This Privacy Policy is a placeholder draft authored by the ClaimHunter team as a starting point for attorney review. It is not final legal content and must not be relied on as legal advice or as a binding agreement.
Before public launch, this draft will be replaced with attorney-reviewed content and the NEXT_PUBLIC_LEGAL_DOCS_FINALIZED=1 flag will be set to hide this banner.
Privacy Policy
ClaimHunter— Last updated: April 2026
1. Information We Collect
Plain-language summary: We collect only the information needed to help you find and file class action claims.
We collect the following types of information when you use ClaimHunter:
- Account Information: Email address, name, and authentication details when you create an account (directly or through a social login provider).
- Profile Information: Name, mailing address, phone number, date of birth, and last four digits of your Social Security number, which you may optionally provide to assist with claim filing.
- Usage Data: Pages visited, features used, lawsuits viewed, claims tracked, and interaction timestamps.
- Payment Information: Subscription plan details and billing history. Credit card information is processed and stored by Stripe and is never stored on our servers.
- Device Information: Browser type, operating system, IP address, and device identifiers collected automatically for security and analytics purposes.
2. How We Use Your Information
Plain-language summary: We use your data to provide the service, help you find settlements, and improve the platform. Nothing more.
We use the information we collect for the following purposes:
- To provide and maintain the ClaimHunter platform and its features
- To match you with class action settlements you may qualify for
- To pre-fill claim forms with your profile information when you choose to use the guided filing feature
- To process your subscription payments and manage your account
- To send you notifications about new settlements, deadline reminders, and claim status updates
- To improve our settlement matching algorithms and platform features
- To detect and prevent fraud, abuse, and security threats
- To comply with legal obligations
3. Data Encryption
Plain-language summary: All sensitive personal information is encrypted. We use industry-standard security measures to protect your data.
We take the protection of your personal information seriously. All personally identifiable information (PII), including your name, address, date of birth, and partial Social Security number, is encrypted at rest using industry-standard authenticated encryption (libsodium/AES-256). Data is encrypted in transit using TLS 1.3. Encryption keys are managed separately from encrypted data and are never stored alongside user records. Access to decrypted data is restricted to authorized operations only and is logged for audit purposes.
4. Third-Party Services
Plain-language summary: We use trusted third-party services for infrastructure, payments, and authentication.
ClaimHunter uses the following third-party service providers to operate the platform:
- Supabase: Database infrastructure, authentication, real-time features. SOC 2 Type II certified. See Supabase Privacy Policy.
- Stripe: Subscription payments and billing. PCI DSS Level 1 certified. Card data is sent directly to Stripe and is never stored on our servers. See Stripe Privacy Policy.
- Vercel: Web application hosting and CDN. See Vercel Privacy Policy.
- Anthropic (Claude): AI enrichment of settlement content (extraction of eligibility criteria and payout estimates from public notices). We send only the text of public settlement notices; we do not send your personal profile information to Anthropic. See Anthropic Privacy Policy.
- Resend: Transactional email delivery (account confirmations, deadline reminders, receipts). Resend receives your email address and message content only. See Resend Privacy Policy.
- Upstash: Rate-limiting infrastructure. Receives hashed IP / user identifiers only, never personal profile data.
- PostHog: Product analytics. Usage events are keyed to a pseudonymous user ID; we do not forward PII (name, address, DOB, SSN fragment).
- Sentry: Error tracking and performance monitoring. Stack traces and request metadata are sent when errors occur. PII scrubbing is enabled.
- Plaid: (Optional) Bank-account connection for refund / dispute preparation when you explicitly link an account. See Plaid Consumer Privacy Statement.
We do not sell your personal information to any third party. We do not share your information with third parties for their marketing purposes.
5. Data Retention
Plain-language summary: We keep your data as long as your account is active. You can request deletion at any time.
We retain your personal information for as long as your account is active or as needed to provide you with our services. If you request account deletion, we will delete your personal information within 30 days, except where we are required to retain certain information for legal, regulatory, or audit purposes (such as terms acceptance records and payment history). Usage data and analytics may be retained in anonymized form after account deletion.
