Legal

Privacy Policy

Effective date: April 8, 2026 · PulseChek LLC

This Privacy Policy explains how PulseChek LLC ("PulseChek," "we," "us," or "our") collects, uses, and protects information when you use the PulseChek platform. By using the Service, you agree to the practices described in this policy.
The short version: We collect only what we need to run the Service. We never sell your data. We never collect request bodies, passwords, payment card numbers, or personal data belonging to your end users. Our SDK captures performance metrics only — response times, status codes, and query counts.

1. What We Collect

We collect the minimum information necessary to provide the Service.

Account information. When you register, we collect your name, email address, and password (stored as a secure hash managed by Supabase Auth). We do not store plaintext passwords.

Billing information. Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other sensitive financial data. We receive only a tokenized reference from Stripe sufficient to manage your subscription.

Performance metrics. When you install the PulseChek SDK in your application, it collects and transmits the following data points per HTTP request:

  • HTTP method (e.g., GET, POST)
  • Request path (e.g., /api/users)
  • HTTP status code (e.g., 200, 404, 500)
  • Response latency in milliseconds
  • Number of database queries made during the request
  • Total database query latency in milliseconds
  • Count of external HTTP calls made during the request
  • Timestamp of the request
  • Your project ID

Usage data. We may collect information about how you interact with the dashboard, such as pages visited and features used, to improve the Service.

Communications. If you contact us by email, we retain that correspondence to respond to your inquiry and improve our support.

2. What We Do Not Collect

We are explicit about what the SDK does not collect, because we believe you deserve to know exactly what leaves your application:

  • Request bodies. We never capture the body of any HTTP request or response. Form submissions, API payloads, and file uploads are not transmitted to us.
  • Query parameters or headers. We do not capture URL query strings, request headers, cookies, or session tokens.
  • End-user personal data. We do not collect names, email addresses, IP addresses, device identifiers, or any other data belonging to your application's end users.
  • Database query content. We capture the count and duration of database queries, but never the SQL statements, query parameters, or results.
  • Passwords or credentials. We never collect authentication credentials of any kind.
  • Payment card data. All payment processing is handled by Stripe outside of our infrastructure.

If you believe the SDK may be collecting data beyond what is described here, please contact us immediately at legal@pulsechek.io.

3. How We Use Your Information

We use the information we collect solely to provide and improve the Service:

  • To create and manage your account
  • To process payments and manage your subscription
  • To generate AI-powered performance summaries and deliver them to your configured email address
  • To display performance data in the dashboard
  • To detect anomalies and generate threshold alerts
  • To send transactional emails (account confirmations, password resets, billing notices)
  • To respond to your support inquiries
  • To improve and develop the Service
  • To comply with legal obligations

We do not use your data for advertising purposes. We do not build advertising profiles. We do not sell, rent, or trade your data to third parties for their marketing purposes.

4. How We Share Your Information

We do not sell your personal information. We share data only in the following limited circumstances:

Service providers. We share data with trusted third-party vendors who process it on our behalf to provide the Service:

  • Supabase — database storage and authentication
  • Anthropic — AI processing for performance summaries (performance metrics only, no personal data)
  • Resend — transactional email delivery
  • Stripe — payment processing

Each of these providers is contractually obligated to protect your data and use it only for the purpose of providing their services to us.

Legal requirements. We may disclose information if required by law, court order, or government request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of PulseChek, our users, or the public.

Business transfers. If PulseChek is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.

With your consent. We may share data with third parties when you have given us explicit permission to do so.

5. Data Retention

We retain your account information for as long as your account is active. Performance metric data is retained according to your plan's data retention limit (30 days for Solo, 90 days for Team, 12 months for Agency).

When you delete your account, we will delete your personal information and performance data within 30 days, except where we are required by law to retain it longer or where it is needed to resolve disputes or enforce agreements.

Anonymized or aggregated data that cannot be used to identify you may be retained indefinitely for analytics and service improvement purposes.

6. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • All data is encrypted in transit using TLS
  • Data at rest is encrypted by our database provider (Supabase)
  • API keys are stored as SHA-256 hashes — the plaintext key is shown only once at creation and never stored
  • Passwords are managed by Supabase Auth and never stored in plaintext
  • Access to production systems is restricted to authorized personnel only
  • Row-level security policies are enforced at the database layer

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. If you become aware of a security issue, please contact us at legal@pulsechek.io immediately.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data:

  • Access. You may request a copy of the personal data we hold about you.
  • Correction. You may update your account information at any time through account settings.
  • Deletion. You may request deletion of your account and associated data by contacting us at legal@pulsechek.io.
  • Portability. You may request an export of your performance data in a machine-readable format.
  • Opt-out of communications. You may unsubscribe from non-essential emails at any time using the unsubscribe link included in those emails. Note that transactional emails (billing, security alerts) cannot be opted out of while your account is active.

To exercise any of these rights, contact us at legal@pulsechek.io. We will respond within 30 days.

8. Cookies and Tracking

The PulseChek dashboard uses session cookies for authentication purposes. These cookies are essential for the Service to function and cannot be disabled.

We do not use third-party advertising cookies or cross-site tracking cookies. We do not participate in behavioral advertising networks.

Our landing page may use minimal analytics to understand aggregate traffic patterns. This data is not linked to individual identities and is not shared with advertisers.

9. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete it promptly.

If you believe we may have inadvertently collected information from a child under 13, please contact us at legal@pulsechek.io.

10. International Data Transfers

PulseChek is based in the United States. If you access the Service from outside the United States, your data may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

By using the Service, you consent to the transfer of your data to the United States. We take steps to ensure that any such transfers comply with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at the address associated with your account and update the effective date at the top of this page.

Your continued use of the Service after the updated policy becomes effective constitutes your acceptance of the changes. We encourage you to review this policy periodically.

12. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

PulseChek LLC
legal@pulsechek.io

We will respond to all legitimate inquiries within 30 days.