Privacy Policy
1. Who we are
Duerelay is a webhook debugging, inspection, replay, delivery monitoring, and reliability platform made available through web interfaces, APIs, and related tooling.
For the purposes of applicable data protection law, the operator of Duerelay is Duerelay. If you have questions about this Privacy Policy or about your personal data, contact admin@duerelay.com.
2. Scope
This Privacy Policy explains how we collect, use, disclose, and protect personal data when you:
- visit the Duerelay website;
- create or use a Duerelay account;
- use Duerelay dashboards, APIs, endpoint tools, logging, replay, and debugging features;
- interact with billing, support, or account management functions; or
- communicate with us.
3. Personal data we collect
Depending on how you use the Service, we may collect the following categories of personal data:
Account and profile data
- name, email address, organization name, account identifiers, user identifiers, settings, and verification status.
Authentication and security data
- hashed credentials, password reset events, login timestamps, session data, IP address, user agent, device/browser information, abuse signals, and security/audit events.
Service usage and technical data
- timestamps, request identifiers, endpoint identifiers, event identifiers, delivery attempt data, status codes, timing, retry information, size/shape metadata, operational logs, and diagnostic records.
Webhook and customer-submitted data
- content, payloads, metadata, headers, endpoint configuration, and related records submitted to or processed through the Service, depending on product configuration and retention rules.
Billing and transaction data
- subscription plan, billing status, invoice references, payment status, tax/VAT information where applicable, billing country, customer identifiers, and limited payment-related metadata.
We do not necessarily store full payment card numbers when payments are processed through hosted third-party payment providers such as Stripe.
Analytics and cookie data
- website and product usage data collected through cookies or similar technologies where enabled, including Google Analytics data where you have consented.
Support and communications data
- messages, requests, attachments, and correspondence you send to us.
4. How we collect data
We collect personal data:
- directly from you when you register, subscribe, configure endpoints, or contact support;
- automatically when you use the website, dashboard, APIs, or related tools;
- from payment and infrastructure providers involved in delivering the Service; and
- from cookies and analytics tools where applicable and consented.
5. Why we use personal data and legal bases
To provide the Service
Including account creation, authentication, account administration, webhook inspection, replay, delivery monitoring, endpoint management, product functionality, and customer support.
Legal basis: performance of a contract, or steps taken at your request before entering into a contract.
To secure and protect the Service
Including abuse prevention, threat detection, fraud prevention, incident response, audit logging, integrity controls, and enforcement of platform rules.
Legal basis: legitimate interests, and in some cases compliance with legal obligations.
To administer billing and compliance
Including subscription management, invoicing, tax handling, accounting, fraud checks, and payment reconciliation.
Legal basis: contract, legitimate interests, and legal obligations.
To improve the website and product
Including performance analysis, feature improvement, diagnostics, and aggregated service insights.
Legal basis: legitimate interests, or consent where cookies/analytics laws require it.
To send service communications
Including transactional emails, security notices, billing notices, and important updates relating to your account or the Service.
Legal basis: contract and legitimate interests.
To use analytics cookies and similar technologies
Where enabled, we may use analytics tools such as Google Analytics to understand website and product usage.
Legal basis: consent, where required. Consent may be withdrawn through cookie preferences.
6. Webhook payloads and customer responsibility
Duerelay is designed to process webhook traffic and related event data. You are responsible for ensuring that you have the necessary rights and lawful basis to submit personal data or other content to the Service.
As between you and Duerelay:
- you control what webhook data and related content you send to the Service;
- you are responsible for assessing whether that use complies with applicable law and your own policies; and
- you should avoid transmitting unnecessary sensitive personal data or highly confidential data unless you have assessed the risks and legal basis for doing so.
Where required for business customers, we may enter into a separate data processing agreement.
7. Payments and billing providers
We may use third-party payment processors, including Stripe, to handle payments, subscriptions, and related billing operations. Stripe may process payment and transaction data under its own terms, privacy notices, and legal roles.
Duerelay may receive and process billing-related information such as customer email and billing contact details, subscription and plan status, invoice and payment references, tax/VAT information, limited payment metadata, and fraud or risk signals associated with billing operations.
8. Cookies and analytics
We may use cookies and similar technologies for:
- essential website/session functionality;
- security and fraud prevention; and
- analytics, where consent is required and given.
Where non-essential analytics tools such as Google Analytics are used, they should only be activated after valid consent through the cookie banner or preference controls.
You can withdraw analytics consent at any time through cookie preferences.
9. Processors and recipients
We may share personal data with service providers and processors that help operate the Service, such as:
- hosting and infrastructure providers;
- payment and billing providers;
- analytics providers, where enabled by consent;
- email delivery providers for transactional communications; and
- professional advisors, authorities, or counterparties where legally required.
We share data only as reasonably necessary for service delivery, security, support, compliance, billing, and lawful business operations.
10. International transfers
Some processors may process personal data outside your country or outside the European Economic Area. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.
11. Retention
We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including service delivery, support, security, compliance, dispute resolution, and enforcement.
In general:
- account data is retained while your account is active and for a limited period afterwards where needed for compliance, disputes, or security;
- security and audit logs are retained for a limited operational/security period;
- webhook payloads, metadata, and related event records are retained according to product configuration, environment, plan limits, and operational requirements;
- billing and accounting records are retained for statutory tax/accounting periods; and
- analytics data retention depends on the analytics tooling and configuration in use.
12. Security
We implement technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, and disclosure. No system is completely secure, and we cannot guarantee absolute security.
13. Your rights
Depending on your location and applicable law, you may have the right to:
- access your personal data;
- correct inaccurate personal data;
- request deletion of personal data;
- restrict or object to certain processing;
- request portability of certain data;
- withdraw consent where processing is based on consent; and
- lodge a complaint with a supervisory authority.
To exercise privacy rights, contact admin@duerelay.com. We may need to verify your identity before acting on a request. Some rights are subject to legal exceptions and may not apply in every case.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we do, we will update the “Last updated” date and, where appropriate, provide additional notice through the website, dashboard, or email.
15. Contact
For privacy questions or requests, contact: admin@duerelay.com