We appreciate your engagement with our “Services”, whether you're visiting our website at https://hookdeck.com/ (the “Website”) or utilizing our webhook infrastructure to develop, test and monitor your integrations. At Hookdeck, safeguarding your privacy and protection of personal data is top priority.
This Privacy Policy (the “Policy”) outlines essential information about who we are, the personal data we collect, and how we handle your information while you use our Services or engage with us. We are committed to transparency and respect for your rights under the law. Please take a moment to carefully read and understand this Policy.
Key Elements of this Policy
Here are the critical aspects of our Privacy Policy to help you quickly understand how we handle your personal data. Your consent for the collection, use, and disclosure of your personal data is implied when you submit it to us. For detailed information, please refer to the complete Policy.
| Personal data we collect from you but only with your consent | What we do with it | Third parties we share it with |
|---|---|---|
| Contact information | Communicate with you | Companies that provide email services, such as Customer.io |
| Account Information | Create an account for you, communicate with you, and provide you with certain Services | Companies providing technical infrastructure for the Services, specifically Google Cloud Platform, Cubedev, Datadog, Lumu, Cloudflare, Vercel, Aiven and Clickhouse Cloud |
| Chat information | Communicate with you and respond to your inquiry | Companies providing chat and communication services, such as Crisp and Slack |
| Billing information | Allow you to pay for the fees for use of Services | Stripe, our payment processor |
Terms
Before delving into the details, familiarize yourself with these key terms:
- Data Protection Laws:
- Refers to laws designed to safeguard personal data and privacy, including:
- GDPR (General Data Protection Regulation):
- The European Data Protection Law outlined in Regulation (EU) 2016/679.
- PIPEDA (Personal Information Protection and Electronic Documents Act):
- Canadian Data Protection Law applicable to our activities in Canada.
- CCPA (California Consumer Privacy Act):
- Applies to our activities in the United States under certain circumstances.
- GDPR (General Data Protection Regulation):
- Refers to laws designed to safeguard personal data and privacy, including:
- Personal Data:
- Defined in the GDPR as "any information relating to an identified or identifiable natural person." Equivalent to "personal information" under PIPEDA and CCPA.
- Other Terms:
- Definitions used in this Policy can be found in our Terms of Use, maintaining consistent meaning across both documents.By providing this structured overview, users can quickly grasp the meaning of essential terms.
About Hookdeck and How to Contact Us
Hookdeck Technologies Inc. ("Hookdeck"):
- A duly-incorporated company under the laws of Canada.
Definition:
- When this Policy mentions "Hookdeck," it encompasses Hookdeck Technologies Inc. and/or its various stakeholders, including shareholders, officers, directors, employees, agents, partners, principals, representatives, successors, and assigns, depending on the context.
Data Controller under GDPR:
- Hookdeck, under the General Data Protection Regulation (GDPR), is designated as a "data controller." This means that we directly collect personal data from you and determine the purpose and means of processing that data. "Processing" includes actions such as collection, use, storage, transfer, or any other activities related to your personal data.
Contact Us:
- If you have questions about this Policy, privacy, data-related matters, or wish to exercise your privacy rights, please reach out to our Privacy Officer.
Hookdeck Privacy Officer:
privacy@hookdeck.com
Hookdeck Mailing address:
Hookdeck Privacy Officer 465 Rue McGill, Suite 700, Montréal, Québec. H2Y 2H1 Canada
Your Privacy Rights
Your privacy is important, and you have specific rights regarding your personal data. These rights may vary based on the Data Protection Laws applicable to your location. Here are your privacy rights concerning your data held by Hookdeck:
- Right to Withdraw Consent:
- You can withdraw your consent for Hookdeck to process your personal data at any time.
- Right to Erasure:
- You have the right to request the removal of your personal data from Hookdeck's records.
- Right to Access:
- You can access your personal data, including information about its processing and use.
- Right to Data Portability:
- Receive a readable copy of your personal data for easy transfer to another data processor.
- Right to Rectification:
- If you believe your personal data is inaccurate or outdated, you have the right to correction or updates.
- Right to Opt-Out of Marketing Communications:
- You can opt out of marketing communications from Hookdeck at any time.
