Privacy Policy
Effective date: May 1, 2026
1. Introduction
This Privacy Policy explains how WebhookBase collects, uses, stores, shares, and protects personal data and other information processed through our website, accounts, dashboard, support channels, billing flows, webhook delivery tools, replay tools, forwarding features, and local agent functionality.
WebhookBase is operated by ALEXIOS T. KATSADOURIS in Greece. For privacy or legal questions, contact [email protected].
2. Roles of the Parties
For account registration, account administration, billing, website operations, fraud prevention, abuse detection, security, support, and business operations, WebhookBase generally acts as a data controller.
For webhook payloads, headers, request metadata, replay content, forwarding configurations, delivery logs, and similar data processed by customers through the Service, WebhookBase generally acts as a processor or service provider on behalf of the customer, subject to applicable agreements, including any Data Processing Addendum.
3. Information We Collect
Depending on how you use the Service, we may collect:
• account information such as name, email address, authentication details, and password hash where applicable
• workspace information such as organization name, members, permissions, and configuration settings
• billing information such as subscription plan, transaction status, billing contact details, and payment provider references
• usage and telemetry data such as login events, product interactions, service activity, and operational diagnostics
• website analytics data, where enabled, such as page views, referring pages, approximate location, device and browser information, cookie or similar identifiers, and interactions with our website
• webhook-related data such as headers, bodies, request metadata, delivery attempts, replay information, forwarding targets, and agent-related identifiers
• technical information such as IP address, browser details, device information, timestamps, and system logs
• support information such as messages, tickets, feedback, and troubleshooting material you choose to provide
4. How We Use Information
We use information to provide, operate, maintain, and support the Service.
We use information to authenticate users, secure accounts, and protect the platform.
We use information to process subscriptions, payments, invoices, and billing-related events.
We use information to monitor performance, troubleshoot issues, prevent abuse, and improve reliability.
We use website analytics to understand traffic, page usage, and product interest so we can improve the website and Service.
We use information to respond to support requests and communicate service-related notices.
We may use limited contact information to send transactional emails, service updates, security notifications, and legal notices.
5. Webhook Content and Customer Responsibility
WebhookBase is a developer infrastructure tool. Webhook payloads and related data routed through the Service may contain personal data, business data, secrets, operational metadata, or other sensitive information depending on the third-party systems you connect.
Customers are responsible for determining whether they are permitted to send such data through the Service and for configuring use of the Service in a way that matches their own legal, contractual, security, and compliance obligations.
The Service is not intended for protected health information under HIPAA, payment card data subject to PCI DSS, regulated production secrets, or other highly regulated data unless we have separately agreed in writing and appropriate safeguards are in place. Customers should avoid sending account passwords, private keys, access tokens, payment card numbers, health records, or other sensitive regulated data through webhook endpoints unless they have authority and a suitable legal and security basis.
6. Legal Bases
Where applicable, we process personal data on one or more of the following legal bases: performance of a contract, legitimate interests in operating and securing the Service, compliance with legal obligations, and consent where consent is required.
• account, workspace, authentication, dashboard, endpoint, delivery, replay, forwarding, and agent functionality: performance of a contract
• security, abuse prevention, operational logging, fraud detection, and service reliability: legitimate interests and, where applicable, legal obligations
• billing, subscriptions, tax records, and payment administration: performance of a contract and legal obligations
• support, feedback, and service communications: performance of a contract and legitimate interests
• Google Analytics and non-essential analytics cookies: consent
7. Sharing of Information
We do not sell personal data. We may share information with trusted service providers and subprocessors that help us operate the Service, such as hosting, infrastructure, authentication, email, customer support, analytics, logging, and payment providers.
We use Google Analytics on production website pages to measure and report website traffic and usage. Google Analytics may use cookies or similar identifiers and collect information such as page views, browser and device information, approximate location, referring pages, and interaction data. We do not intentionally send webhook payloads, account passwords, secrets, payment card details, or other directly identifying customer content to Google Analytics.
You can learn more about how Google uses information from sites and apps that use its services at policies.google.com/technologies/partner-sites.
We may also disclose information where required by law, to respond to lawful requests, to enforce our Terms, or to protect the rights, safety, security, and integrity of WebhookBase, our users, or third parties.
We may process and retain billing, invoice, VAT, and tax-related information and disclose or transmit it to tax authorities, accounting systems, invoicing systems, or legally required platforms, including AADE/myDATA where applicable.
Additional information about our subprocessors may be provided on our Subprocessors page or in our Data Processing Addendum.
8. Data Retention
We retain information only for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate operational needs.
Retention periods may vary by data type, plan, workspace settings, technical limits, support requirements, abuse prevention, and backup cycles. Certain webhook deliveries, attempt history, replayable data, logs, and related artifacts may be subject to plan-specific retention rules or deletion after downgrade, cancellation, or expiry.
Current delivery retention limits are 3 days on Free, 30 days on Pro, 60 days on Team, and custom by agreement for Enterprise. Attempt records, payload bodies, replayable content, and related delivery metadata may follow the same or shorter retention windows depending on plan limits, body-size limits, abuse prevention needs, and system operation. Backups and security logs may be retained for a limited additional period where necessary for restoration, auditing, security, legal, or operational purposes.
9. Security
We implement administrative, technical, and organizational measures designed to protect information against unauthorized access, disclosure, alteration, and destruction, taking into account the nature of the data and the risks involved.
However, no method of transmission, storage, or processing is fully secure, and we cannot guarantee absolute security.
10. International Transfers
Your information may be processed in countries other than your own, depending on where our infrastructure and service providers operate. Where required by applicable law, we take steps intended to provide appropriate safeguards for international data transfers.
11. Your Rights
Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, object to, or export your personal data. You may also have the right to withdraw consent where processing is based on consent and to lodge a complaint with a competent supervisory authority.
If we process personal data on behalf of a customer as processor, we may direct your request to the relevant customer where appropriate.
To exercise privacy rights, contact us at [email protected]. If you are in the European Economic Area, you may also have the right to lodge a complaint with your local data protection authority.
12. Children’s Privacy
The Service is not intended for children, and we do not knowingly collect personal data from children.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we may provide notice through the website, dashboard, or email. The updated version becomes effective on the date shown above.
14. Contact
If you have questions about this Privacy Policy or our privacy practices, contact us at [email protected].