Privacy Policy

1. Introduction

Welcome to CatchHooks ("we," "us," "our," or the "Service"). CatchHooks is operated as an individual business entity (Business Code: 1449676) registered in Lithuania and provides webhook catching, inspection, and debugging tools for developers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website located at https://www.catchhooks.com and our related services.

By accessing or using CatchHooks, you agree to this Privacy Policy. If you disagree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide Directly

2.2 Information Collected Automatically

2.3 Webhook Data

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

• Create and manage your account
• Provide webhook catching and debugging functionality
• Display webhook requests and responses with custom responses you configure
• Enable webhook forwarding to specified endpoints
• Provide advanced filtering capabilities for webhook data
• Facilitate team sharing and collaboration features
• Enable bulk export of webhook data
• Process payments and manage subscriptions
• Provide API access for programmatic use
• Deliver email and priority support based on your plan

3.2 Service Improvement

• Monitor and analyze usage patterns and trends
• Improve Service features and user experience
• Develop new features and functionality
• Ensure Service security and prevent abuse

3.3 Communication

• Send Service-related notifications
• Respond to support requests
• Send technical notices and security alerts
• Provide updates about Service changes (with consent for marketing)

3.4 Legal and Compliance

• Comply with applicable laws and regulations
• Enforce our Terms of Service
• Protect our rights and property
• Prevent fraud and maintain Service security

4. Data Retention

4.1 Account Data

We retain your account information for as long as your account is active or as needed to provide you services. You may request deletion of your account at any time.

4.2 Webhook Data

• Data Retention Period: Webhook data is retained according to your subscription plan's data retention settings
• Bulk Export: You may export your webhook data at any time using our bulk export feature
• Manual Deletion: You can delete specific webhook data at any time through your dashboard
• Automatic Expiration: Data automatically expires and is deleted based on your plan's retention period
• Permanent Deletion: When webhook data is deleted or expires, it is permanently removed from our systems within 48 hours
• Backup Retention: Deleted data may persist in backups for up to 30 days before permanent deletion

4.3 Usage Analytics

Aggregated and anonymized usage data may be retained indefinitely for analytical purposes.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We may share information with third-party service providers who assist in operating our Service:

• Cloud infrastructure providers (for hosting)
• Payment processors (for billing)
• Email service providers (for notifications)
• Analytics providers (for service improvement)

All service providers are contractually obligated to protect your information and use it only for specified purposes.

5.2 Legal Requirements

We may disclose information if required by law or in response to:

• Court orders or subpoenas
• Government requests
• Law enforcement requirements
• Protection of our legal rights

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

5.4 Consent

We may share your information with your explicit consent for specific purposes.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information:

6.1 Security Measures

• Encryption of data in transit (TLS/SSL)
• Encryption of sensitive data at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Regular security updates and patches
• Employee training on data protection

6.2 Incident Response

In the event of a data breach that affects your personal information, we will notify you within 72 hours and take immediate steps to mitigate the impact.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to access your personal information and request a copy in a portable format.

7.2 Correction

You may update or correct your account information through your account settings or by contacting us.

7.3 Deletion

You may request deletion of your account and associated data. Note that some information may be retained for legal or legitimate business purposes.

7.4 Opt-Out

You may opt-out of:

• Marketing communications (via unsubscribe links)
• Non-essential cookies (through browser settings)
• Analytics tracking (through browser tools)

7.5 Data Processing Objection

You may object to certain types of data processing where we rely on legitimate interests.

8. International Data Transfers

CatchHooks is operated from Lithuania, within the European Union. When we transfer data outside the EEA, we ensure appropriate safeguards:

8.1 Transfers to Third Countries

For any data transfers outside the EEA, we rely on:

• Adequacy decisions by the European Commission
• Standard contractual clauses (SCCs)
• Your explicit consent where required

8.2 Service Providers

Our primary infrastructure and service providers are located in:

• European Union (preferred)
• United States (with appropriate safeguards)

We ensure all international transfers comply with GDPR requirements for data protection.

9. Children's Privacy

CatchHooks is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will promptly delete the information.

10. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know about personal information collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at support@catchhooks.com.

11. European Privacy Rights

As a service operated from Lithuania (European Union), we fully comply with the General Data Protection Regulation (GDPR). If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights:

11.1 Legal Basis

We process your information based on:

• Contract performance: To provide the Service you've requested
• Legitimate interests: To improve and secure the Service, prevent fraud
• Legal obligations: To comply with applicable laws
• Consent: For marketing communications and optional features

11.2 Your GDPR Rights

• Right to Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restriction: Limit processing of your personal data
• Right to Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Complain: Lodge a complaint with the Lithuanian State Data Protection Inspectorate or your local supervisory authority

To exercise these rights, contact us at support@catchhooks.com.

12. Cookie Policy

12.1 Types of Cookies We Use

• Essential Cookies: Required for Service functionality
• Analytics Cookies: Help us understand Service usage
• Preference Cookies: Remember your settings and preferences
• Session Cookies: Maintain your logged-in state

12.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may impact Service functionality.

13. Third-Party Links

CatchHooks may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

14. API and Developer Considerations

14.1 API Usage

When using our API:

• API keys are encrypted and should be kept confidential
• API usage is logged for security and billing purposes
• Rate limits are enforced to ensure Service availability
• API access is available based on your subscription plan
• All API requests are subject to the same data handling practices described in this policy

14.2 Webhook Features

Our Service provides several advanced features:

• Webhook Forwarding: You can configure automatic forwarding of webhooks to other endpoints
• Custom Responses: Set up custom HTTP responses for incoming webhooks
• Advanced Filters: Create filters to organize and search webhook data
• Team Sharing: Share webhook endpoints and data with team members

14.3 Team Collaboration

When using team sharing features:

• Team members have access to shared webhook endpoints and data
• You are responsible for managing team member access
• Removing a team member revokes their access to shared data
• Each team member's actions are logged for accountability

14.4 Webhook Payload Responsibility

You are responsible for ensuring that webhook payloads sent to CatchHooks do not contain:

• Personally identifiable information of third parties without consent
• Sensitive personal data (health, financial, etc.) unless properly secured
• Credentials or secrets that should remain confidential

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification for material changes
• Displaying a notice on the Service dashboard

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

16. Contact Information

17. Dispute Resolution and Governing Law

This Privacy Policy is governed by the laws of Lithuania and the European Union. Any disputes relating to this Privacy Policy will be resolved through:

1. Good faith negotiations
2. Mediation under Lithuanian law (if negotiations fail)
3. The competent courts of Lithuania

For privacy-related complaints, you may also contact the Lithuanian State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija) at www.ada.lt.

18. Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you need this policy in an alternative format, please contact us.

19. Language

This Privacy Policy is written in English. If translated versions are provided, the English version prevails in case of conflicts.