- Right to Information on Data Sharing:
- Know whether Hookdeck sells or shares your personal data and to whom. Refer to relevant sections in this Policy or contact our Privacy Officer for clarification.
- Right to Refuse Data Selling:
- You have the right to demand that Hookdeck does not sell your personal data.
- Right to Restrict Processing:
- If your data is inaccurate or its processing violates the law, you can restrict its processing.
- Right to Refuse Targeted Marketing:
- Refuse any marketing or advertising targeted at you by Hookdeck.
To exercise any of these rights, contact our Privacy Officer using the information provided above or refer to relevant sections in this Policy. Your rights can be exercised without affecting the cost of the Services, but note that certain actions may impact your use of some or all Services. Your privacy matters, and we're here to help you protect it.
Personal Data Collected from You and What We Use It For
In the table below, you will find a summary of the personal data we may collect from you directly, its purpose, and the legal basis under the GDPR for us having and processing this personal data. Under PIPEDA, the legal basis is your informed consent, and by submitting this personal data you acknowledge having granted this consent to Hookdeck.
| Personal data category | Personal data processed | Who we get the data from | What we use it for (the “purpose” of processing) | Legal basis for processing under the GDPR |
|---|---|---|---|---|
| Account Information | Certain Google or GitHub | Certain Google or GitHub | To provide you with the Services | Your consent and performance of a contract |
If you have provided personal data as part of the contract between you and us, failure to provide such data or withdrawal of your consent to use such data may result in our inability to provide certain services to you.
We do not collect any sensitive personal data under the GDPR unless you voluntarily submit it, either through the Website’s chat function or via email. We encourage you not to provide sensitive personal information through these channels.
Who We Transfer Your Personal Data To
We routinely share certain types of your personal data with specific third parties, identified in the table below along with their respective purposes. Some of these third-party recipients may operate outside your home jurisdiction. If you are in the European Economic Area, please see the “Transfer of Your Personal Data Outside of the European Economic Area” further down in this Policy for more information including on how we safeguard your personal data in such cases.
We share personal data with law enforcement or public authorities if required by applicable law, including lawful requests related to national security or law enforcement. We may also share data to investigate, prevent illegal activities, fraud, or threats to safety, or violations of Hookdeck’s Terms of Use.
Additionally, we may share personal data with: (1) parent companies, subsidiaries, or joint ventures under common control (requiring them to adhere to this Policy); (2) in the event of a merger, corporate reorganization, or business sale or transfer (with the new entity assuming our obligations under this Policy or informing you of a new privacy policy).
| Personal data category | Who we transfer it to | What they do with it |
|---|---|---|
| Account Information | Companies providing technical infrastructure for the Services, specifically Google Cloud Platform, Cubedev, Datadog, Lumu, Cloudflare, Vercel, Segment and Aiven | Control your logging in to the Services so they can be provided to you, and record-keeping |
| Contact information | Companies that provide email services, specifically http://customer.io/ and https://www.mailgun.com/ as detailed more fully in the Email Communications section below | Send you emails |
| Chat information | Companies providing chat and communication services, such as https://crisp.chat/en/ and https://slack.com/intl/en-ca/ | Operate the chat service on the Website and allow us to communicate with one another using Slack |
| Billing information | https://stripe.com/en-ca, our payment processor | Process your payments for the fees you pay for the Services |
| Analytics identifiers (including your IP address) | Companies that provide data analytics, specifically https://www.google.com/analytics/, https://logrocket.com/ and https://posthog.com/ | Provide us with analytics as to how the Services are used and to trace fraudulent activities |
Tracking Technology (“Cookies” and Related Technologies)
By using the Services, you agree to the use of tracking technology, including "cookies" and related technologies like tags, pixels, and web beacons. Cookies, which are small text files, are placed on your computer or device when you visit the Website or use the Services. They track your site or service usage, aiming to enhance the user experience by storing specific data on your device.
We employ cookies and related technologies for the following purposes:
- Facilitating your sign-in to the Services.
- Providing internal and user analytics on the Website, conducting research to enhance Service content using analytics programs outlined in this Policy.
- Assisting in identifying potential fraudulent activities.
You can configure your browser to reject or delete cookies after storage. Instructions for commonly-used browsers and operating systems are provided below:
Note: Deleting or blocking certain cookies might impact your user experience, requiring re-entry of specific information. It may also prevent certain functions or the entire Services from working properly.
