Privacy Policy

What we collect, how we use it, and what you can do about it. Short, specific, plain.

Last updated: 1 June 2026

Who we are

Hunts is a CRM for outbound sales, operated by Shaun Godinho (Pune, India), reachable at [email protected]. References to "we" / "us" / "Hunts" mean the same operator. This policy covers the Hunts product — the marketing landing at shaungodinho.com/hunts/ and the CRM app at shaungodinho.com/crm/.

What we collect

From operators (signed-in CRM users)

Google account info — your name, email address, and profile picture, retrieved when you sign in with Google.
Google Calendar data — when you connect Google Calendar, we read your freeBusy intervals to coordinate scheduling, and we create calendar events for meetings you book via Hunts. We do not read event titles, descriptions, or attendees of events we did not create.
Gmail message content — when you connect Gmail, we read messages between your inbox and your CRM contacts (sender / recipient match against your contacts table) within a rolling 90-day window. We index sender, recipient, subject, body (text + HTML), and metadata into your private gmail_messages table so that opening a contact in Hunts shows the email history with that person. Messages with people who are not in your CRM are not indexed.
Gmail outbound — when you compose and send an email from inside Hunts, we use the Gmail API to deliver it from your real Gmail address, then log the sent copy to the same contact-scoped index above.
CRM data you enter — contacts, accounts (companies), deals, tasks, activity log entries (call notes, meeting notes), pipeline stages, tags, saved views, and your preferences (theme, density, notification settings).
Subscription and billing state if you upgrade to a paid plan (see "Payments" below).

From contacts (people you add to your CRM)

Name, email, phone, company, title, LinkedIn URL — whatever you enter manually or import via CSV. Hunts has no public-facing form that collects contact data directly from end-prospects; everything is operator-entered or operator-imported.
When Gmail sync is enabled, contacts' email content from the rolling 90-day window described above is indexed against their record.

Automatic

Server logs via our hosting provider (Cloudflare Pages). Standard request metadata: IP, user agent, path, status code, timestamp. Retained per Cloudflare's defaults.
First-party session cookies for authentication state. No third-party tracking, no analytics, no advertising cookies.

How we use it

Run the CRM — show your contacts and deals, surface tasks, log activity. Standard CRM operation.
Display email history per contact — when you open a contact, Hunts shows past Gmail threads with that person so you don't have to switch tabs to your inbox. This requires Gmail read scope.
Send outbound email from your Gmail when you compose from inside Hunts. Required for the "Send via Gmail" feature.
Coordinate scheduling — Google Calendar busy/free reads prevent double-booking; event creation puts your Hunts-scheduled meetings on your calendar.
Bill paying customers via Razorpay (see "Payments" below).

We do not sell your data. We do not share it with anyone except the operational third parties listed below, and only to the minimum needed to operate the service. Hunts does not use any Google user data to train AI or machine-learning models, ever.

How we store it

Database: PostgreSQL on Supabase. Row-Level Security (RLS) policies ensure each operator can only read and write their own contacts, accounts, deals, tasks, activity, Gmail messages, and calendar events. A query as one operator cannot see another operator's rows even if the application code is buggy — the database enforces it.
Encryption at rest: Google refresh and access tokens are encrypted with AES-256-GCM before persistence. The encryption key lives only in the edge runtime, not in the database. A database snapshot without the key cannot recover Google tokens.
Encryption in transit: TLS 1.3 throughout. All endpoints reject non-HTTPS.
Retention: CRM records (contacts, deals, tasks, activity, Gmail message index) are retained until you delete your account or disconnect Gmail. Server logs follow Cloudflare's defaults (~30 days for raw HTTP logs).

Third parties

Hunts runs on top of these services. Each receives only the data needed to perform its function:

Supabase — database, authentication, edge functions. Supabase privacy policy.
Google — OAuth + Gmail API + Calendar API. Subject to Google's privacy policy and your Google account settings. You can revoke our access any time at myaccount.google.com/permissions or from Settings → Gmail Sync → Disconnect inside Hunts.
Resend — transactional email (account-level notifications). Resend privacy policy.
Cloudflare — DNS, CDN, static site hosting (Pages), email routing for the activity-logging address ([email protected]). Cloudflare privacy policy.
Razorpay — payment processing for paid plans only. Detail below.

We do not use any other third-party services on the Hunts surfaces. Specifically, we do not use Google Analytics, Facebook Pixel, or any other advertising or behavioural-tracking service.

The full subprocessor list with region, scope, and DPA links is on the subprocessors page. We notify paying customers at least 14 days before adding any new subprocessor.

Payments (Hunts paid plans)

If you upgrade Hunts to Pro or Team, payment is processed by Razorpay (Razorpay privacy policy). Razorpay handles card / UPI / netbanking data directly on their hosted checkout — we never see or store your full card number, CVV, UPI PIN, or bank credentials.

