EPC Hunt is operated as a sole-trader business based in the United Kingdom. Contact: hello@epchunt.com.
Account data: name, email, profile image (from Google sign-in).
Usage data: searches you run, properties you save, exports you download, IP address, user-agent.
Billing data: handled by Polar.sh (our Merchant of Record) — we never see your full card details. Polar handles the card data, charges your card, and remits VAT.
We do NOT use third-party advertising trackers.
To run the service (authenticate you, deliver search results, process exports).
To communicate operationally (account notices, billing receipts, security alerts).
To improve the product (aggregated, de-identified usage analytics).
Property data on this platform comes from the UK EPC Register and HM Land Registry INSPIRE polygons. Both are public datasets published under the Open Government Licence v3.0.
EPC Hunt surfaces property addresses and energy-rating data only. No personal proprietor data, owner contact information, or other personal data is surfaced through the product.
Application data: Cloudflare Workers (UK/EU edge) and Neon Postgres (eu-west-2, London).
Authentication: Better Auth running on our infrastructure.
Sub-processors: Cloudflare (Workers + AI Gateway, US/UK edge), Neon (Postgres, eu-west-2 London), Polar.sh (billing, Merchant of Record), Resend (transactional email delivery — billing receipts and account notices only), Google (sign-in only).
Account data: kept while your account is active and for 30 days after deletion (recovery window), then erased.
Usage logs: 90 days, then aggregated.
Billing records: 7 years (HMRC requirement).
You can request access, correction, deletion, or export of your personal data at any time. Email hello@epchunt.com — we respond within 30 days.
You can complain to the UK Information Commissioner’s Office (https://ico.org.uk) if you believe we have mishandled your data.
We use one cookie: the session cookie that keeps you signed in. It is HttpOnly, Secure, SameSite=Lax, and expires after 7 days of inactivity. We do not use marketing cookies.
Material changes are notified by email 14 days in advance. The latest version always lives at /privacy with a "last updated" date.