Privacy Policy

Last updated: May 20, 2026

This Privacy Policy explains what data online-webhooks.com (the "Service") collects, how it is used, and your choices. By using the Service, you agree to this policy.

1. Data we collect

• Account data. If you create an account, we store your email address and, if you sign in with GitHub, the verified email associated with that account.
• Captured webhook requests. When you generate a webhook URL, every HTTP request sent to it — method, headers, query string, body, and timestamp — is stored so you can inspect it. This content is supplied by you or by services you direct to the URL.
• Technical data. We process IP addresses for rate limiting and abuse prevention, and we keep server logs for operating and securing the Service.
• Cookies. We use a single first-party, HttpOnly session cookie to keep you signed in. We do not use third-party advertising or tracking cookies.

2. Data we do not collect

We do not store payment card details. All payments are processed by our payment provider, Paddle, which acts as Merchant of Record. We receive only a subscription status and a customer identifier from Paddle — never your card number.

3. How we use data

• To provide the Service — generating URLs, capturing requests, authenticating you, and delivering paid features.
• To send transactional email — one-time magic sign-in links. We do not send marketing email.
• To secure the Service — rate limiting, abuse detection, and debugging.
• To manage subscriptions via Paddle.

4. Data retention

• Anonymous (free) endpoints and their captured requests expire automatically 24 hours after their last activity.
• Saved endpoints retain a limited number of recent requests depending on your plan; older requests are trimmed automatically.
• Magic sign-in links expire 15 minutes after issuance and are single-use.
• Sessions expire after 30 days of inactivity.
• Account data is retained while your account is active and deleted on request.

5. Third parties

We share data only with service providers necessary to operate the Service:

• Amazon Web Services — hosting, storage, and email delivery.
• Paddle — payment processing and subscription management.
• GitHub — optional sign-in, if you choose it.

We do not sell personal data.

6. Security

We use industry-standard measures including HTTPS everywhere, hashed session and link tokens, encrypted storage at rest, rate limiting, and least-privilege access controls. No system is perfectly secure; do not send production secrets to webhook URLs unless necessary.

7. Your rights

You may request access to, correction of, or deletion of your account data by emailing us. Deleting your account removes your saved endpoints and captured requests. Depending on your location, you may have additional rights under laws such as the GDPR or CCPA.

8. Children

The Service is not directed to children under 16 and we do not knowingly collect their data.

9. Changes

We may update this policy. Material changes will be reflected by updating the "Last updated" date above.

10. Contact

Privacy questions or data requests: hello@online-webhooks.com.