Privacy Policy

Last updated: 14 December 2025

1. Introduction

PulsePage ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website at pulsepage.app and our services (collectively, the "Service").

PulsePage is a product feedback and release management platform that helps businesses communicate product updates to their users.

Data Controller: PulsePage 41 Devonshire Street, London, W1G 7AJ, United Kingdom Email: support@pulsepage.app

For the purposes of the UK General Data Protection Regulation (UK GDPR), we are the data controller of your personal data.

2. Information We Collect

2.1 Information You Provide

Account Information:

Email address (required for authentication)
Name (if provided via OAuth)
Profile information from connected OAuth providers (GitHub, Google)

Product Data:

Product names and descriptions you create
Release notes and changelog content
Feature requests and feedback you submit
Roadmap items and status updates

Payment Information:

Billing details are processed securely by Stripe, our payment processor
We do not store complete credit card numbers on our servers

2.2 Information Collected Automatically

Usage Data:

Pages visited and features used
Time and date of access
Browser type and version
Device type and operating system
Referring website

Technical Data:

IP address (anonymised where possible)
Cookies and similar technologies (see Section 8)

2.3 Information from Third Parties

OAuth Providers: When you sign in using GitHub or Google, we receive your email address and basic profile information as authorised by you.

Your End Users: When visitors interact with your PulsePage product pages (voting on features, subscribing to updates), we collect their email addresses on your behalf.

3. How We Use Your Information

We process your personal data for the following purposes:

| Purpose | Lawful Basis | | ------------------------------------------------------------- | ----------------------------------------------------- | | Providing and maintaining the Service | Performance of contract | | Processing payments and subscriptions | Performance of contract | | Sending transactional emails (password resets, notifications) | Performance of contract | | Responding to support requests | Performance of contract | | Sending release notification emails to subscribers | Legitimate interests (your subscribers have opted in) | | Improving our Service and fixing bugs | Legitimate interests | | Analysing usage patterns with PostHog | Legitimate interests | | Preventing fraud and abuse | Legitimate interests | | Complying with legal obligations | Legal obligation | | Marketing communications (only with consent) | Consent |

Legitimate Interests: Where we rely on legitimate interests, we have conducted a balancing test to ensure your rights are not overridden. You may object to processing based on legitimate interests at any time.

4. Data Sharing and Third Parties

We share your personal data with the following categories of recipients:

4.1 Service Providers

| Provider | Purpose | Location | Safeguards | | ------------ | --------------------------- | -------------- | -------------------------- | | Supabase | Database and authentication | United States | UK-US Data Bridge, SOC 2 | | Stripe | Payment processing | United States | UK-US Data Bridge, PCI-DSS | | Resend | Transactional emails | United States | UK-US Data Bridge | | PostHog | Product analytics | European Union | EU servers | | Vercel | Website hosting | United States | UK-US Data Bridge |

4.2 Other Disclosures

We may disclose your information:

To comply with legal obligations or lawful requests from authorities
To protect our rights, privacy, safety, or property
In connection with a merger, acquisition, or sale of assets (you will be notified)

We never sell your personal data to third parties.

5. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom, including the United States where our infrastructure providers are located.

When we transfer data outside the UK, we ensure appropriate safeguards are in place:

UK-US Data Bridge: Our US-based providers (Supabase, Stripe, Vercel, Resend) participate in the UK Extension to the EU-US Data Privacy Framework
Standard Contractual Clauses: Where required, we use UK-approved SCCs
Adequacy Decisions: For transfers to adequate countries as determined by the UK government

6. Data Retention

We retain your personal data only for as long as necessary:

| Data Type | Retention Period | | ------------------------ | ------------------------------------------- | | Account data | Until you delete your account, plus 30 days | | Product and content data | Until you delete the product or account | | Payment records | 7 years (legal requirement) | | Server logs | 90 days | | Analytics data | 24 months | | Support communications | 3 years |

When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.

