Privacy Policy
Last updated: 2026-02-26 · Contact: admin@duerelay.com
Who we are
Duerelay (“we”, “us”) provides a web service and API for webhook delivery governance and control plane operations.
If you have any questions about this policy or your data, contact admin@duerelay.com.
Data we collect
- Account information (for example: email address, hashed credentials, organization identifiers, settings).
- Technical data (for example: IP address, user agent, timestamps, request identifiers, security and audit logs).
- Webhook payload metadata (for example: endpoint identifiers, delivery attempts, status codes, timing, and size/shape metadata).
- Billing data (for example: subscription status and billing identifiers processed by Stripe; we do not store your full card number).
- Analytics data (only if you consent): page and product usage events collected via Google Analytics.
How we use data (purposes)
- Service delivery: authentication, account management, webhook processing, reliability, and support.
- Security: abuse prevention, incident detection, auditing, and fraud prevention.
- Analytics (with consent): to understand how the website and product are used and to improve performance and UX.
Legal basis
- Contract: to provide the service you request (account creation, subscription, API usage).
- Legitimate interests: security, preventing abuse, and operating and improving the service.
- Consent: for analytics cookies and Google Analytics (you can withdraw consent any time).
Processors and third parties
We use the following processors to operate the service:
- DigitalOcean (hosting and infrastructure).
- Stripe (payments and billing).
- Google (Google Analytics, only after consent).
- Email provider (transactional email delivery; for example Postmark when configured).
Retention
- Account data: kept while your account is active and as needed for support and compliance.
- Logs and security/audit data: retained for a limited period necessary for operations and security.
- Webhook payload metadata: retained according to the product’s retention limits (for example sandbox vs production).
- Billing records: retained as required for accounting and tax obligations.
Your rights
Depending on your location and applicable law (including GDPR), you may have rights to:
- Access, correct, or delete personal data.
- Object to or restrict processing in certain circumstances.
- Data portability.
- Withdraw consent for analytics at any time (see cookie preferences).
- Lodge a complaint with your supervisory authority.
International transfers
Our processors may process data outside your country. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) to protect your data.
Changes
We may update this policy from time to time. We will update the “Last updated” date and, where appropriate, provide additional notice.