Privacy Policy

1. Who we are

Zenhook is operated by Solar Beam Studio. Our service lets you receive real-time notifications from your applications via webhooks. This policy explains what data we collect, why, and how we protect it.

2. Data we collect

Account information

• Name (first and last), email address
• Password (hashed — we never store or see your plain-text password)
• Profile picture (optional)
• Google account data if you sign in with Google (name, email, profile image)

Workspace and team data

• Workspace name and logo
• Team member emails and roles (when you invite members)

Webhook and alert data

• Webhook payloads you send to Zenhook (alert title, message, fields, metadata, severity level, links)
• Source IP address and user agent of incoming webhook requests

Monitor data

• URLs you configure for uptime monitoring
• Check results (status codes, response times, error messages)

Device and session data

• Device tokens for push notifications (iOS)
• Session IP address and user agent (for security)
• Cookies for authentication and workspace context

Billing data

• Stripe customer and subscription identifiers — we do not store your credit card number or payment details. All payment processing is handled by Stripe.

3. How we use your data

• Deliver alerts and notifications you configure
• Authenticate you and secure your account
• Process payments and manage your subscription
• Send transactional emails (workspace invites, payment failures, monitor alerts)
• Monitor uptime of URLs you configure
• Enforce plan limits and usage quotas

We do not sell your data, use it for advertising, or share it with data brokers.

4. Third-party services

We use the following third-party services to operate Zenhook:

• Stripe — Payment processing (privacy policy)
• Resend — Transactional emails (privacy policy)
• Google — OAuth authentication (privacy policy)
• Apple Push Notification Service — iOS push notifications (privacy policy)
• Cloudflare — File storage (R2) and CDN (privacy policy)

5. Data storage and security

• Data is stored on servers located in Frankfurt, Germany (EU)
• All connections are encrypted with TLS (HTTPS)
• Passwords are hashed using bcrypt
• API tokens are stored encrypted and can be revoked at any time
• iOS credentials are stored in the device Keychain

6. Data retention

• Alerts are retained for as long as your account is active
• Monitor check history is retained for 7 days
• When you delete your account, all associated data (alerts, channels, workspace data) is permanently deleted

7. Your rights

You can at any time:

• Access and export your data
• Update or correct your account information
• Delete your account and all associated data
• Revoke API tokens and device registrations
• Opt out of email notifications in your settings

If you are located in the EU, you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

8. Cookies

We use strictly necessary cookies for authentication (session token) and workspace context (active workspace). We do not use analytics cookies, tracking cookies, or advertising cookies.

9. Children

Zenhook is not intended for use by anyone under the age of 16. We do not knowingly collect data from children.

10. Changes to this policy

We may update this policy from time to time. If we make significant changes, we will notify you by email or through the app. Continued use of Zenhook after changes constitutes acceptance of the updated policy.

11. Contact

For any questions about this privacy policy or your data, contact us at [email protected].