Data Processing Addendum

This Data Processing Addendum ("DPA") forms part of the Terms of Service between WebhookBase and the customer to the extent WebhookBase processes personal data on behalf of the customer in connection with the Service.

WebhookBase is operated by ALEXIOS T. KATSADOURIS in Greece. Notices related to this DPA may be sent to [email protected].

1. Roles of the Parties

Customer acts as controller or processor, as applicable, and WebhookBase acts as processor or subprocessor, as applicable, with respect to Customer Data processed through the Service on behalf of the customer.

2. Processing Instructions

WebhookBase will process personal data only on documented instructions from the customer, including as necessary to provide the Service, comply with the Terms, maintain security, prevent abuse, and comply with applicable law.

3. Nature and Purpose of Processing

Processing may include collection, storage, organization, transmission, inspection, forwarding, replay, deletion, and other operations necessary to provide webhook capture, inspection, replay, forwarding, agent communication, customer support, and security-related functions.

4. Categories of Data and Data Subjects

Categories of personal data and data subjects depend on the customer’s use of the Service and may include webhook payload data, request metadata, logs, identifiers, and business records transmitted by the customer or third-party systems connected by the customer.

5. Confidentiality and Security

WebhookBase will ensure that persons authorized to process personal data are subject to appropriate confidentiality obligations and will implement appropriate technical and organizational measures designed to protect personal data.

6. Subprocessors

Customer authorizes WebhookBase to use subprocessors in connection with the Service. WebhookBase will impose data protection obligations on subprocessors as required by applicable law and may maintain an up-to-date subprocessor list on a separate page.

The current subprocessor list is available at /legal/subprocessors. Customer may object to a new subprocessor where required by applicable data protection law by contacting us within a reasonable period after notice.

7. Assistance

Taking into account the nature of the processing and the information available to WebhookBase, WebhookBase will provide reasonable assistance to the customer in responding to data subject requests, security incidents, and other obligations under applicable data protection law, to the extent required and commercially reasonable.

8. Deletion and Return

Upon termination of the relevant services, WebhookBase will delete or return personal data in accordance with the Terms, customer settings, retention schedules, backup cycles, and applicable law, unless retention is legally required.

Current delivery retention limits are 3 days on Free, 30 days on Pro, 60 days on Team, and custom by agreement for Enterprise. Backup, audit, abuse-prevention, and security records may be retained for a limited additional period where reasonably necessary.

9. International Transfers

Where required, the parties will rely on appropriate transfer mechanisms for cross-border personal data transfers, including applicable standard contractual clauses or other lawful safeguards.

10. Security Contact

Security reports may be sent to [email protected].