Privacy Policy

HookLab stores the webhook requests that third parties send to the capture endpoints you create, so you can inspect and replay them. Endpoints and their captured requests are temporary: 7 days for anonymous endpoints, 30 days for account endpoints, then they expire automatically.

What we store

Your account email, a hashed API key, aggregate usage counters, and — per endpoint — the last 100 captured requests (method, query string, headers, up to 64KB of body). Cookie, Authorization and X-API-Key headers are removed before storage and are never persisted.

Your responsibility

Captured payloads may contain whatever the sender put in them. Point production systems at a capture endpoint only if you are authorized to process that data, and prefer test-mode payloads where possible.

Your rights

You can request export or deletion of your account data at any time by emailing hello@gethooklab.dev.