Last updated April 12, 2026
Privacy Policy
AnyHook ("we", "our", "us") operates anyhook.net and in.anyhook.net. This policy explains what data we collect, why we collect it, how we protect it, and your rights over it.
1. Who We Are
AnyHook is a webhook relay service. Our registered contact for privacy matters is gba3124@gmail.com. If you are located in the European Economic Area, this entity acts as your data controller.
2. Data We Collect
Account data
When you sign up, we collect your name, email address, and — if you sign in via Google OAuth — your Google profile information. Payment details (credit card, billing address) are collected directly by Stripe and are never stored on our servers.
Webhook payloads
When a sender (Stripe, GitHub, Shopify, etc.) POSTs a webhook to your AnyHook inbound URL, we receive and temporarily store the full HTTP request: headers, body, IP address, and timestamp. This data is used exclusively to deliver the event to your destination, log the outcome, and enable replay. It is retained for the duration of your plan's event window (3 days / 30 days / 90 days) and then permanently and automatically deleted.
Usage and technical data
We collect metadata about how you use the dashboard (pages visited, actions taken, error events) and standard server logs (IP address, user-agent, request timestamps). This data helps us operate and improve the service.
Cookies and local storage
We use session cookies required for authentication (managed by Clerk) and first-party analytics cookies (PostHog). We do not use third-party advertising cookies. You can disable non-essential cookies in your browser settings; this will not affect core service functionality.
3. How We Use Your Data
- To authenticate your account and manage your subscription.
- To receive, queue, deliver, and log webhook events on your behalf.
- To send transactional emails (delivery alerts, payment receipts, account notices).
- To monitor service health, debug errors, and improve reliability.
- To bill you correctly for usage under your plan.
- To respond to your support requests.
We do not use your webhook payload data to train machine learning models, build advertising profiles, or share with any party other than those necessary to deliver the service.
4. Sub-processors and Third Parties
We engage the following sub-processors to operate AnyHook. Each processes only the data necessary for their function.
| Vendor | Purpose | Location |
|---|---|---|
| Clerk | User authentication & session management | US |
| Stripe | Payment processing & subscription billing | US |
| Neon (Neondatabase) | PostgreSQL database (events, apps, accounts) | US |
| Upstash | Message queue (QStash) for webhook delivery | US |
| Vercel | Serverless hosting & edge CDN | Global |
| Cloudflare | Ingress Workers, DDoS protection | Global |
| Resend | Transactional email delivery | US |
| Sentry | Error tracking & performance monitoring | US |
| PostHog | Product analytics (self-hosted or EU cloud) | EU / US |
| Better Stack | Uptime monitoring & status page | EU |
5. Data Retention
- Webhook events (payloads, headers, logs): automatically deleted after your plan's retention window — 3 days (Free), 30 days (Pro), 90 days (Scale).
- Account data: retained while your account is active. Deleted within 30 days of a verified account deletion request.
- Billing records: retained for 7 years to comply with financial regulations, even after account deletion.
- Anonymised usage metrics: may be retained indefinitely for service improvement.
6. Security
All data is encrypted in transit using TLS 1.2+. Webhook payload data is encrypted at rest in our database. Signature secrets (used to verify sender authenticity) are stored encrypted and are never exposed in logs or API responses. We conduct periodic security reviews and apply patches promptly.
In the event of a data breach that affects your personal data, we will notify you and, where required, the relevant supervisory authority within 72 hours of becoming aware of the breach.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access — request a copy of your personal data.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion of your account and associated personal data.
- Portability — receive your data in a machine-readable format.
- Restriction / Objection — limit or object to certain processing.
- Opt-out of sale (CCPA) — we do not sell personal data.
To exercise any of these rights, email gba3124@gmail.com. We will respond within 30 days.
8. International Transfers
AnyHook operates globally. Your data may be processed in countries outside your own, including the United States. Where we transfer data from the EEA to third countries, we rely on Standard Contractual Clauses or equivalent safeguards as approved by the European Commission.
9. Children
AnyHook is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us immediately.
10. Changes to This Policy
We may update this policy from time to time. When we make material changes, we will email registered users and update the "Last updated" date above. Continued use of the service after the effective date constitutes acceptance of the revised policy.
11. Contact
Questions or requests regarding this policy: gba3124@gmail.com