Privacy Policy

Last updated: 13 May 2026

1. Who we are

Charon Gate is operated by Obsidian Dynamics Limited(Company No. 16663833), registered in England and Wales. Registered office: Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset BH16 6FA. We are registered with the UK Information Commissioner’s Office (ICO) under registration number ZC141175.

For privacy enquiries, contact us at [email protected].

2. What data we collect

  • Account data: email address, name (optional), provided during registration via Clerk.
  • Webhook payload data: raw HTTP request bodies and headers sent to your ingest endpoints, stored for delivery, replay, and DLQ functions.
  • Usage data: event counts, delivery outcomes, endpoint configuration.
  • Billing data: subscription tier, payment status (payment card details are held by Stripe, not us).
  • Technical data: IP addresses, user agent strings, timestamps for inbound requests.

3. How we use your data

  • To provide the Charon Gate service (webhook ingestion, queuing, delivery, replay).
  • To authenticate and manage your account.
  • To send transactional emails (account verification, alerts, billing).
  • To improve service reliability and debug issues.
  • To meet legal obligations.

4. Legal basis for processing (UK GDPR)

  • Contractual necessity — processing required to provide the service you subscribed to.
  • Legitimate interests — security monitoring, abuse prevention, service improvement.
  • Legal obligation — record-keeping and compliance with applicable law.

5. Data retention

Webhook event payloads are retained for 90 days by default (configurable per tenant). Account data is retained for the duration of your subscription plus 90 days after cancellation. Billing records are retained for 7 years to comply with UK tax law.

6. Sub-processors

  • Clerk — authentication and account management (clerk.com)
  • DigitalOcean — cloud infrastructure hosting (digitalocean.com), servers in New York, USA
  • Cloudflare — DNS, CDN, and DDoS protection (cloudflare.com)
  • Stripe — payment processing (stripe.com)
  • Resend — transactional email delivery (resend.com)
  • Sentry — error monitoring (sentry.io)

Infrastructure hosted in the USA operates under the UK–US Data Bridge adequacy framework or equivalent safeguards.

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request erasure (“right to be forgotten”).
  • Object to or restrict processing.
  • Data portability.
  • Lodge a complaint with the ICO (ico.org.uk).

To exercise any right, email [email protected]. We will respond within 30 days.

8. Cookies

Charon Gate uses strictly necessary session cookies set by Clerk for authentication. These cookies are required for the service to function and do not require consent under UK PECR. We do not currently use analytics or advertising cookies.

9. Changes to this policy

We will notify users by email of material changes. The latest version is always available at this URL.