Privacy Policy
Last updated: June 2, 2026
This Privacy Policy explains what information HookSift ("HookSift," "we," "us") collects when you visit www.hooksift.com, apply to our Design Partner Program, or use the Dispatch API at events.hooksift.com, and how we use and protect it.
1. Information we collect
Application data. When you apply for access, we collect the details you submit: work email, company or platform name, expected monthly event volume, your event bus, and your free-text description of your delivery use case.
Operational (delivery) metadata. When you use the service, we process delivery metadata: destination endpoint URLs, event types, timestamps, attempt counts, response status codes, and latency. This metadata is what powers the delivery log, replay, and dashboards.
Event payload bodies. The data object you publish is transient. We hold a payload only as long as needed to attempt delivery and support replay within your plan's retention window, after which it is purged. We do not mine, sell, or repurpose payload contents.
Site analytics. Minimal, privacy-respecting usage analytics (page views, referrer). No cross-site advertising trackers.
2. How we use information
- To review Design Partner applications and contact accepted applicants.
- To operate the service: fan out, sign, retry, deduplicate, and log deliveries.
- To provide the delivery log, replay, and status dashboards.
- To detect abuse, enforce rate limits, and protect service integrity.
- To communicate operational notices (incidents, maintenance, plan changes).
3. Data sharing
We do not sell personal information or event data. We share data only with subprocessors that help us run the service — cloud hosting and edge delivery, error monitoring, and email — under contractual confidentiality and data-protection obligations. We disclose information if required by law or to protect the rights and safety of HookSift and its users.
4. Payload handling & retention
Delivery metadata is retained per plan: 7 days (Signal), 30 days (Fan-out), or 90 days (Dispatch). Event payload bodies are retained only for the active delivery attempt plus the replay window, then purged. Application data is retained for as long as needed to evaluate and, if relevant, onboard your platform, and deleted on request.
5. Security
All traffic is encrypted in transit (TLS). Deliveries are HMAC-signed with per-endpoint secrets and timestamps so receivers can verify authenticity. Tenants are isolated from one another at the fan-out layer. Access to production systems is restricted and audited.
6. Cookies
We use a small number of strictly necessary cookies for session and security. We do not use advertising or cross-site tracking cookies.
7. Your rights
Depending on your jurisdiction, you may have rights to access, correct, export, or delete personal information we hold about you. To exercise these rights, email privacy@hooksift.com.
8. Changes to this policy
We may update this policy as the service evolves. Material changes will be reflected by the "Last updated" date above and, where appropriate, communicated to active partners.
9. Contact
Questions about this policy? Email privacy@hooksift.com.