Privacy Boundary
Dualhook enforces a strict metadata-only boundary for operations:
- No message body storage — message content routes directly from Meta to your endpoint via Webhook Override.
- No WhatsApp media binary storage — Dualhook does not proxy or retain WhatsApp media files in the standard Webhook Override flow.
- No conversation archive — Dualhook does not maintain a record of message threads.
Only operational metadata needed for setup, monitoring, and compliance features is stored. This includes webhook delivery logs, health check snapshots, template management records, and connection configuration.
Configurable Retention
Organization admins can set retention windows for webhook logs and health checks:
| Window | Use case |
|---|---|
| 7 days | Minimal retention for lean operations |
| 30 days | Standard operational window |
| 90 days | Extended retention for audit and compliance |
Records older than the configured retention policy are purged automatically. Retention settings apply per organization and can be adjusted at any time from the Dualhook dashboard.
CSV Export
Dualhook supports CSV export of webhook logs for audits and incident analysis.
Current CSV columns:
| Column | Description |
|---|---|
id | Internal log record ID |
event_type | Webhook event type |
delivery_status | Delivery outcome (delivered, failed, pending) |
waba_id | WhatsApp Business Account ID |
phone_number_id | Phone number ID |
trace_id | Dualhook trace identifier |
received_at | Timestamp when event was received |
delivered_at | Timestamp when event was forwarded |
error_message | Error details (if applicable) |
Organization Isolation
All compliance settings and exported data are organization-scoped. One organization cannot access another organization's logs, settings, or connection data.
This isolation extends to all Dualhook features: webhook logs, health checks, template management, and connection configuration are fully partitioned by organization.
The same organization boundary also applies to in-app support conversations. Support tickets are attached to the workspace that created them, which helps keep operational context and access controls aligned.
For architecture and security details, see Architecture & Security. For formal legal terms, see the Privacy Policy, DPA, Subprocessors, and Security / TOMs. For account health management, see Maintain Account Health. For the support workflow itself, see Support, Contact, and Bug Reports.