Last updated: May 19, 2026

Privacy Policy

HookSync ("we", "our", or "us") operates the HookSync webhook delivery platform. This Privacy Policy explains what data we collect, why we collect it, and how we use it. By using HookSync you agree to this policy.

Data we collect

Account data. When you register, we collect your email address, display name, and hashed password. We never store plaintext passwords.

Usage data. We log API requests (endpoint, status code, latency), event counts per organization, and delivery attempt metadata. We do not log the full contents of your webhook payloads for longer than 90 days on Pro, 30 days on Starter, or 7 days on Free.

Billing data. Payment is processed by Stripe. We store your Stripe customer ID and subscription status. We do not see or store your card number.

Cookies. We use one session cookie (httpOnly, SameSite=Lax) for authentication and one CSRF token cookie (SameSite=Strict). No tracking cookies, no third-party cookies.

How we use your data

To provide and operate the service, to send transactional emails (verification, password reset, billing receipts), to enforce plan limits, and to improve reliability and performance. We do not sell your data or use it for advertising.

Data sharing

We share data with: Stripe (billing), the email provider configured in your account, and infrastructure providers (hosting, database). All processors are contractually bound to handle data only on our instructions.

Data retention

Account data is retained while your account is active. Delivery logs are retained per your plan tier (7/30/90 days). After account deletion, all personal data is purged within 30 days. Audit logs are retained for 1 year for compliance purposes.

Your rights (GDPR)

If you are located in the EU or UK, you have the right to access, correct, port, or delete your personal data. To exercise these rights, email us at privacy@hooksync.net or use the account deletion option in Settings.

Security

Data is encrypted in transit (TLS 1.3) and at rest. Passwords are hashed with Argon2id. Webhook signing secrets are stored encrypted. We perform regular security reviews and notify affected users of any breach within 72 hours as required by GDPR Article 33.

Contact

Questions about this policy: privacy@hooksync.net or via our contact form.