6. Your Privacy Rights (CCPA)
Plain-language summary: You have the right to know what data we have about you, to get a copy of it, and to request its deletion.
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights regarding your personal information:
- Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the third parties with whom we share it.
- Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
- Right to Opt-Out: We do not sell personal information. If this changes, you will have the right to opt out of the sale of your personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
- Right to Data Portability: You may request a copy of your personal information in a portable, machine-readable format.
To exercise any of these rights, please contact us using the information in the Contact section below. We will respond to your request within 45 days.
7. Retention Schedule
Plain-language summary: Different types of data have different retention windows. Here's the full breakdown.
- Account & profile data: retained for the life of the account. Deleted within 30 days of account deletion except for records we are required to keep for legal, tax, or audit reasons.
- Encrypted PII (DOB, SSN last-4): retained only while the account is active. On deletion, encrypted ciphertext is overwritten and the encryption key rotated.
- Payment history: retained for seven (7) years to satisfy U.S. tax-record requirements, even after account deletion. Held by Stripe on our behalf.
- Claim-filing logs: retained for three (3) years to support dispute resolution with settlement administrators.
- Terms acceptance records: retained indefinitely (required to demonstrate consent).
- Usage analytics: retained up to 24 months in identifiable form, then anonymized.
- Security / audit logs: retained up to 18 months for incident investigation.
8. How to Delete Your Data
Plain-language summary: You can delete your account in settings. A copy is retained briefly for billing audit; the rest is erased within 30 days.
You may request deletion of your account at any time by visiting the Settings page and choosing "Delete my account," or by emailing support@claimhunter.comwith subject "Delete my data." Upon receipt of a verified deletion request:
- Within 24 hours — account is deactivated and removed from the product interface. All active sessions are signed out.
- Within 30 days — profile information, encrypted PII, and claim-tracking records are purged from production databases.
- Within 60 days — records propagate out of backups held by our infrastructure providers.
- Exceptions — payment history, terms acceptance records, and any data we are legally required to retain will be kept for the statutory period. These records are segregated and not used for any operational purpose after deletion.
You may also submit a structured request via our data-request form.
9. Breach Notification
In the unlikely event of a security incident that compromises your personal information, we will notify you by email within seventy-two (72) hours of our good-faith confirmation of the incident, consistent with state breach-notification statutes (including California Civil Code §1798.82, New York SHIELD Act, and Texas Business & Commerce Code §521.053). The notification will describe the scope of the incident, the categories of data affected, actions we are taking, and recommended steps you can take to protect yourself.
10. Children's Policy
Plain-language summary: This platform is not for anyone under 18. We do not knowingly collect data from minors.
ClaimHunter is not directed to children under the age of eighteen (18), and we do not knowingly collect personal information from minors. If you believe a minor has provided information to us, please contact support@claimhunter.com and we will delete the account and associated data within seven (7) days. Filing claims on behalf of a minor child through ClaimHunter is reserved for a future feature; the current platform does not support it.
11. International Users & GDPR
ClaimHunter is operated from the United States and is intended for U.S. residents. Users located in the European Economic Area, the United Kingdom, or other jurisdictions with comprehensive data-protection law who nonetheless access the platform may exercise the rights of access, rectification, erasure, restriction of processing, data portability, and objection to processing by contacting support@claimhunter.com. We do not rely on European establishment under the GDPR and do not currently offer the service to EEA/UK residents for the purpose of filing European-jurisdiction claims.
12. Contact
Plain-language summary: Reach out to us with any questions about your privacy or data.
If you have questions or concerns about this Privacy Policy, your personal information, or our data practices, please contact us at:
ClaimHunter
Email: support@claimhunter.com
Subject line: Privacy Inquiry
This privacy policy may be updated from time to time. We will notify you of material changes by posting the updated policy on this page. Continued use of the platform after changes constitutes acceptance of the revised privacy policy.