PRIVACY POLICY

Effective date: April 28, 2026  ·  Last updated: April 28, 2026

1. Introduction

This Privacy Policy explains how Huntr ("we", "us", "our") collects, uses, and shares information when you use the Huntr API and website at tryhuntr.com (the "Service"). By using the Service you agree to the practices described here.

If you are located in the European Economic Area (EEA) or the United Kingdom, we act as the data controller for personal data we collect. If you are a California resident, additional rights are described in Section 9.

2. Information We Collect

We collect only what is necessary to operate and improve the Service:

CategoryWhatHow Collected
Account data Email address Provided when you create an account
API credentials API key (hashed reference only — we never store the plaintext key) Generated on account creation
Usage logs Request timestamp, tier used, credit cost, approximate response time, error codes. The last 500 requests are stored per account. Automatically on each API call
Research prompts Prompts you submit are passed to LLM providers (see Section 4) to generate results. We do not persistently store the content of your prompts beyond the duration of the API request. Submitted via API
Payment data Billing records (amount, date, transaction ID). Payment card details are processed entirely by Stripe — we never see or store card numbers. Via Stripe on purchase
Technical data IP address, request headers, Cloudflare edge metadata (used for abuse detection and rate limiting) Automatically on each request

We do not sell personal data. We do not collect sensitive personal data (health, financial, biometric, or political information).

3. How We Use Your Information

We use collected information to:

  • Provision and authenticate your account and API key;
  • Execute research requests and return results;
  • Manage your credit balance and process payments;
  • Monitor for abuse, enforce rate limits, and protect the integrity of the Service;
  • Send transactional emails (account creation, top-up confirmations, policy updates);
  • Comply with legal obligations.

We do not use your data for advertising or sell it to data brokers.

4. Third-Party Processors

To deliver the Service we share data with the following sub-processors. Each is bound by data processing agreements and their own privacy commitments:

ProcessorPurposeData Shared
Cloudflare Hosting, CDN, DDoS protection All request traffic (IP, headers)
Unkey API key management, credit balances, rate limiting Email, API key reference, credit transactions
Stripe Payment processing Email, purchase amount; card data handled solely by Stripe
OpenAI LLM inference (triage, synthesis, extraction) Research prompts, capability schemas
Anthropic LLM inference (optional model override) Research prompts
Google (Gemini) LLM inference (standard/deep tier synthesis) Research prompts
Serper.dev Web search results Search queries derived from your prompt
Firecrawl JavaScript-rendered web scraping Target URLs from your research task
Icypeas B2B enrichment (email finder, LinkedIn lookups) Names, domains, LinkedIn URLs from your prompt
LinkdAPI LinkedIn data access LinkedIn profile URLs from your prompt

We do not share your email address or account data with LLM or search providers. Only the minimum query data necessary to execute your research request is forwarded.

5. Data Retention

  • Account data — retained while your account is active and for 90 days after deletion.
  • Usage logs — the last 500 requests per account are stored; older entries are automatically overwritten.
  • Payment records — retained for 7 years as required for tax and accounting compliance.
  • Research prompts — not retained after the request completes.
  • Cloudflare logs — subject to Cloudflare's retention policies (typically 7 days for edge logs).

6. Cookies and Tracking

The Huntr website uses no third-party analytics cookies. We do not use Google Analytics, Meta Pixel, or similar tracking scripts. Cloudflare may set a security cookie (__cf_bm) for bot protection — this does not track you across sites and expires within 30 minutes.

7. Security

We apply industry-standard security measures including TLS encryption in transit, hashed credential storage, and access controls on our Cloudflare KV storage. However, no system is perfectly secure. You are responsible for protecting your API key. We cannot guarantee that unauthorized parties will never circumvent our security measures.

If you discover a security vulnerability, please disclose it responsibly to contact@tryhuntr.com.

8. Your Rights (EEA / UK)

If you are in the EEA or UK, you have the following rights under GDPR / UK GDPR:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your personal data (subject to legal retention requirements).
  • Restriction — request that we limit how we use your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdrawal — withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email contact@tryhuntr.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

Our legal basis for processing is: contract performance (account and billing), legitimate interests (abuse prevention, security), and legal obligation (financial records).

9. California Privacy Rights (CCPA / CPRA)

California residents have the right to:

  • Know what personal information we collect, use, and share;
  • Delete personal information we have collected;
  • Correct inaccurate personal information;
  • Opt out of the "sale" or "sharing" of personal information — we do not sell or share personal information;
  • Non-discrimination for exercising your rights.

To submit a request, email contact@tryhuntr.com with "California Privacy Request" in the subject line. We will respond within 45 days.

10. International Data Transfers

Huntr operates globally through Cloudflare's edge network. Your data may be processed in the United States or other countries where our sub-processors operate. When transferring personal data from the EEA or UK, we rely on applicable transfer mechanisms such as Standard Contractual Clauses (SCCs) entered into with our sub-processors.

11. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us immediately at contact@tryhuntr.com and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify you by email. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

13. Contact

For privacy questions, rights requests, or data protection concerns:

contact@tryhuntr.com

For security disclosures: contact@tryhuntr.com

For general support: contact@tryhuntr.com