Security Policy

We take the security of the data we manage very seriously. Here are some of the steps we take to ensure we keep this data safe.

Data Encryption

  • We systematically use HTTPS on hunter.io or any of Hunter’s subdomain. Any connection in HTTP gets redirected to it’s secured counterpart.
  • We have a strict and systematic HSTS policy with preload for all our subdomains. This ensures most clients (in particular browsers) will systematically connect using encrypted methods.
  • Backups are either encrypted themselves or on encrypted disks.

Physical Security

  • Datacenters selected to host Hunter’s services include 24/7 surveillance teams with fencing and strict security procedures.
  • Any data stored outside of a datacenter for off-site backups are stored on encrypted drives using state-of-the-art technologies.

Software

  • A Web Application Firewall is set up to filter incoming requests trying to compromise the service.
  • A firewall is systematically used on Hunter’s servers to prevent access from non-approved IP addresses.
  • Critical admin interfaces are protected using at least double-authentication.
  • Our software infrastructure is regularly update using automatic update mechanisms when possible.
  • End-to-end encrypted messaging systems are available to Hunter’s employees and contractors, and used for most communications.

Debit / Credit Card Information

  • Hunter doesn’t store any credit card information (except non-usable information to ease customer support, for example, the last four digits of the card).
  • The provider handling all the card details should be PCI Service Provider Level 1 certified, the most stringent level of certification available in the payments industry.

Security Probing

  • Hunter maintains an active Security Bounty Program and encourages researchers to find and report vulnerabilities of the application.