Privacy Policy

Last updated: February 20, 2026

Greenlight ("we", "our", "the Service") is operated by David Farrell. This policy describes what data we collect, how we use it, and your rights regarding that data.

1. Data We Collect

Greenlight collects the minimum data necessary to deliver permission request notifications to your device:

• Device identifier: A randomly generated UUID created on your device and stored in your iCloud Keychain. This identifier is used to route permission requests to your device. It is not linked to your Apple ID, name, or any other personal information.
• Device secret: A cryptographic secret generated on your device and stored in your iCloud Keychain. This is used to authenticate communication between the app and the relay server.
• APNs token: A token provided by Apple Push Notification service, used solely to deliver push notifications when the app is not in the foreground. This token is device-specific and does not identify you personally.
• Permission request data: When your AI coding agent sends a permission request, the request content (tool name, command, file path, etc.) is relayed through our server to your device. Request metadata — including the tool name, tool input, your decision, and a timestamp — is logged and archived for operational and dispute resolution purposes. These logs allow us to investigate issues and verify what actions were requested and how they were resolved.
• Always-allow rules: If you choose "Always Allow" for a request, a pattern-based rule is stored on the server associated with your device identifier. You can view and delete these rules at any time in the app.
• Activity stream data: If you enable the --activity flag, Claude Code's transcript entries (tool calls, text responses, and user messages) are streamed through our server to your device in real time. This data is relayed in memory only — it is never written to disk, logged, or stored on our servers.

2. Data We Do Not Collect

• We do not collect your name, email address, or Apple ID.
• We do not collect your IP address for tracking purposes.
• We do not collect analytics, usage metrics, or telemetry.
• We do not use cookies or third-party tracking.
• We do not access your source code, files, or any data on your computer beyond what is included in the permission request payload sent by the hook script.

3. How We Use Your Data

All data collected is used exclusively to provide the core functionality of the Service:

• Routing permission requests from your AI coding agent to your device.
• Sending push notifications to wake the app when a request arrives.
• Evaluating always-allow rules to auto-approve matching requests.

We do not sell, share, or transfer your data to any third party, except Apple Push Notification service (APNs) for the sole purpose of delivering notifications.

4. Data Storage and Security

• Your device identifier and secret are stored in your iCloud Keychain, which is end-to-end encrypted by Apple.
• The relay server stores your device identifier (hashed secret) and APNs token in a database to route requests and send notifications.
• Always-allow rules are stored server-side and associated with your device identifier.
• All communication between the app and the server uses TLS encryption (HTTPS/WSS).
• Permission request metadata (tool name, tool input, decision, and timestamps) is logged for operational, audit, and dispute resolution purposes. Active log files are rotated automatically; older logs may be moved to cold storage and retained indefinitely.

5. Data Retention

Device registrations and always-allow rules are retained as long as you use the Service. Permission request logs may be archived to cold storage and retained indefinitely for audit and compliance purposes. If you uninstall the app, your device registration will become orphaned (no further requests can be delivered).

6. Children's Privacy

Greenlight is not directed at children under 13 and we do not knowingly collect data from children.

7. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

8. Contact

If you have questions about this privacy policy or your data, contact us at greenlight@dnmfarrell.com.