Security Policy • Hunter

We take the security of the data we manage very seriously. Here are some of the steps we take to ensure we keep this data safe.

Data Encryption

We systematically use HTTPS on hunter.io or any of Hunter’s subdomain. Any connection in HTTP gets redirected to it’s secured counterpart.
We have a strict and systematic HSTS policy with preload for all our subdomains. This ensures most clients (in particular browsers) will systematically connect using encrypted methods.
Backups are either encrypted themselves or on encrypted disks.

Datacenters selected to host Hunter’s services include 24/7 surveillance teams with fencing and strict security procedures.
Any data stored outside of a datacenter for off-site backups are stored on encrypted drives using state-of-the-art technologies.

A Web Application Firewall is set up to filter incoming requests trying to compromise the service.
A firewall is systematically used on Hunter’s servers to prevent access from non-approved IP addresses.
Critical admin interfaces are protected using at least double-authentication.
Our software infrastructure is regularly updated using automatic update mechanisms when possible.
End-to-end encrypted messaging systems are available to Hunter’s employees and contractors, and used for most communications.

Hunter doesn’t store any credit card information (except non-usable information to ease customer support, for example, the last four digits of the card).
The provider handling all the card details is certified as a PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry.

Hunter maintains an active Security Bounty Program and encourages researchers to find and report vulnerabilities of the application.