Privacy Policy

Last updated: March 15, 2026

1. Information We Collect

Account Information: When you register, we collect your name, email address, and password (stored as a bcrypt hash). We generate API keys for your account.

Database Connection URIs: We collect and store your database connection strings. These are encrypted at rest using AES-256-GCM and are only used to establish CDC connections on your behalf.

Event Data: We temporarily process and store database change events (inserts, updates, deletes) as they flow through our system for delivery to your webhook endpoints. Event data is retained according to your plan's retention period.

Usage Data: We track aggregate usage metrics (event counts, delivery statistics, latency) for billing and service monitoring purposes.

2. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To process and deliver webhook events to your configured endpoints
  • To manage your account and provide customer support
  • To calculate billing and enforce plan usage limits
  • To monitor service health and improve reliability
  • To send important service-related notifications

3. Data Security

We implement industry-standard security measures including:

  • AES-256-GCM encryption for stored database credentials
  • HMAC-SHA256 signing for webhook deliveries
  • bcrypt password hashing with salt rounds
  • Rate limiting to prevent abuse
  • Encrypted data transmission via HTTPS

4. Data Retention

Event data is retained according to your plan's retention period (1 day for Free, 7 days for Pro, 30 days for Business). Expired events are automatically purged. Account data is retained while your account is active and for a reasonable period after deletion to comply with legal obligations.

5. Data Sharing

We do not sell, rent, or share your personal information or event data with third parties. We may share data only:

  • With your consent
  • To comply with legal obligations or valid legal process
  • To protect the rights, property, or safety of StreamHook, our users, or the public
  • With service providers who assist us in operating the Service (under strict confidentiality agreements)

6. Your Rights

You have the right to:

  • Access and export your account data
  • Correct inaccurate personal information
  • Delete your account and associated data
  • Object to certain processing activities

To exercise these rights, contact us at privacy@streamhook.in.

7. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or through the Service. Continued use after changes constitutes acceptance of the updated policy.

8. Contact

For questions about this Privacy Policy, contact us at privacy@streamhook.in.