Privacy Policy

1. Introduction

HookWatch ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our webhook monitoring service ("Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access or use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Password (securely hashed)
• Billing information (processed by our payment provider, Paddle)

2.2 Webhook Data

When webhooks pass through our Service, we collect and store the following information for logging and delivery purposes:

• HTTP method and headers
• Request payload/body
• Source IP address
• Delivery timestamps and status
• Response codes and bodies from destination servers

2.3 Usage Data

We automatically collect certain information when you use our Service:

• Browser type and version
• Pages visited and features used
• Time and date of access
• Device information

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide and maintain our Service
• To process and deliver webhook events
• To manage your account and subscription
• To send alerts and notifications you've configured
• To communicate with you about service updates and support
• To monitor and analyze usage patterns to improve our Service
• To detect, prevent, and address technical issues or fraud
• To comply with legal obligations

4. Data Retention

We retain your data according to your subscription plan:

• Free plan: 7 days of webhook data retention
• Pro plan: 30 days of webhook data retention
• Business plan: 90 days of webhook data retention

Account information is retained for as long as your account is active. After account deletion, we retain minimal data as required for legal and business purposes for up to 90 days.

5. Data Sharing and Disclosure

We do not sell your personal information or webhook data to third parties. We may share information in the following circumstances:

• Service Providers: With trusted third-party services that help us operate our business (e.g., hosting, payment processing, email services)
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Your Consent: With your explicit consent for other purposes

6. Data Security

We implement robust security measures to protect your data:

• All data is encrypted in transit using TLS 1.3
• Data at rest is encrypted using AES-256 encryption
• Passwords are hashed using industry-standard algorithms
• Regular security audits and penetration testing
• Access controls and authentication for all internal systems

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Portability: Request transfer of your data to another service
• Objection: Object to certain processing of your data
• Restriction: Request restriction of processing

To exercise these rights, please contact us at privacy@hookwatch.dev.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we use appropriate safeguards such as standard contractual clauses approved by relevant authorities.

9. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your session and authentication state
• Remember your preferences
• Analyze usage patterns

You can configure your browser to refuse cookies, but this may limit your ability to use certain features of our Service.

10. Third-Party Services

Our Service integrates with the following third-party services:

• Paddle: Payment processing
• Slack: Alert notifications (when configured by you)
• Email providers: Transactional emails and alerts

These services have their own privacy policies, and we encourage you to review them.

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices:

14. GDPR Compliance

For users in the European Economic Area (EEA), we comply with GDPR requirements:

• Legal Basis: We process data based on contractual necessity (to provide our Service), legitimate interests (to improve and secure our Service), and consent (where applicable)
• Data Protection Officer: You can contact our DPO at dpo@hookwatch.dev
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

15. CCPA Compliance

For California residents, in accordance with the CCPA:

• We do not sell your personal information
• You have the right to know what personal information we collect
• You have the right to request deletion of your personal information
• You have the right to opt-out of the sale of personal information (not applicable)
• We will not discriminate against you for exercising your rights