Privacy Policy

Last updated: February 18, 2026

1. Who We Are

ShopHooks (“we”, “us”, “our”) is a webhook monitoring service for Shopify developers and store operators. Our website is located at shophooks.dev.

2. Data We Collect

2.1 Account Information

When you create an account (via Clerk authentication), we collect:

  • Email address
  • Name (as provided by your authentication provider)
  • Authentication provider ID

2.2 Endpoint Monitoring Data

When you add webhook endpoints for monitoring, we collect and store:

  • Endpoint URLs you provide
  • Health check results (status codes, response times)
  • Incident history (downtime events, resolution timestamps)
  • Alert configuration preferences

2.3 Payment Information

Payment processing is handled by Stripe. We store your Stripe customer ID to manage your subscription. We do not store credit card numbers, bank account details, or other financial credentials on our servers.

2.4 Analytics and Diagnostics

With your consent, we collect anonymized usage analytics via:

  • Vercel Analytics — page views, web vitals, and performance metrics (no personal identifiers)
  • Sentry — error reports and stack traces to diagnose bugs (may include your user ID for debugging)

3. How We Use Your Data

  • Monitor your webhook endpoints and send health check results
  • Send alert notifications (email, Slack) when issues are detected
  • Provide AI-powered health summaries and incident investigation
  • Process your subscription payments via Stripe
  • Improve our service through anonymized usage analytics
  • Respond to your support requests

4. Data Sharing

We share your data only with these service providers, strictly for the purposes described above:

  • Clerk — authentication and identity management
  • Stripe — payment processing
  • Resend — transactional email delivery (alert notifications)
  • Anthropic — AI analysis of your monitoring data (health summaries, incident investigations)
  • Vercel — hosting and anonymized analytics
  • Sentry — error tracking and diagnostics
  • Railway — backend hosting and database

We do not sell, rent, or trade your personal information to third parties. We do not share your data with advertisers.

5. Data Retention

  • Account data — retained while your account is active. Deleted within 30 days of account deletion request.
  • Health check data — retained based on your plan (Free: 7 days, Pro: 90 days, Team: 1 year).
  • Incident history — same retention as health check data.
  • Payment records — retained as required by tax and accounting laws (typically 7 years).

6. Your Rights

Under GDPR, CCPA, and other applicable privacy laws, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct any inaccurate or incomplete data
  • Erasure — request deletion of your personal data (“right to be forgotten”)
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to the processing of your data
  • Withdraw consent — withdraw consent for analytics tracking at any time via the cookie settings

To exercise any of these rights, email us at privacy@shophooks.dev. We will respond within 30 days.

7. Cookies and Tracking

We use essential cookies required for authentication (provided by Clerk). These cannot be disabled as they are necessary for the service to function.

Analytics cookies (Vercel Analytics, Sentry) are loaded only after you provide consent via our cookie banner. You can change your preference at any time.

8. Security

We protect your data using:

  • HTTPS encryption for all data in transit
  • Encrypted database connections
  • JWT-based authentication with short-lived tokens
  • Webhook signature verification (HMAC-SHA256)
  • Rate limiting on all API endpoints
  • HSTS, X-Frame-Options, and Content Security headers

9. International Data Transfers

Our servers are hosted in the United States (via Railway and Vercel). If you are located outside the US, your data will be transferred to and processed in the US. We rely on standard contractual clauses provided by our service providers to ensure adequate data protection.

10. Children's Privacy

ShopHooks is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email or through a notice on our website. Your continued use of ShopHooks after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this privacy policy or your data, contact us at:

Email: privacy@shophooks.dev