Privacy Policy

1. Introduction and Our Role

This Privacy Policy explains how HookFlow collects, processes, and protects information when you use our monday.com integration.

It is critical to understand our architectural role: HookFlow is a data conduit, not a data storage provider. Our infrastructure is designed entirely around a "zero-retention" philosophy[cite: 1]. We process your external webhook payloads in transient serverless memory and deliver them to your monday.com boards[cite: 1].

2. Information We Collect

To operate the service securely, we collect and store the absolute minimum amount of operational data required:

• monday.com Authentication Data: We store your monday.com Account ID, User ID, and an OAuth access token to authenticate requests[cite: 1]. This token is cryptographically encrypted and isolated within a secure database vault[cite: 1].
• Routing Configuration: We store the configuration logic you provide, such as the target board IDs, group IDs, and JSON mapping paths used to route your data[cite: 1].
• Billing Status: We track your subscription tier (e.g., Essential, Professional, Enterprise) through native monday.com marketplace webhooks to enforce volume allotments[cite: 1].

3. How We Process Webhook Payloads (Transient Data)

The external webhook data you send through HookFlow (the "Payloads") is handled under strict volatile memory protocols:

• Primary Path (RAM Execution): Under standard conditions, incoming JSON payloads exist exclusively within the temporary RAM of our Vercel runtime context[cite: 1]. The moment monday.com accepts the payload with a successful HTTP status code, the memory execution space is wiped clean[cite: 1].
• Emergency Fail-Safe Queue: If monday.com rejects a payload due to rate limiting (HTTP 429) or network timeouts, HookFlow catches the exception[cite: 1]. The payload is encrypted using AES-256-GCM encryption and temporarily committed to an isolated PostgreSQL queue[cite: 1].
• Hard Deletion: Our asynchronous worker continuously drips queued records back to monday.com[cite: 1]. The exact millisecond a payload is successfully absorbed by monday.com, our systems execute a permanent, hard SQL delete on that row[cite: 1].

4. Prohibition of Sensitive Data

As outlined in our Terms and Conditions, HookFlow must not be used to process highly sensitive, regulated data. You agree not to route Protected Health Information (PHI), Payment Card Industry (PCI) data, or highly sensitive Personally Identifiable Information (PII) through our endpoints. We disclaim all liability for the security of such data if routed through our service in violation of this policy.

5. Data Sharing and Third Parties

We do not sell, rent, or lease your data or your webhook payloads to any third parties. Your data is only shared with:

• monday.com: As the destination platform you have explicitly authorized.
• Infrastructure Providers: We utilize Vercel (for edge ingestion computing) and Supabase (for PostgreSQL configuration storage and temporary encrypted queuing) to host our architecture[cite: 1].

6. Security Measures

We employ enterprise-grade security mechanisms to protect your operational data, including:

• AES-256-GCM encryption for all payloads temporarily resting in the fail-safe queue[cite: 1].
• Cryptographic vaults for storing monday.com OAuth access tokens[cite: 1].
• Row-Level Security (RLS) on our database tables to strictly enforce tenant isolation[cite: 1].

7. Data Retention and Account Deletion

When you uninstall HookFlow from your monday.com workspace, your subscription status is logged as uninstalled[cite: 1]. To request a complete purge of your routing configurations, workspace IDs, and vaulted tokens from our database, please contact our support team. As stated, webhook payloads are never retained long-term and are automatically destroyed upon successful delivery[cite: 1].

8. Contact Us

If you have any questions about this Privacy Policy, our zero-retention architecture, or our data practices, please contact us at support@hookflow.io.