Privacy Policy

Last updated: June 9, 2026

1. Who We Are and What This Covers

Headlight ("Headlight," "we," "us," or "our") provides AI-powered client software for advisory firms, law firms, family offices, and other professional services firms (the "Service"). This Privacy Policy describes how we collect, use, and share personal information when you visit our website at withheadlight.com, use the Service, or otherwise interact with us.

Headlight plays two distinct roles with respect to personal information, and it is important to understand the difference:

2. Information We Collect

When we act as a data controller, we collect the following categories of information:

3. How We Use Information

We use the information described in Section 2 to:

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

4. Customer Content We Process on Behalf of Customers

The core of the Service is helping firms organize and understand their client records. Customer Content may include documents (such as wills, trusts, tax returns, account statements, and operating agreements) and structured records about the people, households, trusts, entities, and transactions described in those documents. Customer Content may contain sensitive personal information, including names, contact details, dates of birth, family relationships, government identifiers, financial account details, and tax information.

With respect to Customer Content:

For customers that are financial institutions subject to the Gramm-Leach-Bliley Act, SEC Regulation S-P, or similar rules, we act as a service provider with respect to nonpublic personal information contained in Customer Content and handle it in accordance with our agreement with the customer.

5. AI Processing

The Service uses artificial intelligence to read documents, extract structured information, and answer questions grounded in a customer's own records. We designed this processing to keep Customer Content within our controlled infrastructure:

6. How We Share Information

We share personal information only as described below. We do not sell it or rent it to anyone.

7. Cookies

We use only essential cookies: a session cookie that keeps you signed in and related cookies necessary for security (such as preventing cross-site request forgery). We do not use advertising cookies, and we do not respond differently to browser "Do Not Track" signals because we do not track users across third-party sites in the first place.

8. Security

We build the Service for firms that handle highly sensitive financial and estate information, and our security program reflects that:

No system is perfectly secure. If we learn of a breach affecting your personal information, we will notify affected customers and individuals as required by law. Security researchers and others can reach our security team at security@withheadlight.com.

9. Data Retention and Deletion

To request deletion, contact privacy@withheadlight.com. If your information is part of Customer Content, we may refer your request to the controlling firm, since deleting it is their decision under our agreement with them.

10. Your Rights and Choices

Depending on where you live, you may have rights under state privacy laws (such as the California Consumer Privacy Act) or other applicable laws to access, correct, delete, or obtain a copy of your personal information, and to not be discriminated against for exercising those rights. Because we do not sell personal information or use it for targeted advertising, there is no sale or sharing to opt out of.

To exercise these rights for information that Headlight controls, email privacy@withheadlight.com. We will verify your request and respond within the time required by applicable law. If your request concerns information contained in Customer Content, please contact the firm you work with; we will support that firm in fulfilling your request.

You may also unsubscribe from non-essential emails using the link in those emails. Transactional messages (such as document requests and security notices) are part of the Service and cannot be opted out of while you use it.

11. Data Location

Headlight is based in the United States, and the Service is hosted in AWS data centers in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to and processed in the United States. If we onboard customers subject to the GDPR or similar laws, we will put appropriate transfer mechanisms and data processing terms in place with those customers.

12. Children

The Service is for business use and is not directed to children, and we do not knowingly collect personal information directly from children. Customer Content may include information about minors (for example, as beneficiaries in estate documents); that information is controlled by the customer firm and processed only on its behalf.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify customers through the Service or by email before the changes take effect, and we will update the "Last updated" date above. The current version always lives at this page.

14. Contact Us

Privacy questions and requests: privacy@withheadlight.com

Security: security@withheadlight.com

General: hello@withheadlight.com