Privacy Policy | GridLock

Our Privacy Philosophy

At GridLock, we believe that privacy is a fundamental right, not an optional feature. Our products are designed from the ground up to protect your personal information and give you complete control over your data.

Core Principle: All ad blocking and filtering happens locally on your device. We never see your browsing history, the websites you visit, or the content you view.

Local-Only Processing

All blocking happens on your device. No external servers process your traffic.

No Tracking

We don't track your browsing habits or build profiles about your interests.

No Data Selling

We never sell, rent, or share your personal data with third parties.

Opt-In Telemetry

Any data collection is optional and anonymized by default.

Data Collection Practices

GridLock operates primarily as a local-first application. Here's what that means:

What We DON'T Collect

Browsing history - We never record which websites you visit
Search queries - Your searches stay private
Personal identifiers - No names, emails, or IP addresses linked to browsing data
Location data - We don't track your physical location
Device fingerprints - No unique device identifiers for tracking

What We DO Collect (Minimal)

License Key (hashed): When you activate GridLock, only a cryptographic hash of your license key is stored locally
Local Settings: Your preferences (enabled features, whitelist rules) are stored locally on your device
Blocking Statistics: Aggregate counts of blocked ads/trackeres are stored locally for your dashboard

Important: All blocking statistics, whitelists, and settings are stored locally on your device in encrypted storage. They are never transmitted to our servers.

Browser Extension Permissions

Our browser extensions require certain permissions to function. Here's a plain explanation of each permission and why we need it:

Permission Breakdown:

Permission	Why We Need It
`storage`	Save your settings and whitelist locally on your device
`tabs`	Show blocked ad count and stats in the extension popup
`declarativeNetRequest`	Block ads and trackers before they load (core blocking feature)
`unlimitedStorage`	Store filter lists and blocking rules efficiently
`contextMenus`	Add right-click menu options to block page elements
`webNavigation`	Detect page loads to apply blocking rules at the right time
`scripting`	Inject content scripts to remove ads and popups from web pages
`alarms`	Schedule automatic filter list updates
`notifications`	Show you important updates (can be disabled in settings)
`<all_urls>`	Block ads on all websites (that's the whole point!)

Privacy-First Permission Design

Minimal permissions: We only request what's absolutely necessary for ad blocking
No sensitive data access: We don't read passwords, credit cards, or personal information
Local processing: All permission-based actions happen on your device
No background scanning: We only check pages you actively visit

Transparency Promise: You can review our complete source code on GitHub to verify exactly how we use each permission. We have nothing to hide.

Opt-In Telemetry (Disabled by Default)

GridLock includes an optional telemetry feature that is disabled by default. If you choose to enable it, we collect the following anonymized data:

Aggregate blocking statistics: Total number of ads/trackeres blocked (no per-site data)
Performance metrics: App crashes, errors, and performance issues
Feature usage: Which features are used most (to guide development)

Telemetry Privacy Guarantees

100% Anonymous: No IP addresses, device IDs, or personal identifiers
Aggregated Only: Data is combined with all users, never individualized
No Browsing Data: We never collect which sites you visit or what you search for
Opt-Out Anytime: Disable telemetry in settings with one click

How We Use Telemetry Data

The anonymized telemetry data helps us:

Improve ad detection accuracy
Fix bugs and performance issues
Prioritize feature development based on actual usage
Detect compatibility issues with popular websites

Cookie Policy

GridLock takes a zero-tracking approach to cookies:

On Our Website

No tracking cookies - We don't use third-party analytics or advertising cookies
Essential cookies only - Minimal session cookies for website functionality (if you log in)
No pixel tracking - No hidden trackers or beacons

In Our Browser Extensions

We BLOCK cookies - Our extension helps you block third-party tracking cookies
Local storage only - Extension settings are stored locally in your browser
No cross-site tracking - We don't track you across websites

Cookie Consent

Since we don't use tracking cookies, we don't show cookie consent banners on our website. You can browse gridlock.app without being pestered by consent popups.

