Privacy Policy

Last updated: May 19, 2026

HuntShield ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

Account Data: Email address, name, company (optional), use case preferences when you create an account
Payment Data: Processed by Stripe — we do not store full credit card numbers
Scan Targets: URLs and hosts you submit for security assessment
Waitlist Data: Email and name when joining our waitlist

1.2 Information Collected Automatically

IP Address: Logged for rate limiting and security purposes
Usage Data: Pages visited, features used, timestamp of access
Technical Data: Browser type, device information via standard HTTP headers

2. How We Use Your Information

To provide and maintain the Service (account management, scan execution)
To process payments through Stripe
To send waitlist confirmation and product update emails (with your consent)
To enforce rate limits and prevent abuse
To improve our Service through aggregated analytics

3. Legal Basis (GDPR)

For users in the European Economic Area (EEA), we process personal data on the following legal bases:

Contractual necessity: To provide the Service you requested
Legitimate interests: Service improvement, security, fraud prevention
Consent: Marketing emails (you may withdraw at any time)
Legal obligation: When required by applicable law

4. Data Sharing

We do not sell your personal data. We share data only with:

Supabase: Our database provider (EU-hosted, SOC 2 compliant)
Stripe: Payment processor (PCI DSS Level 1)
Resend: Email delivery service for transactional emails
Vercel: Hosting infrastructure

All third-party providers are GDPR-compliant and bound by data processing agreements.

5. Data Retention

Account data: Retained until account deletion
Scan data: Retained per your plan (7-365 days), then deleted
Waitlist data: Retained until you unsubscribe or request deletion
Rate limit logs: Retained for 1 hour rolling window

6. Your Rights

GDPR Rights (EEA Residents)

Right of Access: Request a copy of your data
Right to Rectification: Correct inaccurate data
Right to Erasure: Request deletion of your data
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in JSON format
Right to Object: Opt out of processing for legitimate interests

To exercise any of these rights, email privacy@hunter-shield.com. We respond within 30 days as required by GDPR Article 12.

CCPA Rights (California Residents)

Right to Know: Request disclosure of categories of data collected
Right to Delete: Request deletion of personal information
Right to Opt-Out: We do not sell data, so this is automatic

7. Cookies

We use minimal cookies:

Essential: Session token for authenticated users (JWT stored in localStorage)
No tracking cookies, advertising cookies, or third-party analytics cookies

8. Security

We implement appropriate technical and organizational measures including:

TLS 1.3 encryption for all data in transit
Encryption at rest for database storage (AES-256)
Row Level Security (RLS) on all database tables
JWT-based authentication with automatic token refresh
Rate limiting to prevent brute-force attacks

9. International Transfers

Your data is stored on Supabase servers in the EU (Ireland). If you access our Service from outside the EU, your data may be transferred to and processed in the EU, which has adequate data protection standards per GDPR Article 45.

10. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect data from minors.

11. Changes to This Policy

We will notify registered users of material changes via email. The updated policy will be posted on this page with a revised date.

12. Contact

Data Protection Officer: privacy@hunter-shield.com

For GDPR-related inquiries: dpo@hunter-shield.com