HackHuntersHackHunters

Privacy Policy

Last updated: November 30, 2025

1. Introduction

HackHunters ("we," "our," "us") provides digital security analysis and account protection services to help users identify vulnerabilities and secure their online accounts.

This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, products, and services (the "Services").

By using HackHunters, you agree to this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when creating an account, submitting an incident, purchasing services, or communicating with us. This may include:

  • Name
  • Email address
  • Phone number (optional)
  • Case details or descriptions you provide
  • Payment information (processed securely by Stripe; we do not store card numbers)
  • Intake form responses
  • Support communications and uploaded files

2.2 Information We Collect Automatically

When you interact with HackHunters, we automatically collect certain data:

  • IP address
  • Device and browser type
  • Operating system
  • Pages viewed and interactions with our site
  • Referring/exit pages
  • Basic performance metrics

We use cookies and similar technologies to personalize your experience and improve service performance.

3. Google Account Data (Required Google OAuth Disclosure)

If you choose to connect your Google account, HackHunters uses Google OAuth to request Gmail settings-only scopes for the purpose of performing security analysis.

3.1 Gmail Data We Access

We access only Gmail configuration settings, including:

  • Filters (rules that move, forward, archive, or delete messages)
  • Forwarding and auto-forwarding settings
  • Send-as identities and reply-to configuration
  • POP and IMAP access status
  • Gmail delegates (accounts authorized to read/send on your behalf)

3.2 Gmail Data We Do NOT Access

We do NOT access or store:

  • Email message contents
  • Subject lines
  • Bodies or attachments
  • Email metadata (timestamps, headers, sender/receiver lists)
  • Google Drive files
  • Contact lists (unless explicitly authorized for identity correlation)

3.3 How We Use Gmail Settings Data

Gmail settings data is used only to:

  • Detect suspicious or unauthorized account configuration
  • Identify risky filters, forwarding rules, or POP/IMAP access
  • Provide a security assessment and recommendations directly to the user

This data is never used for advertising, marketing, profiling, or shared with third parties.

3.4 Storage & Retention of Gmail Data

  • Gmail settings data is processed temporarily during the scan
  • Findings are shown to the user and may be stored as part of the security report
  • Gmail settings data is never sold, rented, or shared
  • Users may delete their account to remove stored findings at any time

3.5 Revoking Google Access

You may revoke HackHunters' access to your Google account at any time at: https://myaccount.google.com/permissions

Revoking access does not impact your ability to use other parts of HackHunters.

HackHunters' use of Google user data complies with the Google API Services User Data Policy.

4. Other Third-Party Integrations

4.1 Microsoft Accounts

If you connect your Microsoft account, we access:

  • Security configuration
  • Forwarding rules
  • Inbox rules
  • Login/multi-factor authentication status

We do not access message bodies.

4.2 Social Media Accounts (Facebook, Instagram, X/Twitter)

If connected, we may read:

  • Account security settings
  • Connected apps
  • Login activity
  • MFA status
  • Page roles (Facebook)

We do not access posts, messages, photos, or private content.

4.3 Stripe Payments

We use Stripe to process secure payments. We do not store your full payment card information.

4.4 Email Delivery (Resend)

We use Resend to deliver transactional emails. Your email address is used only for account communication.

4.5 EU VAT Compliance

If you are located in the European Union, certain purchases may be subject to VAT (Value Added Tax) under EU rules for digital services. VAT is calculated and collected at checkout by our payment processor, Stripe, based on your billing location.

HackHunters does not receive or store your full payment card details. We only receive VAT-related metadata necessary for invoicing and legal compliance. This information is used solely for tax calculation, billing, and record retention as required by law.

If you provide a valid EU VAT identification number, Stripe may apply reverse-charge rules where applicable. Any currency conversion for USD-denominated charges is handled by your bank or card issuer.

5. How We Use Your Information

We use your information to:

  • Provide security scans and account cleanup services
  • Deliver reports, alerts, and recommendations
  • Prevent fraud and unauthorized activity
  • Manage billing, subscriptions, and access
  • Improve the performance of our Services
  • Communicate with you regarding your account or cases
  • Maintain internal logs and diagnostics

We do not sell or share your personal information for advertising or marketing.

6. Information Sharing

We do not sell, rent, or trade your personal information.

We may share your information only with:

  • Service providers that help operate our Services (e.g., Stripe, Resend, hosting platforms)
  • Law enforcement or legal authorities when required to comply with applicable law
  • Your explicit consent, if you request that we work with a third party on your case

No Gmail- or Microsoft-derived data is ever shared with third parties.

