Outbound

Privacy Policy

Last updated: May 18, 2026

This Privacy Policy explains how Edge Traversal ("we", "us") collects, uses, and protects information when you use Outbound for Workflows (the "Service"), a Stripe App that extends Stripe Workflows with custom actions.

1. Who we are

Edge Traversal is the publisher of the Service. Contact: support@outboundforworkflows.com.

2. What we collect

From Stripe, when you install the app

  • Your Stripe Account ID (e.g. acct_…)
  • The fact that you installed Outbound and when
  • Billing-subscription identifiers for your Outbound plan

From your Workflow invocations

  • Idempotency keys: the unique invocation ID Stripe sends with each action call. We use this to dedupe retries; retained for 24 hours then automatically purged.
  • Execution metadata: action name, duration, success or failure status, error category for failures. Used for analytics, support, and abuse prevention. Retained indefinitely.

What we do NOT store

  • Your third-party credentials (Discord webhook URLs, Notion tokens, Linear API keys, Postgres connection strings, etc.) — these live exclusively in Stripe's Secret Store and are injected into action invocations at runtime. We never see them at rest.
  • Your customers' data beyond what's strictly necessary to execute the requested action. Stripe event payloads flow through our servers in memory only and are not persisted.

3. How we use it

  • To deliver the Service — running actions, deduplicating retries, returning results.
  • To bill you according to your selected plan.
  • To investigate support requests you initiate.
  • To detect abuse (rate-limit violators, malformed payloads, suspicious patterns).
  • To improve the Service (aggregate, non-identifying metrics).

We do not sell your data. We do not use your data to train machine-learning models.

4. Who we share with

  • Stripe — as the platform we're built on. Stripe's own privacy policy governs that relationship.
  • Vercel — our hosting provider for the action endpoints.
  • Neon — our managed Postgres provider for idempotency + execution logs.
  • Sentry — error tracking. We exclude Stripe event payloads from error reports.
  • Law enforcement — only when compelled by valid legal process, and we will notify you unless prohibited.

5. Where data is processed

The Service operates from servers in the United States. By using the Service you consent to your data being processed in the US.

6. Your rights

You can request a copy of all data we have associated with your account, or request deletion, by emailing support@outboundforworkflows.com. We'll respond within 30 days. Note: deletion of execution logs may be constrained by billing-record retention requirements.

7. Uninstalling

When you uninstall the Service from your Stripe account, we retain execution logs for 90 days for billing reconciliation and audit, then purge them. Idempotency keys are purged immediately.

8. Security

All data in transit is TLS 1.2+. Our database is encrypted at rest. Access is restricted to operators with a need-to-know. We are not SOC 2 certified as of this version; enterprise customers with compliance requirements should contact us.

9. Changes to this policy

We may update this policy. Material changes will be announced via email to the address on your Stripe account. The "Last updated" date at the top of this page reflects the most recent change.

10. Contact

Questions about this policy: support@outboundforworkflows.com.