Privacy Policy

The data controller is the company maintaining Webhook Scheduler, registered under CNPJ 54.041.597/0001-38, based in Brazil. To contact our Data Protection Officer (DPO): contato@schedulerwebhook.com.

Registration data: full name, email address, password (stored as BCrypt hash, never in plain text), CPF/CNPJ and phone number (required for billing via Asaas).

Service usage data: webhook payloads you send (stored encrypted), configured destination URLs, execution logs and delivery attempts, CRON configurations, groups and global variables (the latter encrypted with Fernet/AES-256).

Technical data: IP addresses from dashboard access, action timestamps, API tokens (stored only as SHA-256 hashes — never in plain text).

We do not collect credit card data directly. This data is processed exclusively by Asaas, which has its own privacy policy and PCI-DSS certification.

Service contract execution: we operate the Service, process payments and deliver webhooks as configured by you.

Transactional communications: we send emails about your account, system alerts, payment confirmations and incident notifications.

Service improvement: we use anonymized and aggregated usage data to identify bottlenecks and improve the platform.

Webhook Scheduler operates on a multi-tenant architecture with complete isolation. Each account (tenant) has a unique identifier (tenant_id). All database queries mandatorily filter by tenant_id — your data is completely inaccessible to other customers.

Security measures in place: Fernet encryption (AES-256-GCM) for global variables and credentials at rest, HTTPS/TLS for all communications in transit, SHA-256 hashing for API Keys (irreversible), BCrypt for passwords, PostgreSQL with PgBouncer on isolated Docker network.

Webhook execution logs are retained according to the plan: 7 days (Free), 15 days (Pro) and 30 days (Scale). After the retention period, they are automatically deleted.

After cancellation, all data is retained for 30 days to allow reversal. At the end of this period, a permanent cascading deletion of all data associated with the account is executed.

We do not sell personal data. We share data only with the following sub-processors, strictly necessary for the operation of the Service:

Asaas Pagamentos S.A.: billing data (name, CPF/CNPJ, email, phone) for customer and subscription creation. Purpose: payment processing.

No data is shared with third parties for marketing, advertising or behavioral analytics.

You have the right to: confirmation that your data is being processed, access to the data we process about you, correction of incomplete or inaccurate data, anonymization or deletion of unnecessary data, data portability to another service provider, and revocation of consent at any time.

To exercise any of these rights, send a request to contato@schedulerwebhook.com. We respond within 15 business days.

The Webhook Scheduler dashboard uses only strictly necessary session cookies for authentication. We do not use third-party tracking cookies, analytics (Google Analytics, Hotjar, etc.) or advertising pixels.

Data Protection Officer (DPO): contato@schedulerwebhook.com

Webhook Scheduler — CNPJ 54.041.597/0001-38 — Brazil