Privacy Policy for HookMux

Last Updated: 31 October 2025

Thank you for choosing HookMux ("we," "us," "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service").

Please read this privacy policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect information in a few different ways:

A. Information You Provide to Us

  • Account Information: When you register for an account, we collect your email address and a hashed password (using bcrypt).
  • OAuth Information: If you sign up using an OAuth provider (like Google or GitHub), we receive your email address and a unique provider ID from them. We do not receive your password from these services.
  • Billing Information: When you upgrade to a paid plan, we ask for your payment information. This is collected and processed directly by our payment processor, Stripe. We do not store your full credit card number on our servers. We only store metadata provided by Stripe, such as your Stripe Customer ID and subscription status.

B. Information We Process on Your Behalf (Your Data)

This is the data you send through our core routing service. We only process this data to provide the Service to you.

  • Webhook Data (Payloads): We temporarily store the full content of the webhooks you send to your Source URLs. This includes all HTTP headers, query parameters, and the request body. This data may contain sensitive information, and you are responsible for ensuring you have the rights to process it.
  • Destination Configuration: We store the endpoint URLs for your Destinations. Configuration Secrets (Custom Headers): If you provide custom headers for a destination (e.g., an Authorization token or x-api-key), we store this information. All custom header values are end-to-end encrypted at rest in our database to protect your secrets.
  • Log Data (Job Results): We store the results of each webhook delivery attempt, including the response status, response headers, and response body from your destination's server.
  • Alert Configuration: If you set up alerts, we store the target (e.g., email address) you provide for us to send notifications to.

C. Information We Collect Automatically

  • Session Information: We use cookies to manage your login session. These are essential for the security and functionality of your account.
  • Log Files: Like most web services, our servers automatically collect standard log information, including your IP address, browser type, and access times. We use this for monitoring, security, and debugging.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service: To route your webhooks, store your configurations, and display your activity logs.
  • Manage Your Account: To authenticate you, create your session, and manage your user settings.
  • Process Payments: To manage your subscription, send you invoices, and handle billing inquiries through Stripe.
  • Communicate with You: To send you important service-related notices (like password resets) and to send failure notifications as configured by you (your Alerts).
  • Secure Our Service: To monitor for and prevent fraudulent activity, abuse, and security incidents.
  • Enforce Our Policies: To uphold our Terms of Service.

We will never sell your personal information or your Webhook Data.

3. How We Share Your Information

We do not share your private information except in the limited circumstances described here:

  • With Your Destinations: The entire purpose of our Service is to send your Webhook Data to the destinations you configure. We will send the payload, along with any custom headers you've added, to the URLs you provide.
  • With Service Providers: We use third-party companies to help us operate our Service:
    • Stripe: To process your payments.
    • ZeptoMail: To send transactional emails (like password resets and failure alerts).
    • CloudFlare Workers, Cloudfanatic: To host our frontends, servers and databases.
  • For Legal Reasons: We may disclose your information if required by law or in response to a valid legal request, such as a subpoena or court order.

4. Data Security

We take the security of your data very seriously. We implement appropriate technical and organizational measures to protect it, including:

  • Password Hashing: We use bcrypt to hash all user passwords.
  • Encryption at Rest: We encrypt all sensitive configuration data, including your Custom Destination Headers and any secrets you provide.
  • Secure Connections: We use SSL/TLS (HTTPS) for all data transmitted between your browser and our servers.
  • Access Control: We limit access to your data to only the personnel who need it to provide and support the Service.

5. Data Retention

We retain your data for different periods depending on its type:

  • Account Information: We retain your account data (email, subscription status) for as long as your account is active.
  • Webhook & Log Data: We retain your Webhook Data (payloads and jobResults) according to the "Activity Log Retention" limit of your subscription plan. For example:
    • Free Plan: No retention.
    • Dev Plan: 5-day retention.
    • Team Plan: 14-day retention.
    • Growth Plan: 6-month retention.
    • Unlimited Plan: capped up to 3-year retention.

    Data older than your plan's limit is automatically and permanently deleted.

6. Your Rights & Choices

You have control over your information:

  • Access & Update: You can access and update your account information (like your password) at any time in your Account Settings page.
  • Account Deletion: You can permanently delete your account at any time from your Account Settings page. This action is irreversible and will:
    1. Immediately cancel any active Stripe subscription.
    2. Permanently delete all your Account Information, Sources, Destinations, Custom Headers, and Alerts.
    3. Permanently delete all of your queued and logged Webhook Data.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us at:
DashHax - contact@hookmux.com