Privacy Policy

Last updated: October 16, 2025

1. Introduction

EventDock, operated by AZdev Ontario Ltd. ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our webhook reliability platform and services (the "Service").

By using EventDock, you consent to the data practices described in this policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide to Us

When you create an account or use our Service, we collect:

Account Information: Email address, company name, and account credentials
Payment Information: Processed securely through Stripe or Paddle (we do not store complete credit card details)
Endpoint Configuration: Webhook endpoint URLs, provider settings, alert preferences, and delivery configurations
Communication Data: Messages you send to our support team or feedback you provide

2.2 Webhook Data

As part of providing our webhook reliability service, we collect and temporarily store:

Webhook request headers and metadata
Webhook request bodies and payloads
Webhook provider signatures for verification
Delivery status, timestamps, and response data
Error logs and retry attempt information
Performance metrics and delivery statistics

Important: Webhook data may contain sensitive information. We treat all webhook data with strict confidentiality and security measures. Data is encrypted at rest and in transit.

2.3 Automatically Collected Information

When you access our Service, we automatically collect:

Usage Data: API requests, features used, performance metrics, error rates
Log Data: IP addresses, timestamps, request/response data, user agent strings
Device Information: Browser type and version, operating system, device identifiers
Analytics Data: Page views, session duration, navigation patterns (we use minimal analytics)

3. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery: To provide, maintain, and improve the webhook reliability service
Webhook Processing: To receive, store, process, and deliver webhooks according to your configuration
Authentication: To verify your identity and provide secure access to your account
Communication: To send transactional emails (magic links, alerts, system notifications)
Billing: To process payments, manage subscriptions, and handle billing inquiries
Monitoring: To monitor service performance, detect issues, and ensure reliability
Security: To detect, prevent, and address fraud, security threats, and technical issues
Legal Compliance: To comply with legal obligations and enforce our Terms of Service
Improvement: To analyze usage patterns and optimize the Service

4. Data Retention

We retain your data according to the following schedule:

Account Data: Retained until you delete your account or request deletion
Webhook Data: Retained according to your subscription plan:
- Free tier: 7 days
- Starter tier: 30 days
- Team tier: 90 days
Payment Records: Retained as required by law (typically 7 years for tax purposes)
Log Data: Retained for 30 days for security and debugging purposes
Backup Data: May be retained in backups for up to 90 days after deletion

After the retention period expires, data is automatically and permanently deleted from our systems.

5. Data Sharing and Disclosure

We do not sell your personal information or webhook data.

We may share your information only in the following circumstances:

5.1 Service Providers

We share data with third-party service providers who perform services on our behalf:

Cloudflare: Infrastructure hosting (Workers, D1 database, R2 storage, KV, Queues)
Stripe or Paddle: Payment processing and subscription management
Resend: Transactional email delivery (magic links, alerts)

These service providers are contractually obligated to protect your data and use it only for the specified purposes.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

Valid legal processes (subpoenas, court orders, search warrants)
Government or regulatory requests
Investigations of potential violations of our Terms of Service
Situations involving potential threats to safety or security
Protection of our rights, property, or the rights of others

5.3 Business Transfers

If AZdev Ontario Ltd. is involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change via email or prominent notice on our Service.

5.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

6. Data Security

We implement industry-standard security measures to protect your information:

Encryption in Transit: All data transmitted over HTTPS using TLS 1.2 or higher
Encryption at Rest: Webhook data and sensitive information encrypted in storage
Authentication: JWT-based authentication with secure token management
Webhook Verification: Signature verification for supported webhook providers
Access Controls: Role-based access control and principle of least privilege
Monitoring: Continuous security monitoring and logging
Infrastructure Security: Cloudflare's enterprise-grade security features
Regular Audits: Periodic security assessments and vulnerability scanning

Important: While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

You have the following rights regarding your personal information:

7.1 Access and Portability

Access: Request a copy of the personal information we hold about you
Export: Download your webhook data and configurations in machine-readable format
Portability: Transfer your data to another service provider

7.2 Correction and Updates

Update your account information through your dashboard settings
Request correction of inaccurate or incomplete data

7.3 Deletion

Delete your account and associated data through account settings
Request deletion of specific data (subject to legal retention requirements)
Note: Deletion is permanent and cannot be undone

7.4 Objection and Restriction

Object to certain data processing activities
Request restriction of processing in certain circumstances

