Home

Privacy Policy

Last updated: February 11, 2026

Overview

Intercooler ("we", "us", "our") operates the intercooler.app website and service. This Privacy Policy describes how we collect, use, and protect your information when you use our service.

Information We Collect

Account Information: When you register, we collect your email address and a password. Passwords are hashed using PBKDF2-SHA256 and are never stored in plain text.

Webhook Event Data: When external services send data to your webhook endpoints, we receive and store the event payloads. This data may include information from your Docusign account such as envelope metadata, signer email addresses, document names, and event timestamps.

Usage Data: We collect basic usage information including login timestamps and timezone preferences.

How We Use Your Information

  • To provide and maintain our service, including receiving, storing, and displaying webhook events
  • To generate analytics dashboards from your webhook data
  • To send you email notifications and digest reports (if configured)
  • To send email verification and password reset communications
  • To respond to your inquiries and support requests

Data Storage and Security

Infrastructure: Our service runs on Google Cloud Platform (App Engine). Webhook event payloads are stored in Google Cloud Firestore. Account and webhook configuration data is stored in Google Cloud SQL (MySQL).

Encryption: All data in transit is encrypted via TLS. Passwords are hashed with PBKDF2-SHA256. API keys are stored as bcrypt hashes.

Access Control: Webhook data is accessible only to the webhook owner and any collaborators they explicitly invite. Collaborators are granted either viewer (read-only) or editor access.

Data Retention

You control how long your webhook event data is retained. You can configure a per-webhook retention period (in days) after which events are automatically deleted. You can also manually delete all events for a webhook at any time.

If you delete your account, all associated webhooks, event data, API keys, and collaborator relationships are permanently removed.

Third-Party Services

We use the following third-party services:

  • Google Cloud Platform: Infrastructure hosting, database, and event storage
  • Google Analytics: Anonymous website usage analytics
  • Gmail SMTP: Transactional email delivery (verification, password reset, notifications)

Your Rights

You can:

  • Access and export your webhook event data via the dashboard or API
  • Update your account information (email, password, timezone) in Settings
  • Delete individual webhook endpoints and their associated data
  • Delete your entire account and all associated data
  • Configure or disable email notifications at any time

Cookies

We use session cookies to maintain your login state. These cookies are HttpOnly (not accessible to JavaScript) and use the SameSite=Lax attribute for CSRF protection. We do not use advertising or tracking cookies beyond Google Analytics.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy, contact us at contact@intercooler.app.