI

We do not sell your data. We do not use your account data for advertising. For non-EEA/UK website visitors, we use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns; this is based on anonymous download events, not your account data.

5. Legal Basis for Processing (GDPR)

Where the GDPR applies, we rely on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)): processing your email address and token savings statistics to provide and manage your account and subscription.
  • Legitimate interests (Art. 6(1)(f)): sending anonymous usage events to Aptabase and crash reports to Sentry to operate, maintain, and improve the App. Our legitimate interest in diagnosing issues and understanding usage is balanced against your interest in privacy; the data collected is minimal, pseudonymous, and not used for profiling.
  • Not applicable for EEA/UK users: Microsoft Clarity is not enabled for users in the European Economic Area or United Kingdom. For other users, we rely on legitimate interests (Art. 6(1)(f)) for processing in-app interaction data to identify usability issues in the App interface.

If you wish to object to processing based on legitimate interests, contact us at [email protected].

6. Where Data Is Stored

On macOS, your session token is stored in the macOS Keychain, which is encrypted and access-controlled by your operating system. On Linux, secure credential storage is not currently implemented; session tokens are not persisted between app restarts on that platform. Your token savings count and subscription status are stored on our servers.

7. Third Parties

  • Polar. If you purchase a paid plan, your payment is processed by Polar. Polar receives your payment details directly; we do not store your card information. Polar's privacy policy governs their handling of payment data.
  • Anthropic. The App forwards your optimized prompts to Anthropic's Claude API on your behalf, exactly as Claude Code would without Headroom. Anthropic's privacy policy governs how they handle API requests.
  • Aptabase. Anonymous usage events are sent to Aptabase, a privacy-focused analytics service hosted in the EU. Aptabase does not receive your email address. Their privacy policy governs their handling of event data.
  • Sentry. Crash reports and error data are sent to Sentry, a US-based service. Transfers are made under standard contractual clauses. This may include technical context such as stack traces and app version. We do not intentionally include your email address in Sentry reports, but cannot guarantee it never appears in diagnostic context. Sentry's privacy policy governs their handling of this data.
  • Simple Analytics. Website page view statistics are processed by Simple Analytics. No personal data or cookies are involved. Their privacy policy governs their handling of this data.
  • Google Ads (non-EEA/UK website visitors only). Conversion data from the website is processed by Google LLC. Google Ads sets cookies and may transfer data to the United States. Google's privacy policy governs their handling of this data. This service is not loaded for EEA or UK visitors.
  • Microsoft Clarity. In-app interaction data is processed by Microsoft Clarity, a service provided by Microsoft Corporation. Clarity receives information about UI interactions within the Headroom app window. Microsoft acts as an independent data controller for this data; Microsoft's privacy policy governs their handling of it. Clarity is not enabled for users in the EEA or UK.

We do not intentionally share your email address with Aptabase, Sentry, or Microsoft Clarity, and we do not share it with Anthropic.

8. Your Rights

Under the GDPR you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, and the right to data portability. You can exercise these rights by emailing [email protected]. We will respond within one month.

You also have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

9. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email at the address associated with your account at least 14 days before the changes take effect, consistent with our Terms of Service. Non-material changes will be noted by updating the "Last updated" date above. We will not retroactively change how we handle data we have already collected without obtaining your consent where required by law.

10. Contact

Questions? Email us at [email protected].