Privacy Policy

Hunter helps businesses connect with each other by providing web applications, browser extensions, and other online services.

This Privacy Policy describes how we use personal data, how we share it, and your rights and choices. At Hunter, being transparent on the data we collect and process is part of our mission. We aim to make this Privacy Policy as clear and easy to read as possible. If you have any questions related to privacy, please get in touch with us at privacy@hunter.io.

1. What is the scope of this Privacy Policy?

"Hunter", "we", "our", "us" refers to Hunter Web Services, Inc.

This Privacy Policy applies to all services offered by Hunter ("Services"), which includes the services offered on the website Hunter.io, and Hunter services accessed through integrations, such as the Hunter browser extensions, Google Sheets add-on or use of Hunter through API or other integrations ("Sites").

Depending on the context, "you" means Hunter User, Business Profile or Visitor:

• When you create a Hunter account to use the Services, we refer to you as an "Hunter User".
• When your personal data appears on public web pages, it might be collected by Hunter to provide the Services. In this case, we refer to you as a "Business Profile".
• When you visit the Hunter Site without being logged into a Hunter account, we refer to you as a "Visitor".

The database of Business Profiles provided in the Services to Hunter Users is referred to as the "Profiles Database".

For US state privacy laws, "Consumer" means a natural person who is a resident of an applicable US state acting in an individual or household context. It does not include individuals acting in a commercial or employment context.

2. What personal information does Hunter process?

When we refer to “personal data” we’re talking about a broad range of information. Global data protection laws define this concept in different ways, but in general, we mean any information that relates to an identifiable, living individual person.

The General Data Protection Regulation ("GDPR") makes a distinction between the roles of “Controllers” and “Processors” of personal data. A controller decides why and how to process personal data. A processor does not make decisions about personal data; it only processes personal data on behalf of a controller based on the controller’s instructions. Below we mention the legal basis for processing personal data as required in the GDPR.

Hunter's Profile Data includes both email addresses collected directly from websites where they were published, and email addresses generated through pattern analysis based on names and organizational affiliations found on public sources. We distinguish between these collection methods in our interface, API, and throughout this Privacy Policy. Generated emails are validated for technical deliverability and include confidence scores indicating reliability. For complete details, see "When Hunter collects and generates professional contact data" below.

Hunter acts in the capacity of a "Controller" for processing of the following data:

a. When you visit our website (“Visitor Data”)

When you visit our website, Hunter tracks your usage which includes statistics such as which pages you visit and how long you look at them. This may include information such as IP address, geolocation information, browser type and information about the use of our website, including a history of the pages you view. You may be tracked between successive sessions with the use of cookies.

Legal Basis: Legitimate business interest

Retention: Not stored for longer than 14 months after collection.

b. When you create a Hunter account (“Account Data”)

When you create a Hunter account, we ask for the following information: email address, your full name, phone number, payment and billing address, if applicable.

We use this data to give you access to the Services, this data is used to enter into business relationships with you. This information allows us to authenticate you with your Hunter account. We also use the contact information to share information about the service, announce new features, or share relevant educational content.

Legal Basis (GDPR): Contractual necessity

Retention: Until Hunter Users delete their account, with exceptions:

• Email search and verification history: 3 months.
• Transactional email history: 90 days.
• Automated bug reports: 90 days.
• Session recordings: 30 days.
• Payment and billing information: as legally required by payment provider.

c. When you register for a Hunter webinar or subscribe to Hunter newsletter

When Hunter Users or potential users register for our webinars, we collect the full name and email address. When they subscribe to our newsletters, we collect the email address only. The purpose is to reach out to them.

Legal Basis: Consent

Retention: As long as necessary for webinar follow-up, or until unsubscribe from the newsletter.

d. When you use our services (“Usage Data”)

Whether it is on the Sites, through the API or add-ons provided by Hunter, we monitor your usage of the Services, and log requests that you make. Those logs can include information such as features usage on the Sites, name, contact information, subscription plan, user feedback, geolocation information, payment information, and the browser used.

We use this data to improve user experience, we're looking at usage patterns and statistics to understand what to improve on Hunter. This includes, for instance, tracking the usage of a specific feature or running A/B tests. It can also be data directly shared by you, like the information you share in a survey. We also use this data to fight fraud. Hunter has automated systems in place to fight payment fraud and violation of our Terms of Service. It uses various information and signals related to the account activity. In certain cases, this information is reviewed manually.