Email Communications and Compliance with Anti-Spam Laws
Hookdeck utilizes Customer.io to manage our mailing list and send promotional emails. Additionally, Mailgun is employed to send out emails related to various Services functions (Customer.io and Mailgun, collectively the “Email Service Providers”). Personal data is transferred to the Email Service Providers in order to manage the mailing list and facilitate proper email dispatch.. Your Contact Information is only used to send out emails; the Email Service Providers do not use this Personal Information for any other purpose and will not transfer or sell your Personal Information to any other third party. For more information, please refer to Customer.io's Privacy Policy or Mailgun's Privacy Policy.
To unsubscribe from Hookdeck’s mailing list, use the link at the bottom of all Hookdeck emails. Note that certain emails, such as transactional and relational ones related to the Services, won't have an opt-out option, as they are necessary for Service use.
Hookdeck ensures email practices comply with anti-spam laws, particularly Canada’s Anti-Spam Law (CASL), S.C. 2010, c. 23. If you believe you've received an email violating these laws, please contact us using the information provided earlier in this Policy.
How We Protect Your Personal Data
We have implemented stringent technical and organizational procedures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed by us. These procedures safeguard your personal data from loss, unauthorized use, or access.
In the event of a suspected data security breach, our established procedures include notifying you and any relevant supervisory authority, complying with the time frames dictated by applicable Data Protection Laws.
Hookdeck adheres to industry best practices, employing physical, electronic, and procedural measures to secure all collected data, including personal data. Our reliance on third-party vendors and hosting partners, such as Google Cloud Platform, Netifly, Cloudflare, and Vercel, ensures robust security standards in data hosting and storage, including personal data.
All information, including personal data, is transferred with encryption through Secure Sockets Layer (“SSL”) or Transport Layer Security (“TLS”)—widely recognized security standards for Internet data transfer and transactions. You can verify Hookdeck’s valid SSL security certificate using your browser.
Transfer of Your Personal Data Outside of the European Economic Area (EEA)
For our European users, we strive to keep your personal data inside the EEA. However, certain of our data processors (and Hookdeck) are located in other countries where your personal data may be transferred. These countries meet specific criteria ensuring your data protection:
- Canada: Considered to have an “adequate level of protection” for your personal data under European data protection law.
- The United States: Your personal data is only transferred to U.S. companies that: (1) have signed agreements with us or declared GDPR compliance, and (2) have adopted the Standard Contractual Clauses for data transfer outside the EEA.
Should you wish to refuse the transfer of your data outside the EEA, please contact our Privacy Officer. Note that this request may impact your ability to use certain or all Services.
Supervisory Authorities and Complaints
If you are in the EEA, under the GDPR you have the right to make a complaint to the appropriate supervisory authority. If you are not satisfied with the response received or the actions taken by our Privacy Officer, or if you would like to make a complaint directly about Hookdeck’s data practices, we invite you to contact the supervisory authority in your country. If you are in the U.K., you should contact the Information Commissioner’s Office who is the supervisory authority. You can reach them in a variety of ways, including by phone (0303 123 1113 in the UK) and mail (Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF). If you are in France, you should contact the Commission Nationale de l'Informatique et des Libertés who is the supervisory authority there. Their contact information can be found here.
The full listing of all Data Protection Authorities (the supervisory authorities) across the EEA can be found here.
Data Retention
Your personal data will only be kept for as long as it is necessary for the purpose needed for that processing. For example, we will only retain your Account Information for as long as you have an account with us.
Automated Decision-Making
Hookdeck does not use any automated decision-making processes in providing the Services.
Children’s Privacy Statement
The Services are not intended for children under the age of 16. We do not knowingly collect any personal data from a child under 16. If we become aware that we have inadvertently received personal data from a person under the age of 16 through the Services, we will delete such information from our records.
Changes to This Privacy Policy
The date at the top of this page indicates when this Policy was last updated. Periodically, we will have to update this Policy, and we will update it no less than once every 12 months. You can always find the most updated version at this URL, and we will always post a notice on the Services. If you have a Hookdeck account, we will also send you an email to inform you of the Policy updates and highlight any important changes.