7.5 Withdraw Consent

Withdraw previously given consent for data processing
Note: Withdrawal may affect your ability to use certain features

To exercise these rights, contact us at: privacy@eventdock.app

8. Cookies and Tracking Technologies

We use minimal cookies and tracking technologies:

8.1 Essential Cookies

Authentication Token: JWT token stored in browser to keep you logged in (HttpOnly, Secure)
Session Management: Session identifiers for maintaining your login state

8.2 Preference Cookies

Dashboard Settings: Remember your dashboard preferences and configurations
Theme Preferences: Store your UI customization choices

8.3 What We Don't Use

We do NOT use:

Third-party advertising cookies
Behavioral tracking for advertising purposes
Social media tracking pixels
Cross-site tracking technologies

9. International Data Transfers

EventDock operates on Cloudflare's global network. Your data may be processed and stored in multiple countries where Cloudflare operates data centers, including but not limited to:

Canada (primary operations)
United States
European Union countries
Other countries in Cloudflare's network

By using the Service, you consent to the transfer and processing of your data in different jurisdictions. We ensure that data transfers comply with applicable data protection laws through appropriate safeguards.

10. Children's Privacy

EventDock is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we discover that we have collected information from a child under 18, we will promptly delete that information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@eventdock.app.

11. GDPR Compliance (European Union Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR).

11.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance: Processing necessary to provide the Service under our Terms of Service
Legitimate Interests: Processing necessary for our legitimate business interests (service improvement, security, fraud prevention)
Legal Obligation: Processing required to comply with legal obligations
Consent: Where you have provided explicit consent (e.g., marketing communications, if applicable)

11.2 GDPR Rights

Under GDPR, you have the right to:

Access your personal data
Rectify inaccurate data
Request erasure ("right to be forgotten")
Restrict processing
Data portability
Object to processing
Withdraw consent at any time
Lodge a complaint with a supervisory authority

11.3 Data Protection Officer

For GDPR-related inquiries, contact: dpo@eventdock.app

12. PIPEDA Compliance (Canadian Users)

As a Canadian company, AZdev Ontario Ltd. complies with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

12.1 PIPEDA Principles

We adhere to PIPEDA's fair information principles:

Accountability for personal information
Identifying purposes for collection
Obtaining consent for collection, use, or disclosure
Limiting collection to necessary information
Limiting use, disclosure, and retention
Ensuring accuracy of personal information
Implementing appropriate safeguards
Providing transparency about policies and practices
Enabling individual access to personal information
Providing mechanisms to challenge compliance

12.2 Filing a Complaint

If you believe we have not complied with Canadian privacy laws, you may file a complaint with:

Office of the Privacy Commissioner of Canada
Website: www.priv.gc.ca
Toll-free: 1-800-282-1376

13. CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA).

13.1 Information We Collect

Categories of personal information we collect (as defined by CCPA):

Identifiers (email, IP address)
Commercial information (subscription details, usage data)
Internet activity (logs, analytics)
Professional information (company name, role)

13.2 CCPA Rights

California residents have the right to:

Know: Request disclosure of personal information collected
Delete: Request deletion of personal information
Opt-Out: Opt-out of sale of personal information (Note: We do not sell personal information)
Non-Discrimination: Not be discriminated against for exercising CCPA rights

13.3 Do Not Sell

We do not sell personal information as defined by CCPA. We have not sold personal information in the past 12 months.

To exercise CCPA rights, contact: privacy@eventdock.app

14. Third-Party Services and Integrations

EventDock integrates with third-party webhook providers (such as Stripe, Shopify, GitHub, etc.). When you configure endpoints for these providers:

We receive webhooks from these services according to your configuration
Your use of these third-party services is subject to their respective privacy policies
We are not responsible for the privacy practices of third-party services
We recommend reviewing the privacy policies of any third-party services you integrate

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How we notify you of changes:

Email notification to your registered email address (for material changes)
Dashboard notification when you next log in
Updated "Last updated" date at the top of this policy

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, you should discontinue use and delete your account.

16. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

Notify affected users via email within 72 hours of becoming aware of the breach
Describe the nature of the breach and the data affected
Explain the steps we are taking to address the breach
Provide recommendations for protecting your information
Notify relevant regulatory authorities as required by law

17. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@eventdock.app
Support: support@eventdock.app
Legal: legal@eventdock.app

AZdev Ontario Ltd.
Ontario, Canada

← Return to EventDock | Terms of Service