Clear limits for account data and replay payloads.

Tofu stores account identity, workspace membership, hook configuration, target configuration, webhook metadata, delivery status, and billing state needed to run the hosted relay.

Webhook payload bodies and headers are retained only for the replay window on your plan. They can expire automatically or be expired manually from supported product surfaces.

Tofu does not sell personal information, webhook data, or workspace data.

The product is built for development and debugging. Production webhook traffic should go directly to your production application.

Tofu uses Supabase for hosted authentication and Stripe for billing. Those services process the account or payment details needed for login and subscription management.

If privacy-conscious analytics are added later, they should be documented here before launch.

For privacy questions or deletion requests, email support@trytofu.dev from the address on your Tofu account.