Legal & Trust
How Webhook Lab handles your data
Webhook Lab proxies the event you fire to the endpoint you specify. To do that it processes (in memory, for the duration of the request only) your target URL, the event payload, the signing secret, and your IP address (used solely for rate limiting).
It does not store or log any of these, and there is no database. The Lab is cookieless and uses privacy-friendly, GDPR-aligned analytics to count aggregate page views, with no cookies and no personal data collected. The only client-side storage is your browser’s localStorage (which is not a cookie), holding your theme and preferences and never leaving your device.
Use synthetic test data (which the Lab generates for you) rather than real customer or personal data in payloads.
Documents
Webhook Lab is covered by Sutyr’s Terms of Use (including the Webhook Lab and acceptable-use sections) and the cookieless Privacy Policy linked above.
Open source & security
- Source code (GitHub, Apache 2.0)
- Security policy & vulnerability reporting
- security.txt (RFC 9116)
- Cryptographic Bill of Materials (CycloneDX)
Report a vulnerability privately to security@sutyr.com.
Effective 19 June 2026 · Sutyr Inc.
← Back to Webhook Lab