your data, plainly.
last updated june 2026.
the short version: spotlight only stores the comments you choose to leave and what’s needed to attach them to the right element. the extension never reads your browsing history, never logs keystrokes outside the comment box, and we don’t sell your data.
what we collect
- the comment text you type
- the css selector, url, and page title of the element you click
- your account email and name (so comments are attributed to you)
- a hashed password, used only to sign you in
what we don't collect
- your browsing history or the pages you visit
- keystrokes or input outside the spotlight comment box
- page content beyond the selector and short label of the element you pick
- analytics that track you across the web
how the chrome extension uses access
the extension requests access to web pages so it can run commenting mode where you invoke it and draw comment pins. that page access is used only to highlight elements, capture the selector of the element you click, and display your team’s existing comments. the background worker sends that data to your configured spotlight api (by default spotlight.ogbuilds.ai) over https, authenticated with your personal token.
who can see your comments
comments are shared with the members of your team and no one else. anyone with a direct share link to a comment can view that comment if they belong to your team.
data retention & deletion
comments persist until you or a teammate deletes them. to delete your account and all associated data, email us and we’ll remove it. disconnecting the extension clears your token from local storage immediately.
contact
questions about privacy? reach the team via ogbuilds.ai.