Privacy Policy

Last Updated: October 8, 2025

1. Introduction

Welcome to Webhook Capture Tool ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, store, and delete your information when you use our webhook capture and inspection service.

2. Information We Collect

2.1 Account Information

When you create an account using Google OAuth, we collect and store:

• Name: Your display name from your Google account
• Email Address: Your email address from your Google account
• Profile Picture URL: A link to your Google profile picture
• Google User ID: A unique identifier from Google

2.2 Webhook Event Data

When you capture webhook events through our service, we temporarily store:

• HTTP method, headers, query parameters, and request body
• Source IP address of the incoming request
• Timestamp of when the event was received
• Status code returned to the sender

3. Automatic PII Protection

Before storing any webhook data, we automatically detect and mask personally identifiable information (PII). This process occurs in real-time before data reaches our database. The following PII types are automatically masked:

• Email addresses (partial masking: first and last character visible)
• Phone numbers (partial masking: last 4 digits visible)
• Social Security Numbers (last 4 digits visible)
• Credit card numbers (last 4 digits visible)
• IP addresses found in request bodies (partial masking)
• Driver's license numbers (partial masking)
• Passport numbers (partial masking)
• Street addresses (masked)
• ZIP codes (masked)
• Dates of birth (masked)

Important: Original, unmasked PII is never stored in our database. Only the masked versions are persisted.

4. Data Retention and Deletion

4.1 Webhook Event Data

We implement strict data retention policies to protect your privacy:

• Active Storage: Webhook events are automatically deleted after 24 hours from our primary database
• Backup Deletion: All webhook data is completely purged from backup systems within 30 days
• Per-Endpoint Limit: Each webhook endpoint stores a maximum of 10,000 events. When this limit is exceeded, the oldest events are automatically deleted
• Manual Deletion: You can delete webhook endpoints and all associated events at any time from your dashboard

4.2 Account Information

Your account information (name, email, profile picture) is retained as long as your account is active. You may request account deletion at any time by contacting us.

5. How We Use Your Information

We use the collected information solely for:

• Providing the webhook capture and inspection service
• Authenticating your account and maintaining your session
• Displaying your webhook endpoints and captured events
• Communicating important service updates (if applicable)

6. Data Security

We implement industry-standard security measures:

• Encryption: All data is transmitted over HTTPS
• Authentication: Secure OAuth 2.0 authentication via Google
• Session Management: HTTPOnly cookies with 7-day expiration
• Infrastructure: Hosted on Cloudflare's edge network with global security protections
• Automatic PII Masking: Sensitive data is masked before storage

7. Data Sharing

We do not sell, rent, or share your personal information with third parties, except:

• When required by law or legal process
• To protect our rights, property, or safety
• With your explicit consent

8. Your Rights

You have the right to:

• Access your personal data and webhook events
• Delete your webhook endpoints and events at any time
• Export your webhook events in CSV format
• Request account deletion
• Withdraw consent for data processing

9. Cookies

We use essential cookies for:

• Session Management: HTTPOnly session cookies to maintain your logged-in state (7-day expiration)
• OAuth State: Temporary cookies for secure authentication flow

We do not use tracking or advertising cookies.

10. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last Updated" date at the top of this policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@credaris.com

Company: Credaris LLC

By using our service, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.