Legal Basis: Legitimate business interest

Retention: 3 months

Further, when a User manually enters a domain name in the Domain Search on a Site, if we don't have it in our database, we might add it to a list of domain names to discover. This allows us to explore the domain shortly after and notify the user if more data can be found. When using our Services, you might send us some data or files. For example, enter email addresses in the Email Verifier, or names in the Email Finder. When a Hunter User searches for a domain that we don't have in our database, we add it to our database (“User Input Data”).

Legal Basis (GDPR): Legitimate business interest

Retention: Until data is removed from public sources or a claim is made for removal.

e. When you contact our support (“Support Data”)

When you contact our customer support, we may process your features usage, name, contact information, subscription plan, billing history and access your accounts data (leads, campaigns) when necessary. If you reach out via email or chat, we keep conversations and other data you might send during those exchanges. We use this data to offer customer support, via email or chat, to help you take full advantage of our Services or fix problems you encounter. To do so, the customer success specialist will access the information relevant to the issue. It can include account information or activity monitoring.

Legal Basis: Legitimate business interest

Retention: Logged-in users: up to 6 months after account deletion. Non-logged-in users: 9 months.

f. When Hunter collects public web data (“Profile Data”)

When Hunter collects and generates Profile Data, Hunter builds its Profiles Database through two methods:

(i) Web scraping (direct collection)

Hunter crawls public web pages to collect data related to professional profiles. Only public web pages and publicly available content are processed. Similarly to search engines, Hunter's robot follows the robots.txt standard instructions and doesn't crawl a website if indicated not to. Learn more: https://hunter.io/robot. If Hunter's robot comes across private consumer data such as a personal email address or personal phone number, it does not process it.

On those public pages, Hunter's robot looks for business data such as names, professional email addresses, job titles, social networks URLs, or professional phone numbers.

(ii) Email generation (pattern-based inference)

When Hunter identifies a person's name and organizational affiliation on public web pages but their email address is not published, Hunter may generate a professional email address using pattern analysis, typically applying the following steps:

• Pattern identification: We analyze email formats used by an organization based on emails previously collected from that domain.
• Email construction: When we find a name associated with an organization, we apply the identified pattern to construct a potential email address.
• Validation: We verify the generated email is technically deliverable through multi-step validation.
• Quality assessment: We assign a confidence score and only generate emails meeting our minimum quality threshold.

Our interface and API label the collection method, and include confidence scores indicating their reliability.

Legal Basis: Legitimate business interest

We process Profile Data (both collected and generated) based on our legitimate interest in providing comprehensive professional contact databases for business-to-business purposes. We have conducted a Legitimate Interest Assessment and a Data Protection Impact Assessment demonstrating that our processing, with implemented safeguards, is proportionate and does not override fundamental rights in the professional business-to-business context.

Retention: As long as information is available on public sources or until removal request. Profiles are removed within 3 months if no longer on source pages.

We store Profile Data for as long as this information (or the underlying names for generated emails) is available on publicly accessible sources, or until you request removal.

Note: When the Profile Data is obtained by Hunter Users, this is done by a Controller-to-Controller transfer, wherein Hunter Users process the Profile Data for their own purpose and use in their capacity as independent Controllers. Hunter Users remain responsible for their GDPR compliance when processing Profile Data as Controllers.

3. AI Use

Hunter uses artificial intelligence (AI) and machine learning (ML) technologies to provide and improve our Services. We are committed to responsible AI use that respects your privacy rights and prevents discriminatory outcomes.

Our own AI/ML models

• Name detection and extraction: Machine learning models identify and extract names and organizational affiliations from text found on public web pages.
• Email pattern analysis: Algorithms analyze patterns in organizational email addresses to enable email generation when email addresses are not directly published.
• Email validation: Automated systems verify that email addresses (both collected and inferred) are technically valid and deliverable.
• Quality assessment: ML models assess the confidence level of generated emails based on pattern strength, name structure, and validation results.
• Service optimization: AI detects fraud, prevents abuse, improves search relevance, and enhances user experience.

