Terms of Use

Last updated: 2026-05-01

NomadHook is a free, no-signup tool to receive, inspect and replay webhooks. By using the service you accept the terms below. If you don't agree, don't use the service.

1. Service provided

NomadHook provides unique URLs (e.g. /h/<uuid>) that accept HTTP requests, display them in a web UI, and optionally relay them to a target URL of your choice (auto-forward and manual replay). The service is provided "as is", without any guarantee of availability, response time or storage capacity.

2. Acceptable use

You agree not to use NomadHook to:

Distribute illegal, malicious or harmful content (malware, phishing, harassment)
Run load tests, stress tests or any abusive usage pattern
Bypass technical limits (IP rotation, cookie multiplication, automated scraping)
Use the service as an attack relay or DDoS amplifier
Store personal, financial, medical or otherwise regulated data
Infringe a third party's intellectual property or privacy

3. Technical limits

To preserve quality of service for everyone, limits are enforced and exposed in real time at /api/limits. As a guideline:

Incoming webhooks

60 / min / IP · 200 / min / endpoint

URL creation

20 / hour / IP · 50 / day / browser

Storage

200 most recent requests / endpoint · 5 MB max body

Retention

30 days then automatic deletion

Global cap

5,000 endpoints across the instance

Exceeding a limit returns HTTP 429 with a Retry-After header. Persistent abuse may result in IP, prefix or origin blocking.

4. Privacy — our commitment

NomadHook is built to be a discreet and ephemeral tool. We don't build user profiles, we don't ask for any identity, and we don't keep data longer than what's needed for the service to work.

What we never collect

No account — no signup, no email, no password, no phone number
No name, no identity — you stay anonymous
No advertising or third-party tracking cookies — no Google Analytics, no Meta Pixel, no tag manager
No browser fingerprinting, no telemetry
No reselling, no sharing, no transfer of your data to a commercial third party

What we store (the technical minimum)

To do its job, NomadHook temporarily stores HTTP requests received on your /h/<uuid> URLs:

Method, path, query, headers, body, sender IP, timestamp
Approximate country/city derived from the IP via ip-api.com (third party, free, no DPA in place)
An nh_owner cookie (anonymous UUID, HttpOnly, 1 year) used only to know which browser created the URLs — not linked to your identity

For how long?

Automatic deletion after 30 days
Hard cap of 200 requests per URL — older requests are overwritten immediately above that
You can clear or delete your URLs at any time from the UI — deletion is immediate and permanent
Blocked requests (rate limit, blacklist) are never stored

Your rights

Since we collect no identifying data, there is no "user account" to export or delete. You exercise your rights through actions in the UI:

Access: all content received on your URLs is visible in the UI
Erasure: "Clear" button (wipes requests) or "Delete" (removes the URL and all its history)
Portability: "Copy as cURL" on each request to export the raw content

5. Ownership and liability

You retain ownership of the data you send. NomadHook disclaims any liability for direct or indirect damages (data loss, lost revenue, service interruption) resulting from the use or unavailability of the service.

6. Suspension & deletion

We reserve the right to suspend or remove an endpoint, an IP, an origin or a browser without notice in case of breach of these terms or abusive usage. Any data may be deleted at any time if the service is discontinued.

7. Changes

These terms may evolve. The last update date is shown at the top of this page. Changes take effect upon publication.

8. Contact

For any question: [email protected].

← Back to the app