Privacy Policy

Last updated: February 2025

1. Overview

HeyListenUp ("we", "us", "our") is a webhook inspection and monitoring service. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. We aim to collect the minimum necessary to operate the service.

2. Data We Collect

Account Data

When you sign up, we collect your email address and name via Clerk, our authentication provider. Clerk handles authentication and stores your credentials securely. We do not store passwords.

Webhook Payload Data

When an HTTP request is sent to your endpoint URL, we store the request method, headers, body, source IP address, and timestamp. This data is stored according to your plan's retention limit and deleted automatically thereafter.

You are responsible for what data is sent to your endpoints. We recommend avoiding sending sensitive personal data (passwords, payment card numbers, government IDs) through HeyListenUp.

Usage Data

We collect basic usage information such as API request counts and endpoint activity to enforce plan limits and detect abuse. We do not use third-party analytics trackers.

Billing Data

Payments are processed by Stripe. We store your Stripe customer ID and subscription status, but never your payment card details — those are held exclusively by Stripe.

3. How We Use Your Data

  • To provide, operate, and improve the Service
  • To authenticate you and manage your account
  • To process billing and manage your subscription
  • To send transactional emails (account confirmations, billing receipts)
  • To enforce our Terms of Service and detect abuse
  • To respond to support requests

We do not sell your data. We do not use your webhook payload data to train machine learning models or for any purpose other than displaying it back to you.

4. Data Retention

Webhook events are retained according to your plan:

  • Free: 48 hours
  • Pro: 90 days
  • Team: 1 year

Account data is retained for as long as your account is active. Upon account deletion, we delete your data within 30 days.

5. Third-Party Services

We use the following third-party services to operate HeyListenUp:

  • Clerk — authentication and user management
  • Stripe — payment processing and billing
  • Cloudflare — infrastructure, edge network, and data storage

Each provider has its own privacy policy. We share only the minimum data necessary with each provider.

6. Data Security

We use industry-standard security practices including TLS encryption in transit and access controls on our infrastructure. Webhook endpoint tokens are cryptographically random and unique per endpoint. That said, no system is 100% secure — please avoid sending highly sensitive data through HeyListenUp.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and associated data
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain processing of your data

To exercise any of these rights, email privacy@heylistenup.app. We will respond within 30 days.

8. Cookies

We use only session cookies necessary for authentication (managed by Clerk). We do not use advertising cookies or third-party tracking cookies.

9. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice in the Service. Continued use after changes take effect constitutes acceptance of the updated policy.

11. Contact

Questions about this Privacy Policy? Email us at privacy@heylistenup.app.