Hookbridge Privacy Policy

Effective Date: February 10, 2026

This Privacy Policy explains how Lark Software LLC, doing business as Hookbridge ("Hookbridge," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our webhook delivery and retry platform, our websites, APIs, dashboards, and related services (collectively, the "Services").

If you do not agree with this Privacy Policy, do not use the Services.

1. Scope and Roles

Hookbridge is a business-to-business platform. This Privacy Policy applies to:

• Customers and authorized users who create and manage Hookbridge accounts.
• Visitors to our websites.
• End users whose data may be processed through our Services on behalf of a customer.

Controller vs. Processor

• For account, billing, and operational data collected directly by Hookbridge, we are the data controller.
• For data processed on behalf of customers (including webhook payloads and delivery logs), we act as a data processor and process such data only on documented instructions from the customer, subject to applicable data processing agreements.

2. Information We Collect

2.1 Information You Provide Directly

• Account information: name, work email, company name, account credentials, and user roles.
• Billing information: billing address, subscription details, and transaction metadata. Payment details are processed by our payment processor; we do not store full payment card numbers.
• Configuration data: webhook endpoint URLs, API key labels, retry settings, alert preferences, and related settings.
• Communications: support requests, feedback, and other communications with our team.

2.2 Information Collected Automatically

• Usage and log data: IP address, timestamps, API endpoints accessed, response codes, request duration, and error logs.
• Device data: browser type, operating system, device identifiers, and similar technical data.
• Analytics data: pages viewed, feature usage, and interaction metadata.

2.3 Customer Data (Webhook Payloads)

When customers use the Services to transmit webhooks, we process webhook payloads and related delivery metadata on their behalf. This data is used to provide delivery, retry, observability, and troubleshooting features. Retention for webhook payloads and delivery logs may be configurable by the customer and depends on their plan and settings.

3. How We Use Information

We use information to:

• Provide, maintain, and secure the Services.
• Authenticate users and manage access.
• Deliver webhooks, retries, and observability features.
• Process subscriptions, invoices, and payments.
• Monitor performance, reliability, and abuse.
• Communicate service updates, security notices, and support responses.
• Improve and develop the Services.
• Comply with legal obligations and enforce our agreements.

4. Legal Bases for Processing (EEA/UK/Switzerland)

Where the GDPR or similar laws apply, we rely on the following legal bases:

• Performance of a contract (to provide the Services).
• Legitimate interests (to secure, improve, and operate the Services).
• Legal obligation (to comply with applicable laws).
• Consent (for optional marketing communications where required by law).

5. Cookies and Analytics

We use cookies and similar technologies for authentication, security, preferences, and analytics. You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Services.

6. Sharing and Disclosure

We do not sell personal data. We may share information with:

• Service providers and subprocessors who assist with infrastructure, analytics, support, and payment processing.
• Legal and compliance recipients when required by law or to protect rights, safety, or integrity of the Services.
• Business transfers in the event of a merger, acquisition, or asset sale.

A current list of key subprocessors is available upon request.

7. International Data Transfers

We may process data in countries other than your own. Where required, we use appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.

8. Data Retention

We retain personal data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention for webhook payloads and delivery logs may be controlled by customer settings or plan limits. When data is no longer needed, we delete or anonymize it.

9. Security

We maintain technical and organizational safeguards designed to protect personal data, including encryption in transit, access controls, and monitoring. No system is completely secure, and we cannot guarantee absolute security.

10. Your Rights and Choices

Depending on your location, you may have rights to:

• Access, correct, or delete personal data.
• Object to or restrict certain processing.
• Portability of your data.
• Withdraw consent where processing is based on consent.

If you are an end user whose data is processed on behalf of a customer, please direct requests to that customer. We will assist customers in responding to verified requests where required by law.

11. Children's Privacy

The Services are not intended for individuals under 18, and we do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and provide notice as required by law.

13. Contact Us

If you have questions or requests regarding this Privacy Policy, contact us at:

• Email: privacy@hookbridge.io
• Company: Lark Software LLC, d/b/a Hookbridge