7. Your Rights

Under the UK GDPR, you have the following rights:

Right of Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time (where consent is the basis)
Rights Related to Automated Decision-Making: We do not use automated decision-making that significantly affects you

To exercise your rights: Email us at privacy@pulsepage.app with your request. We will respond within one month.

Right to Complain: If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF Website: ico.org.uk Telephone: 0303 123 1113

8. Cookies and Tracking

We use cookies and similar technologies to operate our Service.

8.1 Essential Cookies

Required for the Service to function:

Authentication session cookies
Security cookies (CSRF protection)

8.2 Analytics Cookies

Used to understand how you use our Service:

PostHog analytics (can be disabled)

8.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using the Service.

For detailed information, see our Cookie Policy at pulsepage.app/cookies.

9. Security

We implement appropriate technical and organisational measures to protect your personal data:

All data transmitted via HTTPS (TLS 1.3)
Data encrypted at rest using AES-256
Access controls and authentication via Supabase Auth
Regular security reviews
Webhook signature verification for integrations

While we strive to protect your data, no method of transmission over the internet is 100% secure.

10. Children's Privacy

Our Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.

11. Your Responsibilities as a Product Owner

When you use PulsePage to collect data from your end users (email subscribers, feature voters), you act as the data controller for that data, and we act as your data processor.

You are responsible for:

Having a lawful basis to collect your users' data
Providing your own privacy notice to your users
Responding to data subject requests from your users
Ensuring compliance with applicable data protection laws

We provide tools to help you:

Export subscriber data
Delete individual user data
Customise privacy policy links on your product pages

If you require a Data Processing Agreement (DPA), please contact us at privacy@pulsepage.app.

12. Changes to This Policy

We may update this Privacy Policy at any time. When we make changes, we will notify you by sending an email to your registered address.

Changes are effective immediately upon posting. The "Last updated" date at the top indicates when changes were made. Continued use of the Service after changes constitutes acceptance.

13. Contact Us

For questions about this Privacy Policy or to exercise your rights:

Email: privacy@pulsepage.app Address: 41 Devonshire Street,London, W1G 7AJ, United Kingdom

We aim to respond to all enquiries within 5 business days.

This Privacy Policy is governed by the laws of England and Wales.

Last updated: 14 December 2025

1. Introduction

PulsePage is a product feedback and release management platform that helps businesses communicate product updates to their users.

Data Controller: PulsePage 41 Devonshire Street, London, W1G 7AJ, United Kingdom Email: support@pulsepage.app

For the purposes of the UK General Data Protection Regulation (UK GDPR), we are the data controller of your personal data.

2. Information We Collect

2.1 Information You Provide

Account Information:

Email address (required for authentication)
Name (if provided via OAuth)
Profile information from connected OAuth providers (GitHub, Google)

Product Data:

Product names and descriptions you create
Release notes and changelog content
Feature requests and feedback you submit
Roadmap items and status updates

Payment Information:

Billing details are processed securely by Stripe, our payment processor
We do not store complete credit card numbers on our servers

2.2 Information Collected Automatically

Usage Data:

Pages visited and features used
Time and date of access
Browser type and version
Device type and operating system
Referring website

Technical Data:

IP address (anonymised where possible)
Cookies and similar technologies (see Section 8)

2.3 Information from Third Parties

OAuth Providers: When you sign in using GitHub or Google, we receive your email address and basic profile information as authorised by you.

Your End Users: When visitors interact with your PulsePage product pages (voting on features, subscribing to updates), we collect their email addresses on your behalf.

3. How We Use Your Information

We process your personal data for the following purposes:

4. Data Sharing and Third Parties

We share your personal data with the following categories of recipients:

4.1 Service Providers

4.2 Other Disclosures

We may disclose your information:

To comply with legal obligations or lawful requests from authorities
To protect our rights, privacy, safety, or property
In connection with a merger, acquisition, or sale of assets (you will be notified)

We never sell your personal data to third parties.

5. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom, including the United States where our infrastructure providers are located.

When we transfer data outside the UK, we ensure appropriate safeguards are in place:

UK-US Data Bridge: Our US-based providers (Supabase, Stripe, Vercel, Resend) participate in the UK Extension to the EU-US Data Privacy Framework
Standard Contractual Clauses: Where required, we use UK-approved SCCs
Adequacy Decisions: For transfers to adequate countries as determined by the UK government

6. Data Retention

We retain your personal data only for as long as necessary:

When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.

7. Your Rights

Under the UK GDPR, you have the following rights:

Right of Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time (where consent is the basis)
Rights Related to Automated Decision-Making: We do not use automated decision-making that significantly affects you

To exercise your rights: Email us at privacy@pulsepage.app with your request. We will respond within one month.

Right to Complain: If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF Website: ico.org.uk Telephone: 0303 123 1113

8. Cookies and Tracking

We use cookies and similar technologies to operate our Service.

8.1 Essential Cookies

Required for the Service to function:

Authentication session cookies
Security cookies (CSRF protection)

8.2 Analytics Cookies

Used to understand how you use our Service:

PostHog analytics (can be disabled)

8.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using the Service.

For detailed information, see our Cookie Policy at pulsepage.app/cookies.

9. Security

We implement appropriate technical and organisational measures to protect your personal data:

All data transmitted via HTTPS (TLS 1.3)
Data encrypted at rest using AES-256
Access controls and authentication via Supabase Auth
Regular security reviews
Webhook signature verification for integrations

While we strive to protect your data, no method of transmission over the internet is 100% secure.

10. Children's Privacy

11. Your Responsibilities as a Product Owner

When you use PulsePage to collect data from your end users (email subscribers, feature voters), you act as the data controller for that data, and we act as your data processor.

You are responsible for:

Having a lawful basis to collect your users' data
Providing your own privacy notice to your users
Responding to data subject requests from your users
Ensuring compliance with applicable data protection laws

We provide tools to help you:

Export subscriber data
Delete individual user data
Customise privacy policy links on your product pages

If you require a Data Processing Agreement (DPA), please contact us at privacy@pulsepage.app.

12. Changes to This Policy

We may update this Privacy Policy at any time. When we make changes, we will notify you by sending an email to your registered address.

Changes are effective immediately upon posting. The "Last updated" date at the top indicates when changes were made. Continued use of the Service after changes constitutes acceptance.

13. Contact Us

For questions about this Privacy Policy or to exercise your rights:

Email: privacy@pulsepage.app Address: 41 Devonshire Street,London, W1G 7AJ, United Kingdom

We aim to respond to all enquiries within 5 business days.

This Privacy Policy is governed by the laws of England and Wales.

1. Introduction

2. Information We Collect

2.1 Information You Provide

2.2 Information Collected Automatically

2.3 Information from Third Parties

3. How We Use Your Information

4. Data Sharing and Third Parties

4.1 Service Providers

4.2 Other Disclosures

5. International Data Transfers

6. Data Retention

7. Your Rights

8. Cookies and Tracking

8.1 Essential Cookies

8.2 Analytics Cookies

8.3 Managing Cookies

9. Security

10. Children's Privacy

11. Your Responsibilities as a Product Owner

12. Changes to This Policy

13. Contact Us

Related Documents

Privacy Policy

1. Introduction

2. Information We Collect

2.1 Information You Provide

2.2 Information Collected Automatically

2.3 Information from Third Parties

3. How We Use Your Information

4. Data Sharing and Third Parties

4.1 Service Providers

4.2 Other Disclosures

5. International Data Transfers

6. Data Retention

7. Your Rights

8. Cookies and Tracking

8.1 Essential Cookies

8.2 Analytics Cookies

8.3 Managing Cookies

9. Security

10. Children's Privacy

11. Your Responsibilities as a Product Owner

12. Changes to This Policy

13. Contact Us

Related Documents