Privacy Policy — Pulseen

The short version: Pulseen is desktop-first software. Your business data — customers, jobs, invoices, financials — is stored locally on your machine and encrypted with AES-256. We never sell your data. We never will.

1. Introduction

Pulseen ("we," "our," or "us") operates the Pulseen desktop application and related services. This Privacy Policy explains how we collect, use, and protect your information when you use our software.

By using Pulseen, you agree to the practices described in this policy. If you do not agree, please do not use our software.

2. Data Storage — Local First

Pulseen is designed as desktop-first software. The following data is stored locally on your machine and never transmitted to our servers:

Customer records (names, contact info, addresses, service history)
Job and scheduling data
Estimates and invoices
Technician profiles and assignments
AI-generated business insights
Audit logs and activity history
Company settings and preferences

Your local database is protected by AES-256-GCM encryption at rest. Sensitive fields — including customer emails, phone numbers, addresses, and payment identifiers — are individually encrypted using authenticated encryption with unique initialization vectors per record.

3. Information We Collect

3.1 Account Information

When you create a Pulseen account, we collect:

Company name and contact information
Owner name and email address
Password (stored as a bcrypt hash — we never store plaintext passwords)

3.2 Payment Information

Subscription payments are processed by Stripe, a PCI-DSS Level 1 certified payment processor. We do not store your full credit card number, CVC, or bank account details. Stripe provides us with:

A tokenized payment reference (Stripe Customer ID)
Last four digits of your card (for display purposes only)
Billing address
Transaction history

For customer payments you collect through Pulseen (invoicing), those transactions are also processed by Stripe under your own connected Stripe account.

3.3 Usage Analytics

We may collect anonymized, aggregated usage data to improve the product, such as:

Feature usage frequency (which tabs are used most)
Error reports and crash logs
Application version and operating system

This data is never tied to individual customer records and cannot be used to identify your clients.

4. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Pulseen software
Process your subscription payments via Stripe
Send transactional emails (account confirmation, billing receipts, critical updates)
Provide customer support when you reach out to us
Detect and prevent fraud or abuse

5. We Never Sell Your Data

We do not sell, rent, trade, or otherwise share your personal information or business data with third parties for marketing purposes. Period. This applies to your data, your customers' data, and any data generated through your use of Pulseen.

6. Data Sharing

We share data only in these limited circumstances:

Stripe: Payment data necessary to process transactions
Legal requirements: When required by law, subpoena, or court order
Safety: To protect the rights, safety, or property of Pulseen, our users, or the public

7. Data Security

We take security seriously. Our measures include:

AES-256-GCM encryption for sensitive data fields at rest
Bcrypt password hashing with per-user salts
JWT authentication with configurable expiration
Rate limiting on authentication endpoints (5 attempts per 15 minutes)
Input sanitization to prevent XSS and injection attacks
Audit logging of all data access and modifications
HTTPS/TLS for any network communication
Security headers via Helmet (HSTS, CSP, X-Frame-Options)

8. Your Rights

8.1 GDPR Rights (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the right to:

Access — Request a copy of the personal data we hold about you
Rectification — Correct inaccurate personal data
Erasure — Request deletion of your personal data ("right to be forgotten")
Portability — Receive your data in a structured, machine-readable format
Restriction — Request we limit processing of your data
Objection — Object to processing based on legitimate interests

8.2 CCPA Rights (California Residents)

Under the California Consumer Privacy Act, you have the right to:

Know what personal information we collect and how it is used
Delete your personal information
Opt-out of the sale of personal information (we do not sell your data)
Non-discrimination for exercising your privacy rights

8.3 Exercising Your Rights

Since your business data is stored locally on your machine, you already have full control over it. You can export, modify, or delete your data at any time directly within the application.

For requests related to account data we hold (email, billing information), contact us at privacy@pulseen.io. We will respond within 30 days.

9. Data Retention

Your local business data persists as long as you choose to keep it on your machine. If you uninstall Pulseen, your data remains in the local database unless you explicitly delete it.

Account and billing data we hold is retained for the duration of your subscription plus 90 days, after which it is permanently deleted. Audit logs are automatically rotated after 90 days.

10. Children's Privacy

Pulseen is business software designed for adults. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, contact us at privacy@pulseen.io.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Continued use of Pulseen after changes constitutes acceptance.

12. Contact

For privacy-related questions, requests, or concerns:

Email: privacy@pulseen.io
Website: pulseen.io