Privacy Policy

Last updated: March 30, 2026

Headless Fly ("we", "our", "us") operates the website headlessfly.com, the website red.headlessfly.com, and the Headless Fly browser extension (collectively, the "Service"). This policy explains what data we collect, why, and how we protect it.

1. Data We Collect

Account Data

When you register, we collect your email address and a hashed password. We never store plaintext passwords.

Usage Data

We collect basic usage information such as which tools you use and how often, to improve the Service. We do not use third-party analytics trackers.

Reddit Data

When you use our tools, we may process publicly available Reddit data (subreddit names, post titles, usernames from public posts). We do not access your Reddit account credentials or private messages.

Payment Data

Payments are processed by Lemon Squeezy. We do not store credit card numbers. We receive your customer ID and subscription status from Lemon Squeezy via webhooks.

Browser Extension

The Headless Fly browser extension:

  • Stores your scheduling queue locally in your browser (chrome.storage)
  • Only communicates with headlessfly.com / red.headlessfly.com servers when you connect your account
  • Accesses Reddit submit pages (old.reddit.com and www.reddit.com) only to pre-fill post forms you have scheduled
  • Does not collect browsing history, keystrokes, or any data from non-Reddit pages
  • Does not inject ads or track you across websites
  • In standalone mode (no account), all data stays in your browser and is never sent to our servers

2. How We Use Your Data

  • To provide and maintain the Service
  • To send transactional emails (account verification, password reset, alerts you configure)
  • To process payments and manage your subscription
  • To improve the Service based on aggregate usage patterns

3. Data Sharing

We do not sell your data. We share data only with:

  • Lemon Squeezy — payment processing
  • Resend — transactional email delivery
  • Telegram — only if you connect Telegram for alerts

4. Data Storage & Security

Your data is stored on a server located in Germany (Netcup GmbH). We use HTTPS encryption for all connections, hashed passwords (bcrypt), and JWT tokens for authentication. Database backups are encrypted and retained for 7 days.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days. Anonymized, aggregated usage data may be retained indefinitely.

6. Your Rights

You can:

  • Export your data by contacting us
  • Delete your account from the profile settings page
  • Uninstall the browser extension at any time — all local data is removed automatically

7. Cookies

We use essential cookies only (authentication tokens). We do not use tracking cookies or third-party advertising cookies.

8. Children

The Service is not intended for anyone under the age of 18. We do not knowingly collect data from minors.

9. Changes

We may update this policy from time to time. Changes will be posted on this page with an updated date.

10. Contact

For privacy questions, email us at privacy@headlessfly.com.

Privacy Policy | Headless Fly