HUNT processes account data (email, name, profile image from Google or GitHub sign-in), subscription status, and usage logs needed to run the service. Lawful bases: contract (providing the feed and Pro features) and legitimate interest (security, abuse prevention).
Discovery data (domain names, public homepage title and description, technology signals) is collected from Certificate Transparency logs and a single polite HTTP probe per site. We do not store payment card numbers (iyzico processes payments). We do not collect registrant WHOIS data. Homepage contact emails are not stored by default.
Data is retained in tiers: recent observations in our primary database (about six months), full history in analytics storage, and long-term archives in object storage. You may submit a data subject request while signed in (account deletion or removal of a domain from our index). We aim to complete requests within 30 days. Contact: privacy@hunt.example (replace before launch).
Sub-processors include hosting and infrastructure providers (e.g. Vercel, Hetzner, Cloudflare R2, Upstash, iyzico) necessary to operate the service. Our bot HUNT-Bot/0.1 fetches only the homepage and respects robots.txt.
You have rights of access, rectification, erasure, restriction, and portability under GDPR where applicable. EU users may lodge a complaint with their supervisory authority.