Security Policy

We take the security of the data we manage very seriously. Here are some of the steps we take to ensure we keep this data safe.

Data Encryption

  • We systematically use HTTPS on hunter.io or any of Hunter’s subdomain. Any connection in HTTP gets redirected to it’s secured counterpart.
  • We have a strict and systematic HSTS policy with preload for all our subdomains. This ensures most clients (in particular browsers) will systematically connect using encrypted methods.
  • Backups are either encrypted themselves or on encrypted disks.

Physical Security

  • Datacenters selected to host Hunter’s services include 24/7 surveillance teams with fencing and strict security procedures.
  • Any data stored outside of a datacenter for off-site backups are stored on encrypted drives using state-of-the-art technologies.

Software

  • A Web Application Firewall is set up to filter incoming requests trying to compromise the service.
  • A firewall is systematically used on Hunter’s servers to prevent access from non-approved IP addresses.
  • Critical admin interfaces are protected using at least double-authentication.
  • Our software infrastructure is regularly updated using automatic update mechanisms when possible.

Debit / Credit Card Information

  • Hunter doesn’t store any credit card information (except non-usable information to ease customer support, for example, the last four digits of the card).
  • The provider handling all the card details is certified as a PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry.

Security Probing

Hunter maintains an active Security Bounty Program and encourages researchers to find and report vulnerabilities of the application.

External Security Assessment

Google requires a yearly security assessment to ensure companies requesting access to Gmail accounts meet a high level of security. As the Hunter Campaigns need a Gmail access, we worked with Bishop Fox, who was selected by Google, for the assessment. Their audit included an application penetration test, an external penetration test of our external perimeter, and a cloud security review of our GCP environment.

You can download their 2022 Letter of Assessment for our company.