Ultimately I wanted to build a tool that was helpful for debugging webhooks. The data about a request is only shown on the page for the box it's associated with, and it only stores what (and when) you send to it.
All data captured is required for the service to function as a useful tool. It is in our legitimate interest to capture the data in a request. By sending requests to the app, you consent to the data being stored as per the information below.
Data is stored for a maximum of 48 hours (from the time of the box being created), after which the box, as well as all attached requests (and thus, all data stored about a request) made to it will be removed from the system.
If you wish to remove the box before the 48 hour period has been reached you can delete a box by accessing the page where box requests are viewed and clicking "Delete box". Doing so will remove the box along with all attached requests (and this, all data stored about a request).
Data that's stored about requests made: