webhooks.cc
DocsDashboard

Privacy Policy

Last updated: March 9, 2026

webhooks.cc is a webhook inspection and testing tool. This policy describes what data we collect, why, and how we handle it.

What We Collect

Account info. When you sign in with GitHub or Google, we receive your email address, display name, and profile picture from the OAuth provider.

Webhook data. We store the requests sent to your endpoints: HTTP method, path, headers, query parameters, request body, and sender IP address.

Billing identifiers. If you subscribe to a paid plan, we store your Polar customer ID and subscription ID. We do not store payment card details.

How We Use It

We use your data for three purposes:

  • Authenticating your account
  • Capturing and displaying webhook requests
  • Managing subscription billing

We do not sell your data or use it for advertising.

Third-Party Services

Supabase hosts our database and handles authentication.

Polar.sh processes subscription payments.

PostHog provides privacy-friendly product analytics. See the Analytics section below for details.

We do not use advertising networks.

Analytics

We use PostHog to understand how people use webhooks.cc. PostHog is configured without cookies: no cookies are set and no cross-site tracking occurs. A random anonymous identifier is stored in your browser's localStorage to recognize returning visitors on webhooks.cc.

What we collect. Page views, button clicks, referrer URL, and UTM campaign parameters. For logged-in users we associate analytics events with your account to understand usage patterns.

What we do not collect. We do not fingerprint your browser, track you across sites, or build advertising profiles.

Legal basis. We process this data under legitimate interest (GDPR Art. 6(1)(f)) to improve our service. You can opt out by using a standard content blocker that blocks PostHog.

Data location. By default, analytics data is processed and stored within the European Union by PostHog. Self-hosted deployments may override the analytics host via the NEXT_PUBLIC_POSTHOG_HOST environment variable. For the production deployment at webhooks.cc, data is sent to PostHog's EU endpoint. See PostHog's privacy policy.

Data Retention

Free plan: Captured requests are cleared on each billing period reset.

Pro plan: Requests are retained for 30 days.

Ephemeral (anonymous) endpoints and their requests are automatically deleted when they expire.

Cookies & Storage

Authentication is managed by Supabase and uses standard session mechanisms. We store your theme preference (light/dark) and a PostHog anonymous identifier in localStorage. We do not use tracking cookies.

Your Data

You can delete your endpoints and their captured requests at any time from the dashboard. To delete your account entirely, visit your account page.

Contact

Questions about this policy? Email [email protected].