We appreciate your engagement with our “Services”, whether you're visiting our website at https://hookdeck.com/ (the “Website”) or utilizing our webhook infrastructure to develop, test and monitor your integrations. At Hookdeck, safeguarding your privacy and protection of personal data is top priority.

This Privacy Policy (the “Policy”) outlines essential information about who we are, the personal data we collect, and how we handle your information while you use our Services or engage with us. We are committed to transparency and respect for your rights under the law. Please take a moment to carefully read and understand this Policy.

Key Elements of this Policy

Here are the critical aspects of our Privacy Policy to help you quickly understand how we handle your personal data. Your consent for the collection, use, and disclosure of your personal data is implied when you submit it to us. For detailed information, please refer to the complete Policy.

Personal data we collect from you but only with your consentWhat we do with itThird parties we share it with
Contact informationCommunicate with youCompanies that provide email services, such as Customer.io
Account InformationCreate an account for you, communicate with you, and provide you with certain ServicesCompanies providing technical infrastructure for the Services, specifically Google Cloud Platform, Cubedev, Datadog, Lumu, Cloudflare, Vercel, Aiven and Clickhouse Cloud
Chat informationCommunicate with you and respond to your inquiryCompanies providing chat and communication services, such as Crisp and Slack
Billing informationAllow you to pay for the fees for use of ServicesStripe, our payment processor


Before delving into the details, familiarize yourself with these key terms:

  • Data Protection Laws:
    • Refers to laws designed to safeguard personal data and privacy, including:
      • GDPR (General Data Protection Regulation):
        • The European Data Protection Law outlined in Regulation (EU) 2016/679.
      • PIPEDA (Personal Information Protection and Electronic Documents Act):
        • Canadian Data Protection Law applicable to our activities in Canada.
      • CCPA (California Consumer Privacy Act):
        • Applies to our activities in the United States under certain circumstances.
  • Personal Data:
    • Defined in the GDPR as "any information relating to an identified or identifiable natural person." Equivalent to "personal information" under PIPEDA and CCPA.
  • Other Terms:
    • Definitions used in this Policy can be found in our Terms of Use, maintaining consistent meaning across both documents.By providing this structured overview, users can quickly grasp the meaning of essential terms.

About Hookdeck and How to Contact Us

Hookdeck Technologies Inc. ("Hookdeck"):

  • A duly-incorporated company under the laws of Canada.


  • When this Policy mentions "Hookdeck," it encompasses Hookdeck Technologies Inc. and/or its various stakeholders, including shareholders, officers, directors, employees, agents, partners, principals, representatives, successors, and assigns, depending on the context.

Data Controller under GDPR:

  • Hookdeck, under the General Data Protection Regulation (GDPR), is designated as a "data controller." This means that we directly collect personal data from you and determine the purpose and means of processing that data. "Processing" includes actions such as collection, use, storage, transfer, or any other activities related to your personal data.

Contact Us:

  • If you have questions about this Policy, privacy, data-related matters, or wish to exercise your privacy rights, please reach out to our Privacy Officer.

Hookdeck Privacy Officer:


Hookdeck Mailing address:

Hookdeck Privacy Officer 465 Rue McGill, Suite 700, Montréal, Québec. H2Y 2H1 Canada

Your Privacy Rights

Your privacy is important, and you have specific rights regarding your personal data. These rights may vary based on the Data Protection Laws applicable to your location. Here are your privacy rights concerning your data held by Hookdeck:

  1. Right to Withdraw Consent:
  • You can withdraw your consent for Hookdeck to process your personal data at any time.
  1. Right to Erasure:
  • You have the right to request the removal of your personal data from Hookdeck's records.
  1. Right to Access:
  • You can access your personal data, including information about its processing and use.
  1. Right to Data Portability:
  • Receive a readable copy of your personal data for easy transfer to another data processor.
  1. Right to Rectification:
  • If you believe your personal data is inaccurate or outdated, you have the right to correction or updates.
  1. Right to Opt-Out of Marketing Communications:
  • You can opt out of marketing communications from Hookdeck at any time.
  1. Right to Information on Data Sharing:
  • Know whether Hookdeck sells or shares your personal data and to whom. Refer to relevant sections in this Policy or contact our Privacy Officer for clarification.
  1. Right to Refuse Data Selling:
  • You have the right to demand that Hookdeck does not sell your personal data.
  1. Right to Restrict Processing:
  • If your data is inaccurate or its processing violates the law, you can restrict its processing.
  1. Right to Refuse Targeted Marketing:
  • Refuse any marketing or advertising targeted at you by Hookdeck.

