Security Policy

We take the security of the data we manage very seriously. Here are some of the steps we take to ensure we keep this data safe.

Data Encryption

  • We systematically use HTTPS on hunter.io or any of Hunter’s subdomain. Any connection in HTTP gets redirected to it’s secured counterpart.
  • We have a strict and systematic HSTS policy with preload for all our subdomains. This ensures most clients (in particular browsers) will systematically connect using encrypted methods.
  • Backups are either encrypted themselves or on encrypted disks.

Physical Security

  • Datacenters selected to host Hunter’s services include 24/7 surveillance teams with fencing and strict security procedures.
  • Any data stored outside of a datacenter for off-site backups are stored on encrypted drives using state-of-the-art technologies.

Software

  • A Web Application Firewall is set up to filter incoming requests trying to compromise the service.
  • A firewall is systematically used on Hunter’s servers to prevent access from non-approved IP addresses.
  • Critical admin interfaces are protected using at least double-authentication.
  • Our software infrastructure is regularly updated using automatic update mechanisms when possible.

Debit / Credit Card Information

  • Hunter doesn’t store any credit card information (except non-usable information to ease customer support, for example, the last four digits of the card).
  • The provider handling all the card details is certified as a PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry.

Security Probing

Hunter maintains an active Security Bounty Program and encourages researchers to find and report vulnerabilities of the application.

External Security Assessment

Google requires a yearly security assessment to ensure companies requesting access to Gmail accounts meet a high level of security. This audit is named Cloud Application Security Assessment (CASA).

CASA has built upon the industry-recognized standards of the OWASP's Application Security Verification Standard (ASVS) to provide a consistent set of requirements to harden security for any application. Further, CASA provides a uniform way to perform trusted assurance assessments of these requirements when such assessments are required for applications with potential access to sensitive data.

You can download our 2023 Letter of Assessment or read more about CASA on their official website.



Last updated: March 30, 2023