Legal Basis: Legitimate business interest

Third-party AI services (OpenAI)

Hunter integrates OpenAI's language models to provide the following features to Hunter Users:

• AI-powered email writing assistance: Users can generate personalized email content for outreach campaigns, including email copy, subject lines, and call-to-action text.
• Content discovery and research: AI assists Users in discovering relevant content, companies, and contacts based on natural language queries (Discover feature).
• Email personalization: AI generates personalized email variations based on recipient context and campaign parameters.

These features are entirely optional. Users can perform all core Hunter functions (Domain Search, Email Finder, Email Verifier, and Campaigns) without using AI-powered features.

Legal Basis: Contractual necessity (to provide the AI service requested by the User) and legitimate business interest (to offer enhanced features).

Data that may be processed by OpenAI

• User-written prompts and instructions.
• Email draft content that the User asks AI to improve or revise.
• Context the User provides (for example, "Make this more formal").
• Company names, contact names, or job titles only if the User includes them in their prompt.

Safeguards for third-party AI processing

1. No training on user data. Hunter has contractually opted out of allowing OpenAI to use any data processed through our integration for AI model training purposes. User data is processed only to provide the requested AI service and is not used to improve OpenAI's models.
2. Limited retention. OpenAI does not retain User data for longer than necessary to provide the service. Per OpenAI's data retention policies, API data may be retained for up to 30 days for abuse and misuse monitoring purposes, after which it is deleted.
3. Contractual data processing agreement. Our agreement with OpenAI includes processing only according to Hunter's documented instructions, confidentiality obligations, deletion or return of data on termination, technical and organizational security measures, prohibition on model training use, GDPR Article 28-aligned sub-processor obligations, and assistance with data subject rights requests.
4. Access controls and permissions. Hunter maintains strict controls over AI feature access, including role-based access control, API management controls, workspace-level permissions, and audit logging of AI feature usage.
5. User control and editorial authority. Users decide whether to use AI features on a case-by-case basis. All AI-generated content is presented as a suggestion that Users can review, edit, or discard. Users can disable AI features entirely in account settings.

Hunter does not make solely automated decisions that produce legal or similarly significant effects concerning you without human oversight (Article 22 GDPR).

We are committed to responsible AI use that respects your privacy rights and prevents discriminatory outcomes.

Hunter acts in the capacity of a "Processor" for processing of the following data:

a. When Users use the Campaigns feature (“Campaign Data”)

Hunter Users can manage leads lists to send them cold email campaigns, or sync them with other applications. They can connect their email clients such as Gmail or Outlook to send emails through Hunter. In their dashboard, they have access to tracking information and tools to help them manage replies. Hunter needs to store the emails sent in its service (which includes the recipients, subjects and content), and the potential replies they receive. Certain features might perform searches in their mailboxes; in this case, the emails returned will be temporarily stored on our servers.

The data collected from email clients is never shared with third-parties. It stays private to the Hunter User and their team if applicable. This data is stored until the user decides to delete their account.

Retention: Until the user deletes their Hunter account.

b. When Users edit their account settings (“Account Management”)

All account settings and profile information can be edited by a User in their dashboard. Hunter processes this information on behalf of the User, until the User account remains active.

Retention: Until the user deletes their Hunter account.

c. When Users enrich their data (“Data Enrichment”)

Users may enrich professional profiles data to do email outreach in marketing, sales or hiring. All tasks done by Users to enrich their data with Hunter's data services such as the Domain Search, Email Finder and Email Verifier, are processed by Hunter as a Processor. This data is processed by Hunter until the User’s account remains active.

Retention: Until the user deletes their Hunter account.

d. When Users manage their leads (“Leads Management”)

Users utilize the Leads feature on Hunter to qualify and manage their lists of leads in their marketing, sales, or hiring activities. This includes full names, and contact information. Hunter Users can store, edit and delete this personal information. Hunter processes this personal information for as long as the User’s account with Hunter remains active.

Retention: Until the user deletes their Hunter account.

4. Sale, sharing, and targeted advertising

Do we sell your personal data?

Hunter does not sell your personal data to third parties for monetary consideration. We do not exchange your personal data for any other valuable consideration that would constitute a "sale" under applicable state privacy laws.

