PRIVACY POLICY
PatternHooks Ltd. ("PatternHooks", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our webhook infrastructure services (the "Services"), visit our website at patternhooks.com, or interact with us.
1. INTRODUCTION
1.1 Who We Are
PatternHooks Ltd. is a company registered in England and Wales (Company No. 73583291) with its registered office at 347 Wilmslow Rd, Manchester, M14 6SS, United Kingdom. We are the "data controller" of personal data we collect through our Site and Services.
1.2 Our Role
PatternHooks acts in two capacities:
- Data Controller: For personal data we collect directly from you (account information, usage data, etc.)
- Data Processor: For personal data contained in webhook payloads processed on behalf of our customers. See our Data Processing Agreement for details.
2. INFORMATION WE COLLECT
2.1 Information You Provide
Account Information
When you create an account:
- Name (first and last)
- Email address
- Company name and size
- Password (stored in hashed form)
- Phone number (optional)
Billing Information
When you subscribe to a paid plan:
- Billing name and address
- Payment method details (processed by Stripe; we do not store full card numbers)
- VAT/Tax identification numbers (where applicable)
Communications
- Email correspondence and support tickets
- Chat messages
- Survey responses and feedback
2.2 Information Collected Automatically
Usage Data
- Features and pages accessed
- Time spent on pages
- Click patterns and navigation paths
- API endpoints called
- Webhook events processed (metadata only)
Device and Technical Information
- IP address
- Browser type and version
- Operating system
- Device type and identifiers
- Timezone and language settings
2.3 Webhook Payload Data
Personal data contained in webhook payloads is processed on behalf of our customers (who are the data controllers). We process this data only as instructed by our customers and in accordance with our Data Processing Agreement.
3. HOW WE USE YOUR INFORMATION
3.1 To Provide Services
- Create and manage your account
- Process webhook events
- Provide customer support
- Send service-related communications
- Process payments and invoicing
3.2 To Improve Services
- Analyze usage patterns and trends
- Conduct research and development
- Optimize performance and user experience
- Debug and fix issues
3.3 Legal Bases (GDPR)
| Purpose | Legal Basis |
|---|---|
| Providing Services | Contract performance |
| Billing and payments | Contract performance |
| Service communications | Legitimate interests |
| Marketing emails | Consent |
| Analytics and improvement | Legitimate interests |
| Security and fraud prevention | Legitimate interests |
| Legal compliance | Legal obligation |
4. INFORMATION SHARING
4.1 We Do Not Sell Your Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
4.2 Service Providers
| Provider Type | Purpose | Data Shared |
|---|---|---|
| Cloud Infrastructure (AWS, GCP) | Hosting | All service data |
| Payment Processor (Stripe) | Payments | Billing information |
| Email Service (SendGrid) | Email address, name | |
| Analytics (Mixpanel) | Analytics | Usage data |
| Support (Intercom) | Support | Contact information |
4.3 Legal Requirements
We may disclose information when required by law or to comply with legal process, respond to government requests, protect safety, or protect our legal rights.
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.
5. DATA RETENTION
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days |
| Billing records | 7 years (legal requirement) |
| Support communications | 3 years from last contact |
| Usage analytics | 2 years |
| Server logs | 90 days |
| Webhook event logs (Starter) | 7 days |
| Webhook event logs (Pro) | 30 days |
| Webhook event logs (Business) | 90 days |
| Webhook event logs (Enterprise) | Custom |
6. DATA SECURITY
We implement comprehensive security measures:
- Encryption: AES-256 at rest, TLS 1.3 in transit
- Access Control: Role-based access, MFA required
- Monitoring: 24/7 security monitoring and alerting
- Auditing: SOC 2 Type II certified annually
- Testing: Regular penetration testing
6.1 Incident Response
In the event of a data breach, we will notify affected users within 72 hours and relevant supervisory authorities as required by law.
7. YOUR RIGHTS
Depending on your location, you may have the following rights:
Access
Request a copy of your personal data.
Rectification
Request correction of inaccurate data.
Erasure
Request deletion of your data.
Restriction
Request limitation of processing.
Portability
Receive data in a portable format.
Objection
Object to processing based on legitimate interests.
Withdraw Consent
Withdraw previously given consent.
Complaint
Lodge a complaint with a supervisory authority.
7.1 Exercising Your Rights
To exercise your rights, contact us at privacy@patternhooks.com or via Settings → Privacy in your dashboard. We will respond within 30 days.
7.2 California Residents (CCPA)
California residents have additional rights: right to know, right to opt-out of sale (we do not sell data), and right to non-discrimination.
7.3 EEA/UK Residents
You may lodge a complaint with the UK ICO (ico.org.uk) or your local Data Protection Authority.
8. INTERNATIONAL DATA TRANSFERS
Your data may be stored in the US, EU, or other locations. For transfers outside the EEA/UK, we use:
- EU-US Data Privacy Framework
- Standard Contractual Clauses
- UK International Data Transfer Agreement
9. CONTACT US
Data Protection Officer
Email: dpo@patternhooks.com
Privacy Team
Email: privacy@patternhooks.com
Mailing Address
PatternHooks Ltd., Attn: Privacy Team
347 Wilmslow Rd
Manchester, M14 6SS, United Kingdom
Our Privacy Team is happy to answer questions at privacy@patternhooks.com.