Privacy Policy

Last updated: February 5, 2026

ThunderHooks ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our webhook testing and debugging service.

1. Information We Collect

Information You Provide

  • Account Information: Email address and password when you register
  • Payment Information: Processed securely through Stripe; we do not store credit card numbers
  • Webhook Data: HTTP requests sent to your ThunderHooks endpoints, including headers, body content, and metadata

Information Collected Automatically

  • Usage Data: Pages visited, features used, timestamps
  • Device Information: Browser type, operating system, IP address
  • Cookies: Session cookies for authentication and preferences

2. How We Use Your Information

We use collected information to:

  • Provide and maintain the ThunderHooks service
  • Process transactions and send related information
  • Send administrative emails (service updates, security alerts)
  • Respond to customer support requests
  • Analyze usage to improve our service
  • Detect and prevent fraud or abuse

Legal Bases for Processing (GDPR):

  • Contract Performance: Processing necessary to provide the service you signed up for
  • Legitimate Interests: Analytics, security, and service improvement
  • Consent: Marketing communications (where applicable)

3. Data Retention

  • Account Data: Retained while your account is active, deleted within 30 days of account deletion
  • Webhook Data: Retained according to your plan (7-365 days), then automatically purged
  • Payment Records: Retained for 7 years for legal/tax compliance

4. Data Sharing

We do not sell your personal information. We share data only with:

  • Service Providers: Stripe (payments), hosting providers
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger or acquisition

Subprocessors

Provider Purpose Location
Stripe Payment processing USA
Turso Database hosting EU/USA

5. Your Rights (GDPR & CCPA)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent

To exercise these rights, email privacy@thunderhooks.com or use the account deletion feature in Settings.

Response Time: We respond to all requests within 30 days.

6. Data Security

We implement appropriate technical and organizational measures:

  • HTTPS encryption for all data in transit
  • Encrypted database storage
  • Regular security audits
  • Access controls and authentication
  • Automatic session expiration

7. International Transfers

If you are located in the EU/EEA, your data may be transferred to servers in the United States. We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements with subprocessors

8. Cookies

We use essential cookies for:

  • Authentication (session management)
  • Security (CSRF protection)
  • Preferences (dark mode setting)

We do not use tracking or advertising cookies.

Managing Cookies: You can disable cookies in your browser settings, but this may affect service functionality.

9. Children's Privacy

ThunderHooks is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us for removal.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or service notification. Continued use after changes constitutes acceptance.

11. Contact Us

For privacy-related questions or to exercise your rights:

12. Data Protection Officer

For EU residents with unresolved concerns, you may contact your local Data Protection Authority.