Privacy Policy

1. Data controller

Alessio Papa is the data controller for personal data processed through the Service. If you have questions about this policy or your data, contact us through the HookBeam support channels.

2. Personal data we collect

We collect the following categories of personal data:

• Account data: name, email address, and authentication credentials (managed via Supabase Auth).
• Usage data: endpoints created, webhook events processed, request logs, and feature usage.
• Technical data: IP address, browser type, device identifiers, and cookies where applicable.
• Communication data: messages you send to our support team.

3. How we use your data

We process personal data for the following purposes and legal bases:

• To provide and maintain the Service (performance of contract).
• To authenticate your account and keep it secure (legitimate interest and legal obligation).
• To provide customer support and respond to inquiries (performance of contract and legitimate interest).
• To improve the Service, diagnose issues, and conduct product analytics (legitimate interest).
• To send service-related notices and, where permitted, marketing communications (legitimate interest or consent).
• To comply with applicable legal obligations and prevent fraud or abuse (legal obligation and legitimate interest).

4. Data sharing

We do not sell personal data. We share data only with:

• Service providers: hosting, authentication, analytics, and support tooling providers that process data on our behalf.
• Paddle: our Merchant of Record for payment processing, subscription management, tax compliance, and invoicing.
• Professional advisers: legal, accounting, and insurance advisers where necessary.
• Authorities: when required by law or to protect our rights, users, or the public.

5. International transfers

Some of our service providers may process data outside your country of residence, including in the United States and the European Economic Area. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses to protect your data.

6. Data retention

We retain personal data for as long as your account is active or as needed to provide the Service. Webhook payload data is retained according to the plan limits and your deletion requests. When data is no longer needed, we delete or anonymise it securely.

7. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, and to receive your data in a portable format. To exercise your rights, contact us through the Service or at our support email.

8. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and regular security reviews. No online service is completely secure, and we cannot guarantee absolute security.

9. Cookies

We use essential cookies to keep you signed in and maintain session state. We may also use analytics cookies to understand how the Service is used. You can manage cookie preferences through your browser settings. For more information, please read our Cookie Policy.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page with an updated effective date. Continued use of the Service after changes constitutes acceptance of the revised policy.