Privacy Policy

Overview

This Privacy Policy explains how FirmHook collects, uses, shares, protects, and retains information when you visit our website, create an account, use our dashboard, call our APIs, or send webhook events through our infrastructure.

Information we collect

• Account information, including names, email addresses, passwords, organization names, roles, invited users, authentication records, and account preferences.
• Billing information, including plan details, invoices, payment status, billing address, tax information, and payment processor identifiers. Full card numbers are handled by our payment processor and are not stored by FirmHook.
• Webhook and service data, including event payloads, headers, source identifiers, destination URLs, delivery attempts, response codes, retry history, timestamps, routing rules, transformations, rejected requests, and diagnostic logs.
• Usage and device data, including IP addresses, browser type, operating system, pages viewed, API usage, feature interactions, session metadata, and approximate location derived from technical data.
• Support and communication data, including messages, attachments, feedback, survey responses, bug reports, and records of our interactions with you.

How we use information

• To provide, operate, secure, monitor, maintain, and improve FirmHook.
• To deliver, replay, retry, transform, route, inspect, and troubleshoot webhook events according to your configuration.
• To authenticate users, manage organizations, enforce permissions, protect accounts, and detect suspicious activity.
• To process billing, manage subscriptions, calculate usage, issue invoices, and administer refunds or credits.
• To communicate service updates, security notices, support responses, product changes, and administrative messages.
• To analyze reliability, performance, usage trends, and product quality in a way that helps us improve the service.

Webhook payloads and sensitive data

FirmHook processes webhook payloads and headers according to your configuration. Because webhook payloads may contain personal data or confidential business data, you should avoid sending unnecessary sensitive information and should use filtering, transformations, retention controls, and access controls where available.

Legal bases for processing

• We process information to perform our contract with you, including account access, webhook delivery, billing, support, and service administration.
• We process information for legitimate interests such as service security, fraud prevention, product improvement, operational analytics, and customer communication.
• We process information where required to comply with legal obligations, tax rules, accounting requirements, dispute resolution, or lawful requests.
• Where consent is required, we rely on consent and allow it to be withdrawn as required by applicable law.

How we share information

• With service providers that support hosting, infrastructure, logging, analytics, payments, email, customer support, security, and business operations.
• With destinations, endpoints, and integrations that you configure or authorize.
• With organization administrators and authorized users according to workspace roles and permissions.
• With legal, regulatory, security, or law enforcement parties when required by law or needed to protect rights, safety, customers, or the service.
• In connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate confidentiality protections.

Data retention

We retain information for as long as needed to provide FirmHook, meet legal and accounting requirements, resolve disputes, enforce agreements, maintain security, and support backups. Webhook event data, logs, and delivery history may be retained according to your plan, workspace settings, and our operational backup schedules.

Security

We use administrative, technical, and organizational safeguards designed to protect information, including encryption in transit, access controls, monitoring, logging, and operational security practices. No system is perfectly secure, and you are responsible for securing your accounts, credentials, API keys, webhook secrets, and destination endpoints.

International transfers

FirmHook may process and store information in countries other than where you are located. When required, we use appropriate safeguards for international transfers, such as contractual protections, vendor due diligence, and other lawful transfer mechanisms.

Your choices and rights

• You may access and update certain account and organization information through your account settings.
• You may request access, correction, deletion, export, restriction, or objection where applicable law gives you those rights.
• You may opt out of non-essential marketing communications, but we may still send transactional, security, billing, and service notices.
• Organization data requests may need to be handled through the organization administrator or account owner.

Cookies and similar technologies

We may use cookies, local storage, and similar technologies to keep you signed in, remember preferences, secure sessions, understand usage, and improve FirmHook. Browser settings may allow you to block or delete cookies, but some service features may stop working correctly.

Children

FirmHook is intended for business and developer use and is not directed to children. We do not knowingly collect personal information from children under the age required by applicable law.

Changes to this policy

We may update this Privacy Policy as our service, legal obligations, or data practices change. If changes are material, we will provide notice through the service, email, or another reasonable channel.

Contact

Privacy questions, data requests, security concerns, and administrative inquiries can be sent to support@firmhook.com or admin@firmhook.com.