Privacy and Data Retention: What email-webhook Stores (and What It Doesn't)
If you're routing business email through any third-party service, a fair question to ask is: what exactly does this service see, and what does it keep? This article answers that question for email-webhook, with specifics grounded in how the service actually works.
The short version
email-webhook is designed to be a pass-through, not an archive. When an email arrives, the service parses it and immediately fires an HTTP request to your endpoint. The email content is not written to disk at any point in that process.
What IS stored
Your account and webhook configuration
Your account data (name, email address) and all webhook settings are stored persistently:
| Data | Where | Deleted when |
|---|---|---|
| Account name and email | Main database | You delete your account |
| Webhook URL, method, headers | Main database | You delete the webhook |
| From-email filter setting | Main database | You delete the webhook |
This is the data that makes the service work โ without it, incoming mail can't be routed to the right endpoint.
A note on stored headers: Custom headers you configure on a webhook (for example, an Authorization: Bearer <token> value) are stored in the webhook record. Treat these like passwords: rotate them if you suspect exposure.
Message log metadata (opt-in only)
If you enable Message Logs on a webhook, the service records delivery metadata for each email that triggers it. This feature is off by default. When enabled, the following fields are stored per delivery:
| Field | Example |
|---|---|
| Sender address | orders@mystore.com |
| Recipient address | abc123xyz@email-webhook.com |
| Subject line | Order confirmed #4821 |
| Body size | 2 048 bytes |
| Attachment count and total size | 1 file, 45 KB |
| HTTP status code and text | 200 OK |
| Delivery duration | 142 ms |
| Final state | delivered / failed |
| Timestamp | Unix milliseconds |
Log data is stored in a separate per-user database, isolated from other accounts.
What is NOT stored
Email body content
The plain-text (or HTML fallback) body of every email passes through memory during processing and is forwarded to your endpoint. It is never written to disk. Message Logs record the body's size in bytes โ so you can see that a 14 KB message arrived โ but the content itself is gone the moment the HTTP request is dispatched.
Attachment content
Attachments are base64-encoded and included in the JSON payload sent to your endpoint. Like the email body, they exist only in memory during transit. The attachment count and total size are recorded in Message Logs when logging is enabled, but the attachment data itself is never persisted.
Your endpoint's HTTP response
After your server responds, the response body is immediately discarded. Message Logs capture the HTTP status code and status text (e.g. 200 OK or 404 Not Found), but nothing from the response body.
Comparison with IMAP-based email parsing services
Many hosted email-parsing services work differently: they accept mail into a persistent mailbox, store the full message, and let you poll or query it later. That model means your email content โ including body and attachments โ is retained on their servers, often indefinitely or until an explicit delete.
email-webhook has no mailbox. There is no stored copy of any message to query, replay, or export. If your endpoint is down when an email arrives, the delivery attempt is made once and the content is not buffered for retry.
This is a deliberate trade-off: you get strong privacy guarantees and no data accumulation, at the cost of having no built-in replay mechanism. If a delivery fails, the fix is to ensure your endpoint is reachable and send the email again.
Controlling your data
Disabling Message Logs
Turning off Message Logs on a webhook stops all future metadata collection immediately. Existing log entries remain until you delete them manually.
Deleting log entries
The Delete logs action on a webhook's settings page removes all log entries for that webhook at once. There is no per-entry deletion.
Deleting a webhook
Deleting a webhook removes its configuration from the database. Any associated log entries must be deleted separately before removing the webhook, or they will be cleaned up automatically when the webhook is gone.
Deleting your account
Deleting your account removes your webhook configurations and account data. Log databases are removed as part of account teardown.
What we don't do
- No ad tracking or analytics on your email content. We have no visibility into what your emails say.
- No selling or sharing of your data. Webhook configurations and log metadata are yours.
- No compliance certifications (SOC 2, ISO 27001, etc.) โ if your compliance programme requires certified infrastructure, that requirement sits on your end, not ours.
- No data residency options โ the service runs on a single deployment. If regional data residency is a hard requirement, email-webhook is not the right tool.
Next steps
- To understand exactly what metadata Message Logs capture, see Debugging with Message Logs.
- To lock down your endpoint so only email-webhook can call it, see Authenticating Your Endpoint.
- For the full legal data-handling policy, see the Privacy Policy.