Data and Compliance

Last updated: 2026-01-25

1. Scope

This document covers:

• What data we collect and process

• Which data sources we use and do not use

• How we prevent unauthorized access to third‑party data

• How we reduce misuse risks (spam, automation abuse, scraping, etc.)

• Security, retention, and user controls

• How to contact us for compliance requests

If this document conflicts with your signed agreement with us, the signed agreement controls.

2. Product purpose

HuntingAlice is a B2B research and prospecting assistant. It helps users:

• Discover relevant public links based on user‑provided search criteria

• Summarize and structure information for research and sales qualification

• Provide source links so users can verify information

HuntingAlice is not an outreach automation tool and does not perform actions on third‑party platforms (for example: likes, follows, comments, connection requests, posts, or message sending).

3. Data sources

3.1 Public web sources (open web)

HuntingAlice may use search results and publicly available webpages to identify relevant links and generate summaries. We treat “public web” as content that is accessible without:

• Logging into an account

• Using credentials or session cookies

• Bypassing access controls, paywalls, or technical restrictions

We may reference or link to sources such as:

• Official company websites and press pages

• Public news pages and public announcements

• Public GitHub/engineering documentation pages

• Public registries and public filings (where available)

3.2 User‑provided inputs

Users may provide:

• Search criteria (industry, role, region, keywords)

• Company names and domains

• URLs (including professional profile URLs) for user‑directed review or summarization

We treat these inputs as user‑initiated.

3.3 Sources we do not use

We do not:

• Scrape or crawl private or access‑controlled pages

• Bypass login walls, paywalls, CAPTCHAs, robots restrictions, or rate limits

• Use credential stuffing, session hijacking, or browser automation to access restricted third‑party data

• Collect or store images, profile photos, or media files from third‑party sites as part of enrichment (we store URLs and text-based summaries only, unless otherwise stated)

4. Third‑party platform compliance principles

We design our product around the following principles:

1

No unauthorized access

We do not attempt to access data that belongs to a third party and is not publicly accessible or not provided directly by the user.

2

No social engagement automation

We do not automate actions that increase or optimize engagement on social platforms (posts, likes, follows, comments, views, reviews).

3

Respect access controls

We do not circumvent technical restrictions, and we expect users to use the product in ways consistent with the terms of the services they use.

4

Minimize data

We collect and store the minimum needed to deliver the service and provide auditability.

5. LinkedIn and professional profile URLs

HuntingAlice may discover or accept professional profile URLs as links. Our compliance position is:

• We do not scrape LinkedIn profile pages for structured profile fields.

• We do not use credentialed sessions to extract profile data.

• We do not bypass LinkedIn access controls.

• We do not claim to provide “download your leads from LinkedIn” or “export LinkedIn contacts.”

If we integrate with official partner APIs or paid APIs in the future, we will do so only where permitted and will update documentation accordingly.

6. Google Search and similar services

When using search-based discovery, we rely on compliant search interfaces and return:

• URLs and titles/snippets (as available from the search provider)

• Text-based analysis and summaries that reference the source URLs

We do not represent search services as a method to circumvent third‑party data access restrictions.

7. Data we store

Depending on user actions and enabled features, we may store:

7.1 Account & billing

• User account identifiers (e.g., UID)

• Workspace identifiers

• Subscription and billing metadata (e.g., plan, transaction IDs, invoices) via payment provider webhooks

• Credit ledger entries (for auditing and fraud prevention)

7.2 Research outputs

• Discovered URLs

• Text-based summaries and extracted notes generated by the system

• Tags, classifications, and relevance scores

• User notes, saved lists, and internal labels

7.3 Security & operational data

• Audit logs for authentication and critical actions

• Abuse prevention signals (for example: rate limiting counters)

• Event logs for debugging and reliability

We do not intentionally store third‑party media files (images/videos) as part of enrichment unless a specific feature explicitly requires it and is documented.

8. Data we do not store or process (by design)

• Third‑party passwords or login credentials

• Browser cookies for accessing third‑party platforms

• Session tokens for third‑party sites

• Any tooling intended to bypass paywalls or access controls

• Automated engagement activity (likes/follows/comments/posts) on social networks

9. User responsibilities and acceptable use

Users must:

• Have a lawful basis to process personal data and to contact prospects

• Use outputs as research assistance, not as a substitute for compliance with local laws (GDPR/CCPA, anti-spam rules, etc.)

• Avoid using HuntingAlice to harass individuals, send spam, or violate platform terms

Prohibited uses (non-exhaustive)

• Using HuntingAlice to access or attempt to access restricted third‑party data

• Using HuntingAlice for automated social media engagement or reputation manipulation

• Using HuntingAlice to generate or distribute spam, phishing, or deceptive outreach

• Using HuntingAlice to build “shadow profiles” of individuals for sensitive targeting

We may suspend accounts associated with prohibited use or abusive behavior.

10. Security controls

We implement layered security controls including, where applicable:

• Authentication and session security

• Rate limiting and abuse detection

• Tenant isolation (workspace scoping and access controls)

• Server-side enforcement for critical actions (billing, credit deductions, agent execution)

• Audit logging for sensitive actions

We follow the principle of least privilege for service accounts and infrastructure access.

11. Data retention

We retain data only as long as necessary to:

• Provide the service and user features (saved research, workspaces)

• Maintain accounting and billing records

• Detect abuse and maintain security logs

Retention periods may vary by data type. Users may request deletion as described below, subject to legal and contractual obligations.

12. Deletion, correction, and access requests

If you are a customer and want to:

• Export your workspace data

• Delete your account/workspace

• Correct inaccurate information you provided

• Report content that should be removed from your workspace

Contact us using the details in the “Contact” section. We will respond within a reasonable timeframe consistent with applicable law and our contractual obligations.

13. Subprocessors and vendors

We use third‑party service providers for infrastructure and operations (for example: hosting, logging, and payment processing). Subprocessors may change over time. Where required, we will provide a list of current subprocessors upon request.

14. Incident response

We maintain processes to detect, respond to, and remediate security incidents. If a confirmed incident affects customer data, we will notify impacted customers consistent with applicable law and contractual obligations.

15. Contact

For compliance, security, or data requests, contact:

• Email: support@huntingalice.com

• Subject line suggestion: “Data & Compliance Request”

Please include:

• Workspace or account identifier

• A clear description of the request

• Relevant URLs or transaction IDs (if applicable)