HeaderHawk

Privacy Policy

Last updated: January 28, 2026

1. Introduction

HeaderHawk ("we", "our", "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our CSP monitoring service.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Organization name
  • Authentication credentials (managed by our auth provider)

CSP Report Data

When you configure your sites to send reports to HeaderHawk, we receive:

  • CSP violation details (blocked URI, violated directive, etc.)
  • Document URL where the violation occurred
  • Browser and user agent information
  • Timestamps

CSP reports may contain URLs from your users' browsers. We do not use this data to track individual users.

Payment Information

For paid subscriptions, payment details are collected and processed by Stripe. We do not store credit card numbers on our servers.

Usage Data

We collect anonymized analytics about how you use our service, including pages visited and features used.

3. How We Use Your Information

We use your information to:

  • Provide and maintain the HeaderHawk service
  • Process your CSP reports and display analytics
  • Send service-related notifications
  • Process payments for paid subscriptions
  • Improve our service based on usage patterns
  • Respond to support requests
  • Detect and prevent abuse

4. Third-Party Services

We use the following third-party services to operate HeaderHawk:

Service Purpose Data Shared
Stripe Payment processing Email, billing address, payment method
Descope Authentication Email, name, auth tokens
Tinybird CSP report analytics CSP reports (your data)
Axiom Application logging Request logs, error traces
Neon Database hosting Account and site configuration
AWS Infrastructure hosting All service data
Umami Product analytics Anonymized page views

Each service has its own privacy policy governing their use of data.

5. Data Retention

We retain your data according to these guidelines:

  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • CSP reports: Retained according to your subscription tier (7 days to 1 year)
  • Payment records: Retained for 7 years for tax and legal compliance
  • Usage logs: Retained for 90 days

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Data encrypted in transit (TLS) and at rest
  • Access controls and authentication requirements
  • Regular security assessments
  • Incident response procedures

7. Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Download your CSP report data
  • Object: Opt out of certain data processing

To exercise these rights, contact us at privacy@headerhawk.com .

8. Cookies

We use cookies for:

  • Authentication: To keep you logged in
  • Preferences: To remember your settings (e.g., dark mode)
  • Analytics: To understand service usage (via Umami, privacy-focused)

We do not use cookies for advertising or tracking across websites.

9. International Data Transfers

Our services are hosted in the United States. If you access Header Hawk from outside the US, your data will be transferred to and processed in the US. We use standard contractual clauses and other safeguards for international transfers where required.

10. Children's Privacy

HeaderHawk is not intended for use by children under 16. We do not knowingly collect information from children. If we learn we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or through the service. The "Effective" date at the top indicates when the policy was last updated.

12. Contact Us

For privacy questions or concerns, contact us at: