Redline

Legal

Privacy Policy

Last updated July 9, 2026

Redline is built to need as little of your data as possible. There are no user accounts, so there's no profile, email, or password to store in the first place. This page describes exactly what the two tools do handle.

API Tester

When you send a request from the API Tester, your browser posts it to Redline's server, which makes the actual HTTP request on your behalf and returns the response to you. That round trip happens in server memory only — Redline does not write your requests, responses, headers, or bodies to any database.

Your request history (method, URL, headers, body) is saved only in your browser's localStorage, capped at the last 15 requests. It never leaves your device except when you actively click Send, and it's gone if you clear your browser storage.

Webhook Debugger

When you create an inbox, Redline generates a random, unguessable ID and stores it in a database. Any request sent to that inbox's ingest URL is captured in full — method, path, query string, all headers, the raw body, and the sender's IP address — and stored against that inbox ID so you can inspect it.

That data is kept until you clear it (removes the captured requests) or delete the inbox (removes everything, including the inbox itself). There is currently no automatic expiry — it's on you to clean up inboxes you're done with.

Because a captured request can contain anything a third party sends — including authorization headers, API keys, or other secrets embedded by whatever service you pointed at the inbox — treat your inbox contents as sensitive, and clear or delete them once you're done debugging. See the Security Policy for how that data is protected in the meantime.

What we don't do

  • No account creation, no login, no password to leak.
  • No analytics or tracking scripts are currently enabled on this site.
  • No cookies are set for tracking purposes.
  • No selling, renting, or sharing of any captured data with third parties.

If that ever changes — for example, if we turn on privacy-respecting analytics — this page will be updated first.

Where data lives

Webhook inbox data is stored in a managed Postgres database (Supabase). Access is locked down at the database level: only Redline's own server can read or write it, using a credential that never reaches your browser. See the Security Policy for details.

Questions

If anything here is unclear, or you want an inbox's data removed and can't reach it yourself, reach out via the Contact page.