Privacy Policy

Last Updated: January 2025

1. Introduction

Welcome to WebhookDrop ("we", "our", "us", or "Service"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our webhook testing and inspection service.

By using WebhookDrop, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information You Provide

Account Registration:

  • Email address (required for account creation and verification)
  • Password (encrypted and never stored in plain text)
  • Account display name or username (if provided)

Billing Information:

  • Payment method details (processed through third-party processors)
  • Billing address
  • Transaction history
  • AppSumo redemption codes (when applicable)

2.2 Webhook Data

Webhook Payloads:

  • HTTP headers from incoming webhook requests
  • Request body/payload content
  • Request method (GET, POST, PUT, DELETE, etc.)
  • Source IP addresses
  • Timestamp of webhook receipt
  • Response status codes

All webhook payloads are automatically encrypted using AES-256-GCM encryption before storage.

2.3 Automatically Collected Information

  • Usage data (pages visited, features used, time spent)
  • Technical data (IP addresses, browser type, device information)
  • Log files and error logs
  • Cookies and tracking technologies
  • API usage patterns and frequency

3. How We Use Your Information

3.1 Service Provision

We use your information to:

  • Create and manage your account
  • Process webhook requests and store payloads
  • Provide webhook inspection and replay functionality
  • Authenticate and authorize access to your data
  • Send service-related emails (verification, password resets)
  • Process payments and manage subscriptions

3.2 Service Improvement

We use aggregated, anonymized data to:

  • Analyze usage patterns and trends
  • Identify and fix bugs or technical issues
  • Develop new features and functionality
  • Optimize system performance and reliability

3.3 Communication

We may contact you to:

  • Send account verification emails (required)
  • Notify you of security alerts or password resets
  • Provide customer support responses
  • Send important service updates or changes
  • Notify you of quota limits or billing issues

4. Data Storage and Security

4.1 Storage Infrastructure

Database Storage

  • • PostgreSQL database
  • • Secure cloud infrastructure
  • • Regular automated backups
  • • SSL/TLS encrypted connections

Object Storage

  • • Cloudflare R2 (S3-compatible)
  • • EU region data centers
  • • Geographic redundancy
  • • AES-256-GCM encryption

4.2 Encryption

Data at Rest:

  • All webhook payloads encrypted using AES-256-GCM encryption
  • Encryption keys securely managed and rotated
  • Database connections use SSL/TLS encryption

Data in Transit:

  • All web traffic uses HTTPS (TLS 1.2+)
  • API communications encrypted end-to-end
  • Webhook reception supports HTTPS only

4.3 Security Measures

  • Role-based access control (RBAC) for internal systems
  • Multi-factor authentication for administrative access
  • Regular security audits and penetration testing
  • Firewall protection and intrusion detection
  • DDoS mitigation through Cloudflare
  • Automated vulnerability scanning

5. Data Retention

5.1 Webhook Data Retention

Webhook data is automatically deleted based on your subscription plan:

Free Trial

14 days

Starter Plan

90 days

Business Plan

180 days

Enterprise Plan

365 days

Automated cleanup runs daily to remove expired webhook data permanently.

5.2 Account Data Retention

  • Active account data retained as long as your account exists
  • Deleted account data removed within 30 days
  • Billing records retained for 7 years for tax compliance
  • Support communications retained for 2 years
  • System logs retained for 90 days

6. Data Sharing and Disclosure

6.1 Third-Party Service Providers

We share limited data with trusted service providers:

Cloudflare R2

Purpose: Webhook payload storage in EU data centers

Data: Encrypted webhook payloads only

Payment Processors

Purpose: Payment processing and billing

Data: Billing information (NOT webhook data)

Email Service (Mailgun - EU)

Purpose: Verification and notification emails

Data: Email addresses and account messages (EU-based service)

AppSumo

Purpose: Lifetime deal code verification

Data: Redemption codes and tier information

6.2 What We DON'T Share

We will NEVER:

  • Sell your personal information to third parties
  • Share webhook data with advertisers
  • Use webhook content for marketing purposes
  • Provide your email to marketing lists
  • Share data without encryption in transit

7. Your Privacy Rights

Access & Portability

Access and export all your personal data and webhook data in JSON format

Correction & Update

Update account information and correct inaccurate personal data at any time

Deletion (Right to be Forgotten)

Request deletion of specific data or complete account deletion

Objection

Object to processing for direct marketing or withdraw consent

Exercising Your Rights

To exercise any of these rights:

  • Email: support@webhookdrop.app
  • Account Settings: Use built-in data management tools
  • Response Time: We respond within 30 days
  • Verification: Identity verification required for security

8. International Data Transfers

Data Location

  • • Primary data storage: EU region (Cloudflare R2)
  • • Backup storage: EU region
  • • Compliant with GDPR and data protection laws

If you access the Service from outside the EU, data may be transferred to and processed in the EU. We use appropriate safeguards (Standard Contractual Clauses) and comply with GDPR and applicable data protection laws.

9. Cookies and Tracking Technologies

Types of Cookies We Use

Essential Cookies (Required)

Session management, authentication, security tokens

Functional Cookies (Optional)

User preferences, settings, language selection

Analytics Cookies (Optional)

Usage statistics, feature tracking (anonymized)

You can control cookies through browser settings or our cookie consent banner. Note: Blocking essential cookies may limit Service functionality.

10. Children's Privacy

  • WebhookDrop is NOT intended for users under 18 years of age
  • We do not knowingly collect information from minors
  • If we discover we have collected data from a minor, we will delete it immediately
  • Parents/guardians can contact us to request deletion of minor's data

11. Data Breach Notification

In the event of a data breach affecting personal information:

  • We will investigate and contain the breach immediately
  • Affected users notified within 72 hours of discovery
  • Relevant authorities notified as required by law
  • Transparent communication about scope and impact
  • Recommended actions for affected users provided

12. Third-Party Links and Services

Our Service may contain links to third-party websites or services. We are not responsible for their privacy practices. Third-party sites have their own privacy policies, and we encourage you to review their policies before sharing data.

When you integrate WebhookDrop with third-party services, you authorize data exchange between services. Third-party data handling is governed by their policies. You can revoke integrations at any time.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email and Service notification. The "Last Updated" date reflects the most recent revision. Continued use after changes constitutes acceptance.

We will provide 30 days notice for material changes affecting your rights. Previous versions are available upon request, and you have the right to delete your account if you disagree with changes.

14. California Privacy Rights (CCPA)

For California residents, you have additional rights under CCPA:

Right to Know

Know what personal information we collect and how it's used

Right to Delete

Request deletion of your personal information

Right to Opt-Out

We do NOT sell personal information

Non-Discrimination

We won't discriminate for exercising your rights

15. Contact Information

For privacy-related questions or requests:

Email: support@webhookdrop.app

Website: https://webhookdrop.app

Response Time: Within 30 days for data requests

By using WebhookDrop, you acknowledge that you have read, understood, and agree to this Privacy Policy.

For questions or concerns about your privacy, please contact us at support@webhookdrop.app