Skip to content
iap·hooks

Privacy Policy

Effective date: [23 June 2026]

1. Who we are

IAP Hooks is operated by Resolution Labs B.V. a.i, Amsterdam, NL, registration pending ("IAP Hooks", "we", "us"). We are the controller of the personal data described in this policy. Questions: privacy@iaphooks.io.

2. What this policy covers

This policy explains how we handle personal data of our website visitors and account holders. It does not govern the App Store notification data that customers route through IAP Hooks to their own services — for that data we act as a processor on our customer's behalf, under our Data Processing Addendum (§7), and the customer is the controller.

3. Data we collect

  • Account data — name, work email, company, and a password (stored only as a hash by our authentication provider).
  • Billing data — plan and invoice details. Card data is handled by our payment processor; we never store full card numbers.
  • Service configuration — the apps, destinations, and settings you create.
  • Technical and log data — IP address, browser, and request logs, kept for security, debugging, and abuse prevention.
  • Notification data (as processor) — App Store Server Notifications you route through us may contain pseudonymous identifiers (e.g. transaction and product IDs). We process these only to deliver them per your configuration. See §7.
  • Cookies — we use only strictly necessary cookies: your sign-in session and your light/dark theme preference. We use no advertising or third-party analytics cookies.

4. Why we use it, and our legal bases (GDPR Art. 6)

  • To provide and operate the service and bill you — performance of a contract.
  • To secure, monitor, debug, and improve the service, and to prevent abuse — our legitimate interests.
  • To send essential service messages — contract / legitimate interests.
  • To meet legal and tax obligations — legal obligation.

We do not sell personal data and do not use it for advertising.

5. Who we share it with

We share data only with service providers ("subprocessors") who help us run IAP Hooks, under contract and only as needed:

  • [Supabase] — application hosting, database, and authentication ([EU region]), running on [AWS] infrastructure.
  • [Stripe] — payment processing (only once paid plans are active).
  • [Transactional email provider] — to send account and service emails.

We may also disclose data where required by law. A current subprocessor list is available on request.

6. International transfers

We host personal data in the [EU/EEA]. Where any provider processes data outside the EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.

7. Customer (notification) data and our DPA

For App Store notification data routed through IAP Hooks, our customer is the controller and we are the processor. We process it only on documented instructions, apply the security measures in §9, and offer a Data Processing Addendum that customers can enter into with us. Request it at privacy@iaphooks.io.

8. How long we keep it

We keep account and billing data for as long as your account is active and for a reasonable period afterward to meet legal and tax obligations. Routed event data is retained according to your plan's retention window and then deleted. Logs are kept for a limited period for security and operations.

9. Security

We protect data with encryption in transit and at rest, secret storage in a dedicated vault, least-privilege access controls, and tenant isolation so one customer cannot access another's data. No system is perfectly secure, but we work to industry standards.

10. Your rights

If you are in the EEA/UK you have the right to access, correct, delete, export, restrict, or object to the processing of your personal data, and to withdraw consent where we rely on it. Contact privacy@iaphooks.io and we will respond within the legal time limits. You may also complain to a supervisory authority — in the Netherlands, the Autoriteit Persoonsgegevens.

11. Children

IAP Hooks is a tool for businesses and developers. It is not directed to anyone under 18, and we do not knowingly collect their data.

12. Changes

We may update this policy; we will post the new version here and update the effective date, and notify account holders of material changes.

13. Contact

Resolution Labs B.V. a.i, Amsterdam, NL — privacy@iaphooks.io.