1. Introduction

Webhook Stream ("we", "us", "our") is a sole proprietorship based in New York that operates the webhookstream.com website and the Webhook Stream service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile avatar through our authentication provider (WorkOS). We also store a unique identifier linking your account to our authentication system.

Billing Information

Payment processing is handled by Stripe. We store your Stripe customer ID to manage your subscription. We do not store credit card numbers or other sensitive payment details directly.

Webhook Data

When you use our service, we receive and temporarily store webhook payloads, headers, and metadata sent to your endpoints. This data is retained according to your plan's retention period (3 days for Free, 30 days for Pro, 90 days for Enterprise) and is automatically deleted after the retention window.

Usage Data

We collect information about how you interact with the service, including page views, feature usage, endpoint configurations, and delivery statistics. This helps us improve the service and detect issues.

3. How We Use Your Information

We use the information we collect to:

Provide and maintain the Webhook Stream service
Process your webhook relay requests and forward them to configured destinations
Manage your account and subscription
Send you transactional emails (payment receipts, failed payment notifications, plan changes)
Monitor and enforce plan limits (request quotas, endpoint limits, team size)
Detect, prevent, and address technical issues and abuse
Improve the service based on usage patterns

4. Data Sharing

We share your information only in the following circumstances:

Webhook forwarding: Your webhook payloads are forwarded to the destination URLs you configure. We act as a relay and do not modify the payload content.
Service providers: We use third-party services to operate our platform, including Stripe (payments), WorkOS (authentication, SSO, SCIM), and infrastructure providers (hosting, email delivery).
Legal requirements: We may disclose information if required by law, subpoena, or other legal process.
Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

We do not sell your personal information to third parties.

5. Data Security

We implement appropriate technical and organizational measures to protect your data:

All data is encrypted in transit using TLS
Webhook payloads are stored encrypted at rest
Authentication is handled through WorkOS with support for SSO and MFA
API tokens are hashed before storage
Role-based access control is enforced at the team level

6. Data Retention

Webhook logs are retained based on your plan tier and automatically deleted after the retention period expires. Account information is retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Export your data in a portable format
Object to processing of your data
Withdraw consent where processing is based on consent

To exercise these rights, contact us at [email protected].

8. Cookies

We use essential cookies to maintain your session and authentication state. We do not use third-party tracking cookies or advertising cookies.

9. Children's Privacy

Webhook Stream is not intended for use by children under 16. We do not knowingly collect personal information from children under 16.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "last updated" date. Your continued use of the service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at [email protected].