Privacy Policy

Anonymily ("we", "our", "us") is a developer tool for capturing, inspecting, and replaying webhook events, owned and operated by Mahesh Srinivasan as an individual (sole proprietor) based in India. You can reach us at hello@anonymily.com.

Account data. When you create an account we collect your email address and a hashed password. If you sign in via OAuth we receive only the email and profile name the provider shares.

Webhook event data. When a provider POSTs to your Anonymily endpoint, we store the full HTTP request: method, headers, raw body, timestamp, and the response status your local server returned. This data is the core of the product and is stored encrypted at rest.

Usage metadata. We log API request counts, CLI session durations, and feature usage (e.g., replay, AI diagnosis invoked) to operate the service and enforce plan limits. We do not log request bodies in application logs — only structured metadata.

Payment data. Billing is handled by Razorpay. We store only a Razorpay customer ID and subscription status. We never see or store card numbers.

Cookies and analytics. We use a session cookie for authentication. We may use privacy-respecting analytics (no third-party ad tracking) to understand page-level traffic. No personal data is shared with analytics providers.

We use collected data solely to:

• Operate the relay service (capture, store, forward webhook events)
• Enforce plan limits (request counts, named endpoint quotas)
• Process billing and send transactional emails (receipts, expiry notices)
• Provide AI-powered features when you explicitly invoke them
• Debug service failures when you contact support

We do not sell your data. We do not use your webhook payloads to train machine learning models. AI features are powered by third-party models (Anthropic Claude); payloads you send for AI analysis are processed under Anthropic's API usage policy, which prohibits training on API inputs.

Events. Free plan events are retained for 48 hours. Pro plan events are retained for 30 days (Team plan: 90 days). Events are permanently deleted after the retention window with no recovery option.

Account data. Retained while your account is active. You may delete your account at any time from Account settings. Account deletion permanently removes all associated events, hooks, and personal data within 30 days.

We share data only with:

• Razorpay — for payment processing (your card data goes directly to them, never to us)
• Anthropic — when you invoke AI features, the relevant event payload is sent to Claude via the Anthropic API
• Infrastructure providers — we use cloud hosting and database services bound by data processing agreements
• Law enforcement — only if required by a valid legal process and we will notify you where legally permitted

All data in transit is encrypted with TLS 1.3. Stored event bodies are encrypted at rest using AES-256-GCM. Access to production databases is restricted to key personnel and audited. We follow responsible disclosure for security vulnerabilities — report issues to hello@anonymily.com.

Regardless of where you are located, you may request:

• Access — a copy of all data we hold about you
• Deletion — removal of your account and associated data
• Correction — update your email or account details
• Portability — export your captured events as JSON

To exercise any of these rights email hello@anonymily.com from the address on your account.

Anonymily is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe we have inadvertently done so please contact us and we will delete it promptly.

If we make material changes we will email registered users at least 14 days before the changes take effect and update the "Last updated" date above. Continued use of the service after the effective date constitutes acceptance of the updated policy.

Questions about this policy: hello@anonymily.com