privacy

Privacy policy.

How Haunt handles account data, request data, submitted extraction content, billing data, and privacy requests.

Last updated: 3 June 2026.

Try demoGet free keyDocs

Trust route

Legal and privacy questions go to support@hauntapi.com. Security reports go there too.

These pages are plain-English operating terms, not a badge saying a lawyer has blessed every comma.

Who we are

Haunt API provides web extraction software at hauntapi.com. For account, privacy, legal, deletion, or security questions, contact support@hauntapi.com.

For account, billing, abuse-prevention, and security data, Haunt API acts as the controller. For content that customers submit to the API for extraction, Haunt usually acts as a processor on the customer's instructions.

What we collect

  • Account data: name, email address, password hash, API key hash, plan, account status, timestamps, and support history.
  • Request data: endpoint, timestamp, response status, latency, credit usage, error mode, redacted URL and prompt previews, and request trace metadata.
  • Submitted content: URLs, prompts, optional headers or cookies supplied by you, visible page content needed to perform the extraction, and extracted output returned to you.
  • Payment data: plan, checkout, invoice, subscription, refund, and payment status events from Stripe. Haunt does not store full card numbers.
  • Security and activation data: request IDs, rate-limit events, abuse signals, server logs, diagnostic data, and first-party activation events such as anonymous visitor/session IDs, section impressions, button clicks, copy actions, signup attempts, and page paths. Public-page funnel events can be disabled for a browser with ?haunt_ignore=1 and re-enabled with ?haunt_track=1.

How we use data

  • Provide the API, demo, docs, support, billing, quota enforcement, and account management.
  • Fetch permitted public or authorised pages and return structured extraction results.
  • Debug failures, classify blocked pages honestly, prevent abuse, and improve reliability.
  • Process payments, refunds, tax/accounting records, and plan access.
  • Comply with legal obligations and protect Haunt, customers, and third-party sites from misuse.

Lawful bases

Where UK GDPR or GDPR applies, we rely on contract performance to provide the service, legitimate interests for security, debugging, abuse prevention, service improvement, and business operations, legal obligation for tax/accounting and lawful requests, and consent where a separate consent-based feature is clearly offered.

Retention

Haunt processes the page, returns structured JSON, and does not retain fetched page content, customer prompts, or extracted results as scrape history by default.

Account and billing records are kept while the account is active and then as needed for legal, tax, fraud-prevention, and business records. Request logs, traces, redacted URL or prompt previews, and operational metadata are kept only as long as needed for support, debugging, abuse prevention, reliability, and billing evidence. We minimise or delete data when it no longer has an operational reason to exist.

If you ask for deletion, we will delete or anonymise data we no longer need. Some limited records may remain where required for security, fraud prevention, billing, tax, legal claims, or compliance.

Sharing and subprocessors

We do not sell customer data. We use subprocessors for hosting, payment processing, email/support, fonts, and model inference needed to operate the service. The current list is published at /subprocessors.

International transfers

Some providers may process data outside the UK or EEA. Where that happens, we rely on the safeguards offered by those providers, such as contractual protections, transfer terms, and security commitments. Customers with strict residency requirements should contact us before sending sensitive data.

Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. Email support@hauntapi.com. We may need to verify the account before acting on a request.

Customer responsibilities

Do not send Haunt API content you are not allowed to process. If you submit personal data from a web page, you are responsible for having the right lawful basis, notice, and permissions for your use case. Haunt does not make unlawful scraping magically lawful. Annoying, but true.

Related trust pages

Need the operational detail? Read the cookie policy, DPA, subprocessor list, or security posture.