Privacy Policy
Last updated: June 2026
Information We Collect
We collect information you provide when creating an account (email, name from OAuth), contact form submissions you send us, and data about your webhook events (payload bodies, headers, metadata, timestamps). Event payloads are stored to enable replay, inspection, and sharing features.
How We Use Your Information
We use your information to operate the FixedHook service (route webhooks, store events, deliver replays), provide customer support, send service-related communications (not marketing), detect and prevent abuse, and improve the product. We never sell your personal data or event payloads.
Data Retention
We retain webhook event data for the duration specified by your plan (e.g., 3 days for Free, 30 days for Builder, 90 days for Studio). Account information is retained until you delete your account. Contact form submissions are retained for customer support purposes. You can request deletion of your data at any time by contacting us.
Event Payload Processing
Webhook payloads are transmitted through our relay service and stored in encrypted object storage (Cloudflare R2). Payloads are processed in transit only to determine routing, perform signature verification, and enable inspection and replay features. We do not scan, analyze, or mine event payloads for any purpose other than operating the service.
Third-Party Services
We use Clerk for authentication, Neon for our primary database, Upstash Redis for caching and real-time event streaming, Cloudflare R2 for payload storage, and Vercel for hosting. Each of these providers is GDPR-compliant and SOC 2 certified where applicable. We do not share your data with any other third parties.
Cookies & Tracking
We use essential cookies required for authentication and service operation. We do not use tracking cookies, fingerprinting, or third-party analytics that collect personal data. We collect minimal, anonymized usage metrics to understand how the product is used and to improve it.
Data Security
All data transmitted to and from FixedHook is encrypted in transit via TLS 1.3. Payloads are encrypted at rest in object storage. Authentication is handled by Clerk, which provides industry-standard security measures. We implement rate limiting, input validation, and abuse detection to protect the service.
Your Rights
You have the right to access, correct, or delete your personal data at any time. You can export your event history through the dashboard. You can delete your account, which will remove all associated data within 30 days. To exercise any of these rights, contact us at hello@mail.fixedhook.com.
Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated via email to account holders. Continued use of the service after changes constitutes acceptance of the updated policy.
Contact
For questions about this privacy policy or to exercise your data rights, email us at hello@mail.fixedhook.com or use the contact form at fixedhook.com/contact.