Privacy Policy

HuntSales ("we", "our", "us") is a B2B sales outreach platform operated by BizGrants Consulting Pte Ltd, headquartered in Singapore. We help sales teams discover prospects, run cold-email campaigns, and manage their pipeline. Our website is huntsales.io.

This Privacy Policy explains what personal data we collect - both from you (our customer) and about the business contacts you research - how we use it, who we share it with, and the rights you have under applicable law including the Singapore Personal Data Protection Act 2012 (PDPA), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) where applicable to your use.

From you as a customer

• Account data: name, work email, organisation name, job role, team size, industry, and how you found out about us. Collected during signup.
• Billing data: handled by Stripe. We never see or store full card numbers - only Stripe customer IDs, the last 4 digits, brand, and expiry. See Stripe's privacy policy at stripe.com/privacy.
• Connected mailbox credentials: if you connect a Gmail, Outlook, or SMTP mailbox, we store the credentials (OAuth tokens or SMTP passwords) encrypted at rest. Used only to send your campaign emails on your behalf.
• Usage data: pages visited, features used, errors encountered, IP address, browser type, device type, and timestamps. Used for product analytics + abuse prevention.
• Communications: support emails, chat messages, and feedback you send us.

About prospects (the people you search for)

• Contact data: name, work email, phone number, job title, company name, location, LinkedIn URL, and similar business-context fields. Compiled from public business records and customer contributions (see Total Database below).
• Engagement data on your sent emails: opens, clicks, replies, bounces, and unsubscribes. Used for campaign analytics. Tracking pixels and link-wrapping are described in the "Email tracking" section below.

• To provide the HuntSales service: signup, billing, search, sending, analytics.
• To improve the product: aggregated usage analysis, A/B testing, debugging.
• To prevent abuse: spam detection, sender-reputation monitoring, rate limiting.
• To communicate with you: transactional emails (account, billing, security), product updates, support replies.
• To comply with legal obligations: tax, audit, fraud prevention, valid law-enforcement requests.

We do not sell your personal data, your prospect data, or your sent-email content to any third party.

HuntSales maintains a shared verified-contacts pool called the "Total Database", which powers the "Vault" search mode inside our product. Contacts in this pool come from:

• Publicly available business records.
• Customer contributions, with consent. When you search, enrich, or import contacts in HuntSales, and you have the "Contribute to the shared verified-contacts pool" setting enabled in your organisation Settings, those records may be added to the Total Database to improve discovery for all customers.

This setting is enabled by default (a clear, transparent opt-in) and you can disable it at any time in Settings → Privacy. You can also request deletion of any record you contributed via our privacy portal - see "Your rights" below.

Individual customer records (your own contacts list, your campaign content, your sent-email logs) are never contributed to the Total Database and are never visible to other customers regardless of this setting. The Total Database contains only business-context contact data (name, work email, job title, company, location).

We do not resell the Total Database to third parties. Aggregated and de-identified statistics may be published (e.g. "average reply rate by industry") but never in a form that identifies any individual.

When you send a campaign email via HuntSales, we inject a small invisible image (a "tracking pixel") and wrap any links so we can show you opens and clicks. Recipients see a normal email; the pixel only fires when their email client loads images. Some clients (e.g. Apple Mail Privacy Protection) pre-load all images, which can make the open rate appear higher than the true engagement.

We also automatically append an unsubscribe link to every campaign email, as required by CAN-SPAM, CASL, GDPR, and PDPA. Recipients who unsubscribe are added to the suppression list and will not receive future campaign emails from your organisation.

• Account data: for as long as your account is active. Deleted within 90 days of account closure (some financial records retained per tax/audit requirements, typically 5 years under Singapore law).
• Contacts you import or claim from the Vault: retained while your account is active. Deleted when you delete the record or close your account.
• Email sends + engagement logs: retained for 24 months for analytics and compliance.
• Total Database records: retained while the record remains useful (typically 24+ months) and refreshed periodically. Individuals may request removal at any time via the opt-out below.
• Backups: rolling 30-day backups, encrypted, then purged.

Subject to applicable law (PDPA, GDPR, CCPA), you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion ("right to be forgotten" under GDPR; equivalent rights under PDPA / CCPA).
• Object to processing for direct marketing.
• Restrict processing in certain circumstances.
• Data portability - receive your data in a machine-readable format.
• Withdraw consent at any time, where processing is based on consent.

For prospects in our Total Database: if you are an individual whose business contact details appear in our database and you would like to be removed, please email hello@huntsales.io with the email address you would like removed. We will remove it within 30 days and confirm by reply.

For customers: exercise your rights from Settings → Privacy inside the app, or email us.

We use cookies that are strictly necessary for the service to function (authentication, security, preferences). We do not use third-party advertising or social-media cookies.

On our marketing pages we use a first-party analytics pixel that sets a first-party cookie and records pageviews, the page URL, referrer, any UTM campaign parameters, device and browser type, and IP address (used to derive approximate location). We use this to understand how our marketing and campaigns perform. We do not sell this data and we do not share it with third-party advertising networks.

The same first-party analytics is available to customers as our Website Visitors feature. If you add our tracking snippet to your own website, visits are recorded in your workspace, and a visitor only becomes "identified" when they submit a form with their email address (or you identify them). When you do this you are the data controller for those visitors and are responsible for your own cookie notice and for obtaining consent where the law requires it.

We use industry-standard security: TLS-encrypted transport, encrypted storage of credentials, Row-Level Security on multi-tenant data, two-factor authentication for administrative access, and regular security reviews. No system is perfect; in the event of a data breach we will notify affected customers without undue delay, in line with PDPA + GDPR obligations.

HuntSales is a B2B product not intended for use by anyone under 18. We do not knowingly collect data from minors.

We may update this Privacy Policy from time to time to reflect changes in our service, sub-processors, or applicable law. We will post the new version with an updated "Last updated" date and, for material changes, notify customers by email at least 30 days before the change takes effect.

Privacy questions or requests: hello@huntsales.io.

Postal: HuntSales, Singapore.