SpidyLabs ("we", "our", "us") is a webhook inspection tool for developers. This policy explains what data we collect, why we collect it, and how we protect it.
We believe in minimal data collection. We only gather what's necessary to provide the service and improve your experience.
Data We Collect
Account Information
When you create an account via GitHub OAuth or magic link, we store your email address, display name, and profile image. GitHub users also provide a username which we store for identification.
Webhook Request Data
When HTTP requests arrive at your bin endpoints, we capture and store the request method, headers, body, query parameters, and the IP address of the sender. This is the core function of SpidyLabs.
Usage Data
We track basic usage metrics such as bin creation, request counts, and feature usage to improve the service. We do not use third-party analytics trackers.
How We Use Your Data
- To provide and maintain the webhook inspection service
- To authenticate your identity and manage your account
- To process payments and manage subscriptions
- To send transactional emails (sign-in links, email verification)
- To enforce rate limits and usage quotas
- To improve and develop new features
We do not sell your data. We do not use your data for advertising.
Webhook Data
Webhook data sent to your bins may contain sensitive information from third-party services. You are responsible for understanding what data your integrations send to SpidyLabs.
We store webhook request data temporarily based on your plan:
- Free plan: Requests are retained for 24 hours
- Pro plan: Requests are retained for 7 days
After the retention period, webhook data is permanently deleted. We do not access or analyze the contents of your webhook payloads except as required to provide the service (e.g., storing and displaying them to you).
Third-Party Services
We use the following third-party services to operate SpidyLabs:
- GitHub — OAuth authentication provider. Subject to GitHub's privacy statement.
- Hetzner — Application hosting. The SpidyLabs server runs on Hetzner Cloud infrastructure in the United States. Subject to Hetzner's privacy policy.
- Turso — Managed database hosting. Your data is stored on Turso's infrastructure. Subject to Turso's privacy policy.
- Resend — Transactional email delivery for magic links and verification emails.
- Polar — Subscription billing and payment processing. Subject to Polar's privacy policy.
We only share the minimum data necessary for each service to function (e.g., your email address with Resend to deliver sign-in links).
Your Rights
You have the right to:
- Access your data — View your profile and webhook data through the dashboard
- Update your data — Change your display name and email in settings
- Delete your data — Delete individual bins or contact us to delete your entire account
- Export your data — Webhook request data is viewable and can be copied from the interface
To exercise any of these rights beyond what's available in the dashboard, contact us at the address below.
Data Retention
- Account data is retained as long as your account is active
- Webhook data is retained per your plan's retention period (24 hours or 7 days)
- Deleted bins and their associated requests are permanently removed immediately
If you delete your account, all associated data is permanently removed within 30 days.
Changes to This Policy
We may update this policy from time to time. Significant changes will be communicated via email to account holders. Continued use of SpidyLabs after changes constitutes acceptance of the updated policy.
Contact
If you have questions about this privacy policy or how we handle your data, reach out to us at privacy@spidylabs.com.