To exercise any of these rights, contact our Privacy Officer using the information provided above or refer to relevant sections in this Policy. Your rights can be exercised without affecting the cost of the Services, but note that certain actions may impact your use of some or all Services. Your privacy matters, and we're here to help you protect it.

Personal Data Collected from You and What We Use It For

In the table below, you will find a summary of the personal data we may collect from you directly, its purpose, and the legal basis under the GDPR for us having and processing this personal data. Under PIPEDA, the legal basis is your informed consent, and by submitting this personal data you acknowledge having granted this consent to Hookdeck.

Personal data categoryPersonal data processedWho we get the data fromWhat we use it for (the “purpose” of processing)Legal basis for processing under the GDPR
Account InformationCertain Google or GitHubCertain Google or GitHubTo provide you with the ServicesYour consent and performance of a contract

If you have provided personal data as part of the contract between you and us, failure to provide such data or withdrawal of your consent to use such data may result in our inability to provide certain services to you.

We do not collect any sensitive personal data under the GDPR unless you voluntarily submit it, either through the Website’s chat function or via email. We encourage you not to provide sensitive personal information through these channels.

Who We Transfer Your Personal Data To

We routinely share certain types of your personal data with specific third parties, identified in the table below along with their respective purposes. Some of these third-party recipients may operate outside your home jurisdiction. If you are in the European Economic Area, please see the “Transfer of Your Personal Data Outside of the European Economic Area” further down in this Policy for more information including on how we safeguard your personal data in such cases.

We share personal data with law enforcement or public authorities if required by applicable law, including lawful requests related to national security or law enforcement. We may also share data to investigate, prevent illegal activities, fraud, or threats to safety, or violations of Hookdeck’s Terms of Use.

Additionally, we may share personal data with: (1) parent companies, subsidiaries, or joint ventures under common control (requiring them to adhere to this Policy); (2) in the event of a merger, corporate reorganization, or business sale or transfer (with the new entity assuming our obligations under this Policy or informing you of a new privacy policy).

Personal data categoryWho we transfer it toWhat they do with it
Account InformationCompanies providing technical infrastructure for the Services, specifically Google Cloud Platform, Cubedev, Datadog, Lumu, Cloudflare, Vercel, Segment and AivenControl your logging in to the Services so they can be provided to you, and record-keeping
Contact informationCompanies that provide email services, specifically http://customer.io/ and https://www.mailgun.com/ as detailed more fully in the Email Communications section belowSend you emails
Chat informationCompanies providing chat and communication services, such as https://crisp.chat/en/ and https://slack.com/intl/en-ca/Operate the chat service on the Website and allow us to communicate with one another using Slack
Billing informationhttps://stripe.com/en-ca, our payment processorProcess your payments for the fees you pay for the Services
Analytics identifiers (including your IP address)Companies that provide data analytics, specifically https://www.google.com/analytics/, https://logrocket.com/ and https://posthog.com/Provide us with analytics as to how the Services are used and to trace fraudulent activities

By using the Services, you agree to the use of tracking technology, including "cookies" and related technologies like tags, pixels, and web beacons. Cookies, which are small text files, are placed on your computer or device when you visit the Website or use the Services. They track your site or service usage, aiming to enhance the user experience by storing specific data on your device.

We employ cookies and related technologies for the following purposes:

  • Facilitating your sign-in to the Services.
  • Providing internal and user analytics on the Website, conducting research to enhance Service content using analytics programs outlined in this Policy.
  • Assisting in identifying potential fraudulent activities.

You can configure your browser to reject or delete cookies after storage. Instructions for commonly-used browsers and operating systems are provided below:

Note: Deleting or blocking certain cookies might impact your user experience, requiring re-entry of specific information. It may also prevent certain functions or the entire Services from working properly.