Do we use your data for targeted advertising?

We use cookies and similar technologies to serve targeted advertising based on your browsing activity on our Sites. You may opt out of targeted advertising at any time through our Cookie Policy or by using universal opt-out mechanisms.

Profiling

We use your Usage Data to evaluate usage patterns and preferences to improve Services. We do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

5. International Data Transfers

While Hunter servers are located in Belgium, Hunter may need to transfer your personal data to Hunter Users, service providers, and to third parties in various countries and jurisdictions around the world. In each case, we take care to use appropriate safeguards to ensure your personal data remains protected.

We rely instead on data transfer mechanisms to transfer personal data outside the EEA and the UK, such as Standard Contractual Clauses and the International Data Transfer Agreement. For further information on our service providers, please see section 7 below.

6. Your rights and choices

GDPR rights (EEA and UK residents)

You have the following rights in relation to the personal data that we hold about you:

• To access your personal data, and some related information as described in the section below "Know if we have information concerning you and what that information is". In particular, you have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:
  • If you're in our database;
  • Exactly what data we hold;
  • The purposes of the processing;
  • How long the data will be kept;
  • On what legal basis the data has been processed.
• To require any inaccurate personal data to be rectified, completed, including by means of providing a supplementary statement. If you're a Hunter User, you can log in to your Hunter account and update your information. You can also permanently destroy your account in your settings. If you're a Business Profile, you can use the Claim feature at the following address to update or delete your personal data in the Profiles Database: "https://hunter.io/claim";
• To require us to delete the personal data in certain circumstances provided by law;
• To require us to restrict or block the processing of your personal data in certain circumstances (when processing is restricted, we can still store your personal data, but may not use it further);
• To obtain from us your personal data, in a structured, commonly used and machine-readable format in certain circumstances. Further, you may have the right to require us to transmit your personal data directly to another person where it is technically feasible to do so;
• To object to our use of your personal data for direct marketing purposes at any time and you may have the right to object to our processing of some or all of your personal data (and require them to be deleted) in some other circumstances;
• Where we are processing your personal data based on your consent to such processing, to withdraw your consent at any time.

Additionally, we conduct Data Protection Impact Assessments for our processing activities. Summaries of our assessments and Legitimate Interest assessment are available upon request at privacy@hunter.io. Full assessments are available to supervisory authorities upon request in connection with an investigation.

How to lodge a complaint

If you are unsatisfied with our response to your privacy request or have concerns about our processing, first contact us at privacy@hunter.io - we're committed to resolving issues.

If you remain unsatisfied, you have the right to lodge a complaint with your supervisory authority:

• EEA residents: your national data protection authority or CNIL (France).
• UK residents: Information Commissioner's Office (ICO) - https://ico.org.uk.
• US residents: your state Attorney General.

Rights related to AI processing

If AI systems (either Hunter's proprietary systems or third-party AI services) have processed your personal data, you have additional specific rights:

Right to information about AI logic (Article 13/14 GDPR, US state laws)

You can request information about:

• Which AI system processed your data.
• The purpose of the AI processing.
• What categories of data were used as input.
• The general methodology and logic of the AI system.
• What safeguards were applied (including discriminatory content filtering).
• The significance and envisaged consequences of the processing.

Right to human review (Article 22 GDPR)

If you believe an automated AI system has made a decision with legal or similarly significant effects concerning you, you have the right to:

• Obtain human intervention in that decision.
• Express your point of view about the decision.
• Request an explanation of how the decision was reached.
• Contest the decision and request reconsideration.

Right to opt out of AI features (Hunter Users)

Hunter Users can:

• Disable AI-powered features (email writing assistance, Discover, and personalization) in account settings at any time.
• Continue using all core Hunter Services without AI features.
• Request that any data previously processed through AI features be deleted.

To exercise these rights, contact privacy@hunter.io with your request. We will respond within the timeframes required by applicable law.

7. Service providers helping us manage your data

When Hunter engages third-party service providers in its capacity as a data processor for Hunter Users’ personal data, the GDPR calls these providers sub-processors.

The details of our sub-processors are available at the following address: "https://hunter.io/subprocessors".