Third-Party Services

GridLock is designed to be self-contained and independent. Here's our policy on third-party services:

We do NOT use:

❌ Third-party analytics (Google Analytics, etc.)
❌ Third-party advertising networks
❌ Third-party CDN services for data
❌ Third-party data processing services

Licensing & Payment Processing

We use minimal third-party services only for essential business operations:

Payment Processing: LemonSqueezy (PCI-compliant, processes payments only)
License Verification: Cryptographic signature verification (no personal data transmitted)
GitHub: Open-source code hosting (for community contributions)

These services have their own privacy policies, and we only use them for their stated purposes. We do not share your browsing data with them.

Android VPN Privacy Notice

The Android app uses a local VPN to filter network requests. Here's what you need to know:

How the Local VPN Works

Local Processing: The VPN runs entirely on your device - your traffic is NOT routed through external servers
DNS Filtering: The VPN only filters DNS requests to block known ad/tracker domains
No VPN Server: There is no remote VPN server that sees your traffic

What the VPN CAN'T Do

❌ See your unencrypted traffic (HTTPS remains encrypted end-to-end)
❌ Access your passwords or personal data
❌ Track your browsing habits (DNS queries are checked against local blocklists only)
❌ Send your data to external servers

Bottom Line: The Android VPN is a local filtering interface only. It gives GridLock permission to filter network requests on your device, but it does NOT create a traditional VPN connection to external servers.

Your Rights & Controls

You have complete control over your data and privacy settings:

Data Deletion

Delete all local data by uninstalling GridLock. No data remains on your device.

Export Data

Export your settings, whitelists, and blocking statistics from the dashboard.

Disable Telemetry

Turn off optional telemetry in settings with one click at any time.

Opt-Out Completely

Use GridLock offline. No account or internet connection required after activation.

GDPR Rights (EU Users)

If you're located in the European Union, you have additional rights under GDPR:

Right to Access: Request a copy of any data we have about you
Right to Rectification: Correct inaccurate data
Right to Erasure: Request deletion of your data
Right to Portability: Receive your data in a structured format
Right to Object: Object to data processing

Since GridLock operates primarily locally and doesn't collect personal data, most of these rights are exercised simply by uninstalling the application.

Children's Privacy

GridLock is suitable for users of all ages. Because we don't collect personal information, our service is compliant with COPPA and other children's privacy regulations by design.

❌ No personal data collection from children
❌ No behavioral targeting
❌ No data sharing with third parties

Parents can use GridLock's parental control features to create a safer browsing environment for children without privacy concerns.

Data Security

We implement industry-standard security measures to protect any data that is stored locally on your device:

Encrypted Storage: All local data is encrypted at rest
Secure Key Management: License keys are hashed using SHA-256 before storage
No Remote Data: Since we don't store data on our servers, there's nothing to breach
Open Source: Our code is publicly auditable on GitHub for security transparency

Security by Design: Our privacy-first architecture means that even if our servers were compromised, your browsing data would be safe because it never leaves your device.

International Data Transfers

GridLock does not transfer personal data internationally. All blocking and filtering happens locally on your device, regardless of your location.

For opt-in telemetry (if enabled), anonymized aggregate data may be processed on servers located in the United States. This data contains no personal identifiers and cannot be linked to individual users.

Changes to This Privacy Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date.

We will never:

Change our policy to start collecting personal browsing data
Retroactively change how we handle data you've already entrusted to us
Reduce your privacy protections without explicit notice and consent

We encourage you to review this privacy policy periodically to stay informed about how we protect your information.

Contact Us

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

[email protected]

GitHub Issues

Community Discussions

We typically respond to privacy inquiries within 7 business days.

Privacy Guarantee

GridLock is built on a simple promise: Your browsing data never leaves your device.

✓ No browsing history collection
✓ No tracking or profiling
✓ No data selling to third parties
✓ Opt-in telemetry only (disabled by default)
✓ All blocking happens locally