IntentHunter

Privacy Policy

Last updated: 2026-06-10

This Privacy Policy explains what data IntentHunter (“we”, “us”) collects when you use the service, how we use it, who we share it with, and the rights you have over it. IntentHunter is the data controller.

1. What we collect

Account information. When you sign up, we collect your email address, name (optional), browser timezone, and a password hash. If you sign in via OAuth, we receive the provider’s basic profile fields.

Project data. Anything you submit while setting up and managing projects: project name, website URL, product description, ICP description, tracked keywords, competitor names, alert preferences, score thresholds.

Integration credentials. OAuth tokens for Slack and Discord, bot identifiers for Telegram, webhook URLs, and the SHA-256 hashes of any MCP tokens you generate. We never store plaintext MCP tokens — the raw value is shown once at creation.

Generated signals. Threads we collect from public platforms (Reddit, Hacker News, X, YouTube, Bluesky, LinkedIn) that match your project, plus the scores, intent classifications, and AI-generated summaries we produce. We also store your status changes (saved, contacted, ignored).

Usage data. IP address, browser/device details, request timestamps, and basic event logs we use to debug and improve the service.

Billing data. Handled by Stripe. We receive billing email, subscription state, and an opaque customer identifier — not your full card details.

2. How we use it

We use this data to:

  • Run the service: scanning for signals, scoring them against your project, delivering alerts to the destinations you configure
  • Authenticate you and secure your account
  • Process payments and manage subscriptions
  • Send transactional and product email (password resets, billing receipts, scan-complete notifications)
  • Diagnose bugs, monitor uptime, and improve our scoring and product
  • Comply with our legal obligations

We do not sell your data, and we don’t use your project data or signals to train shared AI models.

3. Public platform content

IntentHunter monitors publicly available threads on third-party platforms (Reddit, Hacker News, X, YouTube, Bluesky, LinkedIn) via their public APIs or our crawlers. We respect platform terms and rate limits. We surface this public content back to you — we don’t share your data with those platforms in return.

4. Sub-processors

We share data with third parties strictly to run the service:

  • OpenAI — Receives the content of monitored threads (titles, bodies, URLs) together with your project description, ICP, and keywords so it can score relevance, classify intent, and generate summaries. OpenAI processes this under their API data-use terms; per their policy, API content is not used to train their models.
  • Stripe — Processes payments and stores card information directly. We don’t see your full card details.
  • Slack, Discord, Telegram — When you connect an integration, we send signal payloads (source, title, score, link, summary) to the channels/chats you authorize.
  • Email delivery provider — Sends transactional and digest emails on our behalf.
  • PostHog — Receives product analytics events such as page views, clicks, browser/device details, and signed-in user identifiers so we can understand acquisition, onboarding, and feature usage.
  • Hosting / infrastructure provider — Hosts the database and application servers.
  • Error monitoring — May receive sanitized error reports including request paths and stack traces.

We use commercially reasonable diligence to pick sub-processors with strong privacy and security practices.

5. Retention

  • Account and project data — Kept while your account is active. Deleted within 30 days of account deletion.
  • Generated signals — Retained for the life of the project unless you delete the project or signal.
  • MCP tokens — Only the SHA-256 hash is stored, indefinitely or until you revoke the token.
  • Billing records — Retained as long as required by tax and accounting law (typically 7 years).
  • Usage logs — Retained for up to 90 days, then aggregated or deleted.

6. Your rights

Depending on where you live (GDPR, CCPA, UK DPA, and similar laws apply), you can:

  • Access the data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent to optional processing at any time
  • Lodge a complaint with your local data protection authority

Most of these you can do directly from settings (delete account, revoke tokens, disconnect integrations). For anything else, email [email protected] and we’ll respond within 30 days.

7. Cookies

We use a small number of cookies to keep you signed in, remember your color-scheme preference, and protect against CSRF attacks. We don’t use third-party advertising cookies and don’t sell your activity to ad networks.

8. Security

We hash passwords, store sensitive credentials (OAuth tokens, webhook URLs, MCP tokens) encrypted or hashed, enforce TLS in transit, and limit internal access on a need-to-know basis. No system is perfectly secure — if you believe your account has been compromised, email us at [email protected] immediately.

9. International transfers

Our infrastructure and sub-processors may process your data outside the country you live in. Where required, we rely on standard contractual clauses or equivalent safeguards.

10. Children

IntentHunter is not directed at people under 18, and we do not knowingly collect data from anyone under 18.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced by email or a prominent notice on this page. The “Last updated” date at the top will always reflect the current version.

12. Contact

For privacy questions or requests, email [email protected].