When we engage service providers to process personal data on our behalf, we enter into written contracts that require these providers to:

• Process personal data only according to our documented instructions.
• Ensure all persons processing data are subject to confidentiality obligations.
• Implement appropriate technical and organizational security measures.
• Assist us in responding to consumer rights requests.
• Delete or return personal data at our direction when services end.
• Make available information necessary to demonstrate compliance.
• Allow and cooperate with audits or inspections (except in Iowa).
• Notify us of any security incidents.
• Engage subcontractors only with our prior authorization.
• Ensure subcontractors agree to the same data protection obligations.

8. Use of cookies

We use cookies to make sure the Sites work properly, analyze the use of the Services, save preferences and serve targeted advertising.

You can learn more on how we use cookies and your choices in our Cookie Policy: https://hunter.io/cookie-policy

9. US state privacy rights

(Notice for residents of US states with privacy laws)

This section applies to residents of Texas, Virginia, Colorado, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Minnesota, Maryland, Oregon, Montana, Kentucky, Indiana, and Rhode Island (collectively, "Applicable States").

Effective dates by state

• Texas: July 1, 2024
• Virginia: January 1, 2023
• Colorado: July 1, 2023
• Delaware: January 1, 2025
• Iowa: January 1, 2025
• New Hampshire: January 1, 2025
• New Jersey: January 15, 2025
• Nebraska: January 1, 2025
• Minnesota: July 31, 2025
• Maryland: October 1, 2025
• Oregon: July 1, 2024
• Montana: October 1, 2024
• Kentucky: January 1, 2026
• Indiana: January 1, 2026
• Rhode Island: January 1, 2026

a. Your privacy rights

1. Right to know and access

Confirm whether we are processing your personal data and access such data, including:

• Categories of personal data we collect.
• Specific pieces of personal data we hold.
• Categories of sources from which we collect personal data.
• Business or commercial purposes for collecting personal data.
• Categories of third parties with whom we share personal data.

2. Right to delete

Request deletion of personal data we have collected from you, subject to certain exceptions under applicable law.

3. Right to correct

Available in all Applicable States except Iowa. Request correction of inaccuracies in your personal data.

4. Right to data portability

Not available in Texas or Iowa; available in 13 other Applicable States. Obtain a copy of your personal data in a portable and readily usable format.

5. Right to opt-out

Opt out of:

• Sale of your personal data.
• Processing of your personal data for targeted advertising.
• Profiling in furtherance of decisions that produce legal or similarly significant effects.

6. Right to non-discrimination

We will not discriminate against you for exercising any privacy rights, including by:

• Denying goods or services.
• Charging different prices or rates.
• Providing a different level or quality of goods or services.

b. How to exercise your rights

Submit a request to privacy@hunter.io.

Response timeline: within 45 days of receipt (may extend an additional 45 days where reasonably necessary).

To protect your privacy, we may verify your identity before fulfilling requests. Verification may require:

• Email address associated with your account.
• Account information.
• Recent transaction details.

If we decline to take action on your request, you have the right to appeal our decision by contacting us at privacy@hunter.io within 30 days. We will respond to your appeal within 45 days. If your appeal is denied, you may contact your state Attorney General.

c. Authorized agents

You may designate an authorized agent to submit privacy rights requests on your behalf by:

• Providing written authorization signed by you.
• Verifying your identity directly with us.
• Having the authorized agent verify their identity with us.

d. Universal opt-out preference signals

For residents of Texas, Colorado, Delaware, New Hampshire, New Jersey, Nebraska, Minnesota, Maryland, Montana, and Rhode Island, we recognize and honor browser-based universal opt-out preference signals, including Global Privacy Control (GPC), as valid requests to opt out of sale of personal data and processing for targeted advertising.

How to enable GPC:

1. Use a browser that supports GPC (for example, Firefox, Brave, or DuckDuckGo).
2. Enable the GPC setting in your browser preferences.
3. Visit Hunter.io with GPC enabled.

Note: If you use multiple browsers or devices, you must enable GPC on each.

Additional opt-out methods:

• Contact us at privacy@hunter.io.
• Use our Claims feature at https://hunter.io/claim.

e. Third-party disclosure lists

For Delaware, Maryland, Rhode Island, Minnesota, and Oregon residents, upon request, we will provide a list of specific third parties to whom we have disclosed your personal data in the preceding 12 months.

