We take the security of the data we manage very seriously. Here are some of the steps we take to ensure we keep this data safe.
- We systematically use HTTPS on hunter.io or any of Hunter’s subdomain. Any connection in HTTP gets redirected to it’s secured counterpart.
- We have a strict and systematic HSTS policy with preload for all our subdomains. This ensures most clients (in particular browsers) will systematically connect using encrypted methods.
- Backups are either encrypted themselves or on encrypted disks.
- Datacenters selected to host Hunter’s services include 24/7 surveillance teams with fencing and strict security procedures.
- Any data stored outside of a datacenter for off-site backups are stored on encrypted drives using state-of-the-art technologies.
- A Web Application Firewall is set up to filter incoming requests trying to compromise the service.
- A firewall is systematically used on Hunter’s servers to prevent access from non-approved IP addresses.
- Critical admin interfaces are protected using at least double-authentication.
- Our software infrastructure is regularly update using automatic update mechanisms when possible.
- End-to-end encrypted messaging systems are available to Hunter’s employees and contractors, and used for most communications.
Debit / Credit Card Information
- Hunter doesn’t store any credit card information (except non-usable information to ease customer support, for example, the last four digits of the card).
- The provider handling all the card details should be PCI Service Provider Level 1 certified, the most stringent level of certification available in the payments industry.
Hunter maintains an active
Security Bounty Program
and encourages researchers to find and report vulnerabilities of the application.