← Back to FiveHook

Privacy Policy

Effective date: 1 March 2026 · Last updated: 9 March 2026 (v1.2)

1. Overview

FiveHook ("we", "our", or "the Service") is a Discord webhook proxy and protection service designed for FiveM server operators. This Privacy Policy explains what data we collect, why we collect it, how it is stored, and your rights under applicable law including the General Data Protection Regulation (GDPR).

By using FiveHook, you agree to the practices described in this document. If you do not agree, please discontinue use of the Service.

2. Data We Collect

2.1 Account Data (via Discord OAuth2)

When you sign in with Discord, we receive and store:

  • Discord User ID
  • Display name and username
  • Avatar hash (used to display your profile picture)
  • Email address (if granted by your Discord privacy settings)

We do not request your Discord password, direct messages, server list, or any other permission beyond basic identity. You may review and revoke this authorisation at any time via Discord → User Settings → Authorized Apps.

2.2 Webhook Configuration Data

To provide the proxy service, we store the Discord webhook URL you submit. This includes the webhook ID and token, which are necessary to forward requests to Discord on your behalf. This data is encrypted at rest and is never shared with third parties or displayed back to you in full.

2.3 Request Log Data

Each request that passes through the proxy is logged with the following metadata:

  • Anonymized IP address — the last octet of IPv4 addresses is zeroed (e.g. 192.168.1.0); the last four groups of IPv6 addresses are masked. The original IP is never stored.
  • User-Agent string — used to verify FiveM origin.
  • HTTP method — POST, DELETE, etc.
  • Request outcome — allowed, blocked, or rate-limited.
  • Payload size in bytes — the byte count of the request body. The content of your messages is never read, stored, or processed beyond forwarding.
  • Timestamp

Log retention: Request logs are automatically and permanently deleted after 7 days via a daily scheduled cleanup. Additionally, each webhook retains at most the 200 most recent log entries at any time. No manual intervention is required.

3. What We Do Not Collect

  • The content of webhook messages (embeds, text, media URLs)
  • Full, unmasked IP addresses
  • Browser cookies beyond the session token required for authentication
  • Any data from third-party tracking or analytics services

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contractual necessity (Art. 6(1)(b) GDPR) — Account data and webhook configuration are necessary to provide the Service you have requested.
  • Legitimate interest (Art. 6(1)(f) GDPR) — Anonymized request logs are processed to detect abuse, enforce rate limits, and maintain service integrity, with minimal privacy impact due to anonymization.

5. Data Sharing

We do not sell, rent, or trade your personal data. We do not share data with advertisers or analytics platforms. Webhook forwarding necessarily involves transmitting request payloads to Discord's API — this is the core function of the Service and is initiated solely by your FiveM server.

6. Data Security

Webhook tokens are stored in an encrypted, access-controlled cloud database (Neon PostgreSQL). Transient rate-limiting and duplicate-detection state is held in an in-memory cache (Redis) and contains no personal data — only anonymized webhook identifiers and timestamps. We apply TLS/HTTPS for all data in transit. Despite these measures, no system is perfectly secure, and we cannot guarantee absolute security.

7. Your Rights

Under GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure ("right to be forgotten") — you may delete your account and all associated data at any time, instantly and without contacting support, via Dashboard → Settings → Delete Account. Deletion is immediate and permanent: all webhooks, request logs, statistics, and account data are removed from our systems at the moment you confirm.
  • Restriction — request that we limit processing of your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.

To exercise any of these rights, contact us via our Discord server or the email address listed in Section 9. We will respond within 30 days.

8. Cookies

FiveHook uses a single session cookie (next-auth.session-token) to maintain your authenticated state. This cookie is strictly necessary for the Service to function and does not track you across other websites. No third-party cookies are used.

9. Contact

For privacy enquiries, data requests, or complaints, please reach out via our Discord support server. If you are in the EU and believe we have violated your rights, you have the right to lodge a complaint with your local data protection authority.

10. Changes to This Policy

We may update this Privacy Policy as the Service evolves. Material changes will be announced via the dashboard or our Discord server. Continued use of the Service after changes are published constitutes your acceptance of the updated policy.