Privacy Policy
Last updated: May 6, 2026
1. Introduction
HookSniff ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our webhook delivery service ("Service").
2. Information We Collect
2.1 Account Information
- Email address
- Name (optional)
- Company name (optional)
- Payment information (processed by Stripe, not stored by us)
2.2 Usage Data
- API request logs (endpoint URLs, timestamps, response codes)
- Webhook delivery logs (payloads, delivery attempts, status)
- Dashboard activity (page views, feature usage)
- IP addresses (for security and rate limiting)
2.3 Technical Data
- Browser type and version
- Operating system
- Device information
- Cookies and session tokens
3. How We Use Your Information
We use your information to:
- Provide and maintain the Service
- Process webhook deliveries and retries
- Authenticate and authorize API requests
- Send service-related notifications (delivery failures, billing alerts)
- Improve the Service and fix bugs
- Prevent fraud and abuse
- Comply with legal obligations
4. Webhook Payloads
- We process webhook payloads solely for delivery to your configured endpoints
- Payloads are stored temporarily for delivery, retry, and logging purposes
- Payloads are automatically deleted according to your plan's retention period
- We do not inspect, analyze, mine, or sell your webhook data
- We do not use your webhook data for advertising or profiling
5. Data Sharing
We do NOT sell your personal data. We may share information with:
- Polar.sh: Payment processing (subject to Polar.sh's Privacy Policy)
- iyzico: Payment processing for Turkish customers (subject to iyzico's Privacy Policy)
- Infrastructure providers: Cloud hosting for Service operation
- Legal authorities: When required by law, court order, or to protect our rights
- Business transfers: In connection with a merger, acquisition, or sale of assets
6. Data Security
We implement industry-standard security measures:
- All data transmitted over TLS/HTTPS
- API keys are hashed before storage (SHA-256)
- HMAC-SHA256 signatures for webhook verification
- Regular security audits and updates
- Access controls and authentication for all systems
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | While account is active + 30 days |
| Webhook delivery logs | Per plan (7 / 30 / 90 days) |
| API request logs | 30 days |
| Payment records | As required by law (typically 7 years) |
| Analytics data | 12 months (aggregated, non-identifying) |
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your data ("right to be forgotten")
- Export your data in a portable format
- Object to certain processing
- Withdraw consent where applicable
To exercise these rights, contact us at privacy@hooksniff.vercel.app.
9. Cookies
We use:
- Essential cookies: Authentication, session management
- Analytics cookies: Usage statistics (optional, can be disabled)
You can control cookies through your browser settings.
10. International Data Transfers
Your data may be processed in countries outside your own. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required.
11. Children's Privacy
The Service is not intended for users under 18. We do not knowingly collect data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or dashboard notification. The "Last updated" date at the top indicates when changes were made.
13. Contact
For privacy-related questions or requests:
- Email: privacy@hooksniff.vercel.app
- Data Controller: HookSniff