What we store from a successful payment, in our hunts_subscriptions and hunts_billing_events tables:

Razorpay's subscription ID and customer ID (opaque references)
Plan you subscribed to and seat count
Billing period start / end dates and current status (active, past_due, cancelled)
Audit log of every webhook Razorpay sends us about your subscription

We do not share payment information with anyone. Refunds and disputes are handled per the refund policy.

Google API user data — Limited Use Disclosure

Hunts's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

This applies in full to the restricted-scope use of Gmail data described below.

This section is the canonical disclosure of what Google user data Hunts accesses, which scopes are involved, what we do with that data, and — explicitly — what we will never do with it.

Scopes we request and why

openid, email, profile — sign-in only. Used at the moment of OAuth to identify your Google account and link your Hunts user to your Google identity. We persist your Google account email and display name on the connection row.

https://www.googleapis.com/auth/gmail.readonly (restricted) — used to index email threads between your Gmail inbox and the contacts in your Hunts CRM, on a rolling 90-day window. We read only messages where the sender or a recipient matches an email address in your contacts or contact_emails table. The body of each matched message (text + HTML), subject, sender, recipients, and metadata are stored in your private gmail_messages table so that opening a contact's drawer in Hunts shows the email history with that person without you having to switch to Gmail. We do not read messages with senders or recipients who aren't in your CRM. We do not read older than 90 days.

https://www.googleapis.com/auth/gmail.send (sensitive) — used when you compose an email from inside Hunts and click "Send via Gmail". We use the Gmail API to deliver that message from your real Gmail address, then log the sent copy into the same per-contact email index. No background sending; no automation; every send is operator-initiated from the Hunts UI.

https://www.googleapis.com/auth/calendar.events (sensitive) — used to create calendar events on your primary Google Calendar when you schedule a meeting from inside Hunts (e.g. via the booking flow). We do not modify or delete events we did not create.

https://www.googleapis.com/auth/calendar.readonly (sensitive) — used to read your freeBusy intervals so the booking flow doesn't propose times when you're already in a meeting. We read busy/free intervals, not event titles, descriptions, or attendees of events we did not create.

What we will never do with your Google data

We will never use it to train AI or machine-learning models. Not ours, not anyone else's. Your Gmail content and Calendar data is read at request time or indexed per-user for direct in-product display, and that's it.
We will never sell it, rent it, or share it with anyone for advertising or marketing.
We will never let a human (including the operator of Hunts) read it, except (a) you, the signed-in operator whose Gmail it is, or (b) where required by law or to investigate a specific security incident under a written break-glass procedure that is logged.
We will never transfer it to anyone except the operational subprocessors listed in the previous section (Supabase storage, Cloudflare hosting, Resend transactional email) — and even those see only what they need to operate.
We will never use Google data for any purpose other than providing or improving the user-facing features described above.

How to revoke our access or delete your Google data

From inside Hunts: Settings → Gmail Sync → Disconnect (or → Google Calendar → Disconnect). This revokes our OAuth tokens and purges your gmail_messages + gmail_threads rows within 7 days.
From Google directly: myaccount.google.com/permissions → "Hunts" → Remove access. This invalidates our tokens immediately; our background sync stops on the next tick (within minutes). Indexed messages already in your gmail_messages table remain until you also delete your Hunts account or click Disconnect inside Hunts.
Delete your Hunts account: email [email protected]. We purge your CRM data, Gmail message index, calendar metadata, and auth record within 7 days. Subprocessor logs (Resend / Cloudflare) follow their own retention windows.

Your rights

Access — request a copy of your data by emailing [email protected]. We'll respond within 30 days.
Disconnect Google services — anytime from the Hunts Settings panel. Removes our access tokens and stops calendar reads/writes and Gmail reads/sends.
Delete your account — email [email protected]. We'll purge your data within 7 days.
Correct your data — most fields (contact details, preferences, pipeline stages) are editable from the Hunts UI. For anything else, email us.

Cookies

We use first-party session cookies for authentication only. No advertising, no cross-site tracking, no third-party analytics cookies.

Security

TLS 1.3 in transit. AES-256-GCM at rest for Google refresh and access tokens. Row-Level Security on every operator-owned database table — a query as one operator cannot see another operator's rows. Per-IP rate limiting on public endpoints. Service-role keys (which bypass RLS) live only in server-side edge functions, never in browser code.

If you discover a vulnerability, please email [email protected]. We'll acknowledge within 48 hours.

Children

Hunts is not directed to children under 16. If you believe a child under 16 has provided us with personal information, email us and we'll delete it.

International transfers

Hunts is operated from India. Our database (Supabase) and most third-party providers operate primarily in the US and EU. By using Hunts you consent to your data being transferred to and processed in those jurisdictions.

Changes

When this policy changes materially, we'll update the "Last updated" date above and email signed-in operators at the address on file. Continued use after the change constitutes acceptance.

Contact

Anything not covered above — email [email protected]. Real human, real reply.