7. Data Security

We use commercially reasonable security measures including:

  • Encryption in transit and at rest
  • Role-based access controls
  • Tokenized OAuth credentials
  • Audit logs for identity-related events
  • Limited employee access to user data

Despite our safeguards, no system is 100% secure.

8. Data Retention

We retain:

  • Account information: while your account is active
  • Security findings: until you delete them or close your account
  • Payment records: as required for tax and accounting
  • Case data: until you request deletion

You may request deletion of your account and associated data at any time.

9. Your Rights

Depending on your location, you have the right to:

  • Access your personal information
  • Correct inaccuracies
  • Delete your data
  • Request a copy (portability)
  • Withdraw consent
  • Opt out of emails
  • Revoke OAuth access
  • File a privacy complaint

Requests may be made at: support@email.hackhunters.ai

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). This section describes your rights and how you may exercise them.

10.1 Categories of Personal Information We Collect

In the preceding 12 months, HackHunters has collected the following categories of Personal Information:

  • Identifiers: name, email address, phone number (optional), IP address
  • Account Credentials: login identifiers, OAuth tokens (Google, Microsoft, social media)
  • Internet Activity: device information, browser type, pages visited, service interactions
  • Security Configuration Data: Gmail/Microsoft/social account settings accessed through OAuth
  • Scan Results: security findings, risk assessments, cleanup recommendations
  • Commercial Information: purchase history, subscription status, billing metadata
  • Profile Information: intake form responses, user preferences
  • Derived Identity Data: identity correlation records and risk state tags
  • Support Communications: messages, attachments, case details

We do not collect or store email message contents, social media posts, photos, direct messages, or private content from connected accounts.

10.2 Business Purposes for Collecting Personal Information

We collect Personal Information only for:

  • Providing security scans, findings, and account cleanup services
  • Detecting unauthorized access and risk patterns
  • Delivering reports, alerts, and recommendations
  • Managing payments, subscriptions, and billing
  • Maintaining, improving, and securing our Services
  • Preventing fraud, abuse, or unauthorized access
  • Providing support and fulfilling user requests
  • Compliance with legal requirements

We do not use Personal Information for advertising, profiling, or cross-context behavioral targeting.

10.3 Categories of Third Parties We Share Information With

We may share Personal Information only with:

  • Service Providers: Stripe (payments), Resend (email delivery), hosting providers
  • Integration Platforms: Google, Microsoft, Meta, Twitter/X — only when you connect your accounts and authorize access
  • Legal Authorities: when required to comply with applicable laws
  • Vendors: for secure infrastructure, security monitoring, and performance analytics

We do not sell Personal Information.

10.4 Your Rights Under CCPA/CPRA

California residents have the following rights:

Right to Know / Access

You may request disclosure of categories of data collected, specific pieces of Personal Information held, categories of sources, categories of third parties who received data, and business purposes for collection.

Right to Delete

You may request deletion of your Personal Information, subject to legal obligations.

Right to Correct

You may request correction of inaccurate Personal Information.

Right to Opt Out of Sale or Sharing

HackHunters does not sell or share Personal Information for cross-context behavioral advertising.

Right to Data Portability

You may request a copy of your data in a portable format.

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

10.5 How to Exercise Your Rights

You may submit a request using one of the following methods:

A. Self-Service

If you have an account, log in to your dashboard, go to Settings, and use the Delete Account option. All data tied to your identity will be permanently deleted.

B. Email Request

If you do not have an account or cannot access it, email us at support@email.hackhunters.ai with subject line "CCPA Request" and include the email address used with our Services.

C. Data Deletion Instructions Page

Visit our Data Deletion page for instructions on revoking OAuth access and requesting deletion of identity-level data.

10.6 Authorized Agents

California residents may designate an authorized agent to make a request on their behalf. We may require proof of the agent's identity, written authorization from the consumer, and verification of the consumer's identity.

10.7 Additional Information

We retain Personal Information only as long as necessary to provide the Services or comply with legal requirements. Anonymized analytics are retained but do not identify any individual.

11. Children's Privacy

HackHunters is not intended for individuals under 16. We do not knowingly collect information from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with a revised "Last Updated" date.

13. Contact Us

For questions about this policy or your data, contact:

HackHunters
Email: support@email.hackhunters.ai
Website: https://www.hackhunters.ai