Privacy Policy

When you use Tofu, we may collect information such as your email address, authentication and session information, workspace information, hook configuration, request metadata, request headers, request bodies and payloads, timestamps, delivery, replay, and debugging information, and billing or subscription information if paid plans are enabled.

Tofu receives and processes HTTP requests sent to user-created hooks. Depending on how you use Tofu, those requests may include personal data, confidential data, secrets, API tokens, customer information, or other sensitive information.

You are responsible for the data you choose to send through Tofu. You should not send sensitive personal data, production secrets, or confidential production payloads unless you have permission, a lawful basis, and are comfortable with the risks.

We use information to provide the Tofu service, authenticate users, create and manage workspaces, create and manage hooks, receive, inspect, forward, and replay requests, debug and improve the service, prevent abuse, and manage billing and subscriptions if enabled.

Tofu may temporarily store request metadata, headers, and bodies so users can inspect, debug, and replay webhook-style requests.

Tofu is not intended to be used as permanent storage. You should avoid sending data that you do not want stored, logged, inspected, or replayed as part of a development workflow.

Request data may be retained for a limited period to support inspection, debugging, and replay. Retention limits may vary depending on the user plan, workspace configuration, or operational requirements.

Tofu may delete request payloads, logs, events, or related data when they expire, when limits are reached, or when required for operational reasons.

Tofu may use cookies, tokens, or similar technologies to keep users signed in, manage sessions, and protect accounts.

Tofu may use third-party services to provide parts of the product, such as hosting, authentication, database storage, email delivery, payment processing, analytics, logging, or error monitoring. Those providers may process information as necessary to provide their services.

We take reasonable steps to protect the service and the data processed by Tofu. However, no service is perfectly secure.

Because Tofu is intended for development and testing, you should not treat it as a compliance-grade or production-grade security boundary.

Tofu is intended for development, testing, debugging, and inspection workflows. It is not intended to be used as production infrastructure, a guaranteed delivery system, or a compliance-grade storage system. You should not rely on Tofu for production-critical request delivery.

Users may be able to delete hooks, events, workspaces, or account information depending on the features available in the product. Some information may be retained where required for security, abuse prevention, billing, legal, or operational reasons.

We may update this Privacy Policy from time to time. If we make significant changes, we will update the date at the top of this page.

If you have questions about this Privacy Policy, email us at [email protected].