Email Communications and Compliance with Anti-Spam Laws

Hookdeck utilizes Customer.io to manage our mailing list and send promotional emails. Additionally, Mailgun is employed to send out emails related to various Services functions (Customer.io and Mailgun, collectively the “Email Service Providers”). Personal data is transferred to the Email Service Providers in order to manage the mailing list and facilitate proper email dispatch.. Your Contact Information is only used to send out emails; the Email Service Providers do not use this Personal Information for any other purpose and will not transfer or sell your Personal Information to any other third party. For more information, please refer to Customer.io's Privacy Policy or Mailgun's Privacy Policy.

To unsubscribe from Hookdeck’s mailing list, use the link at the bottom of all Hookdeck emails. Note that certain emails, such as transactional and relational ones related to the Services, won't have an opt-out option, as they are necessary for Service use.

Hookdeck ensures email practices comply with anti-spam laws, particularly Canada’s Anti-Spam Law (CASL), S.C. 2010, c. 23. If you believe you've received an email violating these laws, please contact us using the information provided earlier in this Policy.

How We Protect Your Personal Data

We have implemented stringent technical and organizational procedures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed by us. These procedures safeguard your personal data from loss, unauthorized use, or access.

In the event of a suspected data security breach, our established procedures include notifying you and any relevant supervisory authority, complying with the time frames dictated by applicable Data Protection Laws.

Hookdeck adheres to industry best practices, employing physical, electronic, and procedural measures to secure all collected data, including personal data. Our reliance on third-party vendors and hosting partners, such as Google Cloud Platform, Netifly, Cloudflare, and Vercel, ensures robust security standards in data hosting and storage, including personal data.

All information, including personal data, is transferred with encryption through Secure Sockets Layer (“SSL”) or Transport Layer Security (“TLS”)—widely recognized security standards for Internet data transfer and transactions. You can verify Hookdeck’s valid SSL security certificate using your browser.

Transfer of Your Personal Data Outside of the European Economic Area (EEA)

For our European users, we strive to keep your personal data inside the EEA. However, certain of our data processors (and Hookdeck) are located in other countries where your personal data may be transferred. These countries meet specific criteria ensuring your data protection:

  • Canada: Considered to have an “adequate level of protection” for your personal data under European data protection law.
  • The United States: Your personal data is only transferred to U.S. companies that: (1) have signed agreements with us or declared GDPR compliance, and (2) have adopted the Standard Contractual Clauses for data transfer outside the EEA.

Should you wish to refuse the transfer of your data outside the EEA, please contact our Privacy Officer. Note that this request may impact your ability to use certain or all Services.

Supervisory Authorities and Complaints

If you are in the EEA, under the GDPR you have the right to make a complaint to the appropriate supervisory authority. If you are not satisfied with the response received or the actions taken by our Privacy Officer, or if you would like to make a complaint directly about Hookdeck’s data practices, we invite you to contact the supervisory authority in your country. If you are in the U.K., you should contact the Information Commissioner’s Office who is the supervisory authority. You can reach them in a variety of ways, including by phone (0303 123 1113 in the UK) and mail (Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF). If you are in France, you should contact the Commission Nationale de l'Informatique et des Libertés who is the supervisory authority there. Their contact information can be found here.

The full listing of all Data Protection Authorities (the supervisory authorities) across the EEA can be found here.

Data Retention

Your personal data will only be kept for as long as it is necessary for the purpose needed for that processing. For example, we will only retain your Account Information for as long as you have an account with us.

Automated Decision-Making

Hookdeck does not use any automated decision-making processes in providing the Services.

Children’s Privacy Statement

The Services are not intended for children under the age of 16. We do not knowingly collect any personal data from a child under 16. If we become aware that we have inadvertently received personal data from a person under the age of 16 through the Services, we will delete such information from our records.

Changes to This Privacy Policy

The date at the top of this page indicates when this Policy was last updated. Periodically, we will have to update this Policy, and we will update it no less than once every 12 months. You can always find the most updated version at this URL, and we will always post a notice on the Services. If you have a Hookdeck account, we will also send you an email to inform you of the Policy updates and highlight any important changes.