Last updated on: June 1st, 2018
Data Processing Statement
This is a living document and will be updated with new information as our services evolve. The last updated was June 1st, 2018.
The my.webhookrelay.com Website
Our website generates standard access- and error logs, which are kept for operational reasons. These logs include IP addresses and information about your web browser and operating system version. They are kept for a maximum of 3 months although usually it’s a lot shorter period, and then automatically deleted.
Your Account Details
Your account details; your name, e-mail address and any custom text you have requested we include on your invoices are all visible on your account page. Note that we do not require our users provide us with real names or custom text, this option is a convenience which allows us to compose friendlier e-mails and make sure your receipts contain the information you need for your own accounting purposes.
You are welcome to use a pseudonym or alias. You can also delete your account at any time by using the ‘DELETE ACCOUNT’ button on that page.
The changes made on this page have immediate effect; however old information may remain present in secondary locations, such as:
- The internal system audit log
- E-mail archives
- System backups
Data Transmitted Over Webhook Relay Tunnels
We do not routinely log or store any of the content transmitted over the Webhook Relay tunneling infrastructure.
Exceptions to this will be made only temporarily, if necessary to troubleshoot and diagnose system failures, or to comply with legal requirements such as a subpoena. In practice, as of May 2018, this has never happened - we have never had cause to inspect our customers’ traffic. However, we reserve the right to do so if it becomes necessary for operational or legal reasons.
For operational reasons, our relays keep logs of the following meta-data for up to 7 days:
- Number of requests made (also used for rate-limit enforcement)
- Bytes transmitted for each tunnel
- Tunnel names and protocols used for connections
- Dates, times, bytes transmitted and connection speed for each request
No backups are kept of relay logs and IP addresses are not collected.
Tunnel servers have no access to Account Details and are designed to be standalone.
Data Transmitted When Using Webhooks Forwarding
Webhooks, forwarded through buckets are recorded in the database (request body, headers and destination) for debugging, auditing or resend purposes. It is stored as long as account subscription plan allows it and then gets automatically deleted. Webhook Relay service only tracks the amount of webhooks forwarded in the current month for billing purposes.
Account webhook content data cannot be accessed by anyone, except account owner or any sub-accounts that the account owner has created.
Third Parties: Payment Processors
We delegate payment processing to Stripe. Their privacy policies may be found on their respective websites.
When a payment is made, our payment processors forward to us the information required for us to validate and process your order. This includes most of the information you have provided them with during the payment process, except for credit card details which we never see.
This information is in turn used to provide you with a receipt and update your account quotas.
Third Parties: Hosting Providers
Webhook Relay rents world-wide computing and network capacity from of a variety of different providers, including:
- Github -
- Google Cloud - main infrastructure provider
- Cloudflare - DNS provider
Most of these servers are tunneling servers which have access to very little personal information and are configured to delete all local logs after only a few days have passed. The exception is our web server and account database servers, which also have the public roles of API and DNS servers. These servers are hosted with Google Cloud and our hosting provider also makes backups of live system data on our behalf.
In all cases, the services provided by these Third Parties to Webhook Relay are content agnostic server capacity, public IP addresses and network bandwidth. We do not grant these providers any access to information about individual customers, although by nature of the services they provide, they do store such data on our behalf.
We would consider it a breach of trust and a breach of contract if any of these providers were to access our server disks and extract private information about our customers.
For any GDPR related queries, feel free to contact us on firstname.lastname@example.org.