Privacy Policy

Last updated: November 30, 2025

1. Summary

This Privacy Policy explains how Webhook.it collects, uses, and protects your data. We are committed to GDPR compliance and respecting your privacy.

Key points:

We collect only what's necessary to provide the service
Webhook data is automatically deleted after your plan's retention period
We do not sell your personal data
You can request access, correction, or deletion of your data at any time

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address (required), and optionally your name, company name, and location preferences.

2.2 Webhook Data

When you receive webhooks through our service, we temporarily store: HTTP headers (with sensitive headers like Authorization automatically filtered), request body, HTTP method, timestamp, and source IP address.

Retention: This data is automatically deleted after your plan's retention period — 24 hours (Free), 30 days (Pro), or 90 days (Business).

2.3 Usage Data

We automatically collect technical information: IP address (for security and rate limiting), browser type, pages visited, and access timestamps.

2.4 Payment Data

Payment information is processed directly by Stripe and never stored on our servers. We only retain transaction references for accounting purposes.

3. How We Use Your Data

We process your data based on the following legal grounds (GDPR Article 6):

Contract performance: Providing the webhook testing service, account management, and processing payments.
Legitimate interest: Security, fraud prevention, rate limiting, and service improvement.
Legal obligation: Tax and accounting compliance.
Consent: Marketing communications (opt-in only).

4. Data Storage & Retention

Your data is stored on servers located in the European Union (Supabase EU region). We implement security measures including HTTPS encryption, encryption at rest, and automatic filtering of sensitive headers.

Retention periods:

Webhook events: Per your plan (24h / 30 days / 90 days)
Account data: While active + 30 days after deletion
Billing records: 10 years (legal requirement)

6. Your Rights

Under GDPR, you have the right to:

Access — Request a copy of your personal data
Rectification — Correct inaccurate data
Erasure — Request deletion of your data
Portability — Receive your data in a portable format
Restriction — Limit how we process your data
Objection — Object to certain processing
Withdraw consent — At any time for consent-based processing

To exercise these rights, email support@webhook.it with subject "Privacy Request". We will respond within 30 days.

You may also lodge a complaint with your local data protection authority. Find yours at edpb.europa.eu.

7. Cookies

We use only essential cookies for:

Authentication and session management
Theme preferences (light/dark mode)
Security (CSRF protection)

We use Vercel Analytics for anonymous, aggregated usage statistics. We do not use tracking or advertising cookies.

8. Changes to This Policy

We may update this Privacy Policy periodically. For significant changes, we will notify you via email or through a notice on our website before the changes take effect.

9. Contact

For questions about this Privacy Policy or to exercise your data protection rights:

Email: support@webhook.it

1. Summary

This Privacy Policy explains how Webhook.it collects, uses, and protects your data. We are committed to GDPR compliance and respecting your privacy.

Key points:

We collect only what's necessary to provide the service
Webhook data is automatically deleted after your plan's retention period
We do not sell your personal data
You can request access, correction, or deletion of your data at any time

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address (required), and optionally your name, company name, and location preferences.

2.2 Webhook Data

Retention: This data is automatically deleted after your plan's retention period — 24 hours (Free), 30 days (Pro), or 90 days (Business).

2.3 Usage Data

We automatically collect technical information: IP address (for security and rate limiting), browser type, pages visited, and access timestamps.

2.4 Payment Data

Payment information is processed directly by Stripe and never stored on our servers. We only retain transaction references for accounting purposes.

3. How We Use Your Data

We process your data based on the following legal grounds (GDPR Article 6):

Contract performance: Providing the webhook testing service, account management, and processing payments.
Legitimate interest: Security, fraud prevention, rate limiting, and service improvement.
Legal obligation: Tax and accounting compliance.
Consent: Marketing communications (opt-in only).

4. Data Storage & Retention

Retention periods:

Webhook events: Per your plan (24h / 30 days / 90 days)
Account data: While active + 30 days after deletion
Billing records: 10 years (legal requirement)

6. Your Rights

Under GDPR, you have the right to:

Access — Request a copy of your personal data
Rectification — Correct inaccurate data
Erasure — Request deletion of your data
Portability — Receive your data in a portable format
Restriction — Limit how we process your data
Objection — Object to certain processing
Withdraw consent — At any time for consent-based processing

To exercise these rights, email support@webhook.it with subject "Privacy Request". We will respond within 30 days.

You may also lodge a complaint with your local data protection authority. Find yours at edpb.europa.eu.

1. Summary

2. Information We Collect

2.1 Account Information

2.2 Webhook Data

2.3 Usage Data

2.4 Payment Data

3. How We Use Your Data

4. Data Storage & Retention

5. Data Sharing

6. Your Rights

7. Cookies

8. Changes to This Policy

9. Contact

1. Summary

2. Information We Collect

2.1 Account Information

2.2 Webhook Data

2.3 Usage Data

2.4 Payment Data

3. How We Use Your Data

4. Data Storage & Retention

5. Data Sharing

6. Your Rights

7. Cookies

8. Changes to This Policy

9. Contact