Privacy Policy

Last updated: 2025/12/27.

Firehook helps you run webhooks and API calls through buttons and automations. This policy explains what we collect, why we collect it, and the choices you have.

Who we are

Firehook is the controller of the personal data processed through the Firehook apps and this website, unless stated otherwise. We focus on collecting only what is necessary to operate the service.

Data we collect

Depending on how you use Firehook, we may process:

• Account data (e.g., email address, authentication identifiers) via Firebase Authentication.
• Hook configuration data (webhook endpoints you define, HTTP method, headers you choose, templates/labels).
• Variables you store for reuse in hooks (sensitive values are meant to be stored encrypted).
• Basic technical/usage data required for reliability and security (e.g., timestamps, device/app metadata, error reports).

How we use data

We use your data to operate and improve Firehook:

• Provide the service (save your hooks, execute your actions, sync across devices).
• Protect the service (abuse prevention, debugging, fraud/security monitoring).
• Provide support when you contact us.

Legal bases (GDPR)

• Performance of a contract: to provide Firehook features you request.
• Legitimate interests: security, preventing abuse, and maintaining service reliability.
• Consent: when required for optional features (e.g., certain analytics or marketing communications, if enabled).

Variables and encryption

Firehook is designed so you can store reusable variables for your hooks. When variables include sensitive values (tokens, API keys), they should be encrypted before being stored.

• Sensitive variable values are intended to be encrypted before storage and decrypted only when needed to run a hook.
• Encryption uses modern cryptography (e.g., AES via CryptoJS; ciphertext often starts with the OpenSSL-compatible marker “Salted__”).
• We aim to avoid storing sensitive variable values in plaintext in our database.

Sharing and processors

We do not sell your personal data. We share data only with service providers needed to run Firehook.

• Firebase (Google) may process data on our behalf for authentication, database and hosting infrastructure (as applicable).
• No sale of personal data; no sharing for cross-context behavioral advertising unless explicitly implemented and disclosed.

International transfers

Some providers may process data outside your country. Where required (e.g., GDPR), we rely on appropriate safeguards such as contractual protections and provider commitments.

Retention

We keep data for as long as your account is active and as needed to provide the service. You can request deletion. Some technical/security logs may be retained for a limited period to protect the platform.

Your rights

Depending on your location (GDPR/UK GDPR, CCPA/CPRA and others), you may have rights over your personal data.

• Access: request a copy of your data.
• Deletion: request deletion of your account and associated data.
• Portability: request export where applicable.
• Objection/Restriction: object to certain processing or request limitation.

Cookies and local storage

We may use cookies or local storage for essential functionality (e.g., keeping your language preference) and for security. If optional analytics are enabled in the future, we will provide clear notice and choices where required.

Privacy contact (GDPR): gael@mytribu.com