To request this information, please contact privacy@hunter.io.

f. Data protection assessments

We conduct and document data protection assessments for processing activities that present a heightened risk of harm to consumers, including:

• Processing personal data for targeted advertising.
• Sale of personal data (if applicable).
• Processing of sensitive personal data.
• Profiling in furtherance of decisions that produce legal or similarly significant effects.

These assessments evaluate:

• Benefits of processing to Hunter, consumers, and the public.
• Potential risks to consumer rights.
• Safeguards implemented to mitigate risks.
• Alternative processing methods considered.

We conduct these assessments before engaging in high-risk processing activities. Our data protection assessments are available to state attorneys general upon request in connection with an investigation.

g. Data minimization and purpose limitation

We limit our collection of personal data to what is adequate, relevant, and reasonably necessary for the purposes disclosed to you. We process personal data only for disclosed purposes or purposes reasonably necessary and compatible with disclosed purposes.

Secondary use: We will not process your personal data for purposes materially different from those disclosed without first obtaining your consent.

h. Sensitive personal data

Under applicable state privacy laws, certain categories of personal data are considered "sensitive" and require additional protections.

Sensitive data we process:

• Account login credentials combined with passwords (for authentication).
• Geolocation data (IP-based location within general vicinity).

Consent for sensitive data: We obtain your consent before processing sensitive personal data. You may withdraw consent at any time by contacting privacy@hunter.io.

AI processing and sensitive data protection: Our AI content filtering systems are designed to detect and prevent AI-generated outputs from inferring or revealing sensitive personal data.

• AI-generated content is analyzed for references to protected categories, including health conditions, political opinions, sexual orientation, religious beliefs, trade union membership, racial or ethnic origin, disability status, and other sensitive attributes.
• Content flagged as potentially revealing sensitive data is blocked before being presented to the User.
• Users are notified when content is filtered and provided with alternative suggestions.
• This filtering serves as a safeguard to prevent inadvertent disclosure of sensitive data through AI-generated communications.

Users should not intentionally input sensitive personal data into AI features. If you believe AI features have inappropriately processed sensitive data, contact privacy@hunter.io immediately.

i. Texas-specific notices

For Texas residents only: Hunter does not sell sensitive personal data as defined under Texas law. Hunter does not sell biometric data as defined under Texas law.

j. Oregon business registration

Hunter's business name as registered with the Oregon Secretary of State is: Hunter Web Services, Inc.

10. Securing your data

In the event of a security breach that affects your personal data, we will notify you and applicable regulatory authorities as required by law.

You can learn more about how we keep your data safe in our Security Policy: https://hunter.io/security-policy.

11. Children's Privacy

We do not knowingly collect personal data from children under 18 years of age. If you believe we have collected information from a child under 18, please contact us immediately at privacy@hunter.io and we will take steps to delete such information.

12. Additional notices for certain jurisdictions

a. EEA and UK

If you are a resident of the EEA or UK, you have the right to address your questions or concerns to the relevant data protection supervisory authority.

• If you are a resident of the EEA, you may contact the French supervisory authority, Commission Nationale de l'Informatique et des Libertés (CNIL).
• If you are a resident of the UK, you may contact the UK Information Commissioner's Office (ICO).

EU Representative

Name: Instant EU GDPR Representative Ltd
Address: Office 2, 12A Lower Main Street, Lucan Co. Dublin K78 X5P8, Ireland.
Email: contact@gdprlocal.com

UK Representative

Name: GDPR Local Ltd.
Address: 1st Floor Front Suite, 27-29 North Street, Brighton, England BN1 1EB.
Email: contact@gdprlocal.com

b. California

We have prepared additional disclosures and notices consistent with the California Consumer Privacy Act (CCPA). Our Privacy Notice for California Residents, the terms of which are incorporated by reference into this Privacy Policy, can be found here: https://hunter.io/privacy-policy/california.

c. Nevada

If you would like to request that we refrain from selling your Covered Information (as defined under Nevada law), please contact us at privacy@hunter.io.

Our registered address

Hunter Web Services, Inc.
2810 N Church St #50754
Wilmington, Delaware 19802-4447

---

Last updated: April 13, 2026