Privacy Policy

Last Updated: July 15, 2025

Introduction: The Privacy Policy That Actually Protects You

Welcome to Pulse—where your health data gets better protection than most apps give their revenue streams.

While others bury their surveillance capitalism in 47 pages of legal gymnastics, we'll tell you straight: You pay us. We protect you. Revolutionary concept in 2025, apparently.

This Privacy Policy explains exactly what we do (and don't do) with your data. No asterisks. No "legitimate interests" loopholes. No pretending that selling your workout patterns to insurance companies is somehow for your benefit.

Summary: The TL;DR Other Apps Won't Give You

The Five Promises That Matter:

  1. We Don't Sell Your Data: Not to advertisers. Not to data brokers. Not to anyone. You're our customer, not our product.
  2. No Surveillance Advertising: We don't track you across the internet or build shadow profiles. We're too busy building features you actually want.
  3. Smart Sync by Default: Your data syncs to our servers to enable AI features and cross-device access. This is how the app works best. No surveillance, just functionality.
  4. You Control Everything: Delete your data? Actually deleted. Export it? Get everything, not just what's convenient for us.
  5. Real Support: Email us at hi@yourpulse.ai and get a human response. No chatbots pretending to care.

What This Policy Covers

This Privacy Policy applies to:

  • The Pulse iOS App: Your conversational health companion (US only)
  • Our Website: yourpulse.ai and associated domains
  • Support Interactions: When you need help or send feedback
  • Email Communications: If you choose to hear from us

Age Requirements

You must be at least 17 years old to use Pulse.

By using Pulse, you represent and warrant that you are at least 17 years of age. We do not knowingly collect personal information from anyone under 17. If we discover that someone under 17 has created an account, we will delete that account and all associated data immediately.

Why 17+? We believe calorie counting and detailed nutrition tracking require a level of maturity and relationship with food that's more appropriate for older teens and adults.

What We Collect (And Actually Need)

Information You Provide

Account Basics

  • What: Email address (only after you subscribe via Apple), name (if you share it)
  • Why: Account identification and cross-device sync
  • Where Stored: Local SQLite + cloud sync (this is how the app works)
  • Legal Basis: To fulfill our service agreement with you
  • Retention: Until account deletion
  • Note: Trial users get a random ID—we see your health data but don't know your identity

Health Entries

  • What: Meals, workouts, notes, physical metrics
  • Why: That's... literally what the app does
  • Where Stored: Local SQLite + cloud sync for AI processing
  • Legal Basis: To fulfill our service agreement with you
  • Retention: Until you delete them

Profile Information

  • What: Height, weight, DOB, biological sex, activity level
  • Why: Personalized coaching and calorie calculations
  • Where Stored: Local SQLite + cloud sync
  • Legal Basis: To fulfill our service agreement with you
  • Retention: Until account deletion

Conversation Data

  • What: Your chats with Pulse
  • Why: Natural language food logging and coaching
  • Where Stored: Local + cloud for AI processing
  • Legal Basis: To fulfill our service agreement with you
  • Retention: Auto-compressed after 20 messages, cleaned after 3 months inactive

Information Collected Automatically

Usage Analytics

  • What: Feature usage, screen views, session data
  • Why: Understanding which features actually help
  • Where: PostHog (anonymized)
  • Legal Basis: To improve our services
  • Retention: Aggregated indefinitely

Device Information

  • What: iOS version, device model, timezone, locale
  • Why: Compatibility, bug fixing, meal timing
  • Legal Basis: To improve our services
  • Retention: 90 days

Error Reports

  • What: Crash logs, error traces
  • Why: Fixing bugs before they ruin your day
  • Where: Sentry
  • Legal Basis: To improve our services
  • Retention: 30 days

Special Protection for Health Information

Your health data gets our highest level of protection:

  • Encryption: Health data is encrypted at rest and in transit using industry-standard AES-256 encryption
  • Access Control: Limited to essential personnel only, with all access logged and audited
  • Purpose Limitation: Never used for discriminatory purposes or actuarial analysis
  • No Insurance Sharing: Never shared with insurance companies, employers, or data brokers
  • Immediate Deletion: Health data deleted immediately upon account closure, no retention period

HIPAA Note: Pulse is not a covered entity under HIPAA as we are a direct-to-consumer wellness app. However, we protect your health information with industry-standard security measures that meet or exceed HIPAA technical safeguards.

What We DON'T Collect

  • Biometric Data: We do not collect biometric identifiers such as fingerprints, facial recognition data, or retina scans
  • Location Data: We don't track your location (your timezone isn't location data)
  • Contact Lists: We don't access your contacts
  • Photos: Unless you explicitly share them in chat
  • Other App Data: We don't snoop on what else is on your phone

How We Use Your Data (The Honest Version)

Here's the deal: Pulse works by syncing your data to our servers. This isn't some privacy theater where we pretend everything stays on your phone. The AI needs to see your conversations to understand "I had my usual breakfast." The pattern recognition needs your history to work. That's the product.

What happens with your data:

Local Storage:

  • Initial data entry and display
  • Offline access to your entries
  • Quick loading and responsive UI

Cloud Sync (This is where the magic happens):

  • Natural language understanding ("had chicken and rice" → detailed nutrition)
  • Semantic food search across 435k USDA foods
  • Pattern recognition ("your usual Tuesday workout")
  • Conversation memory and context
  • Cross-device access (iPhone to iPad)

What OpenAI Sees:

  • Your conversations (we never send your email or name)
  • Food descriptions for parsing
  • Health goals for coaching
  • Previous chat context for continuity
  • Note: If you type your name/email in chat, that's on you—PII stripping is on our roadmap

What We Promise:

  • We need your data to make the app work, but we don't exploit it
  • No selling to third parties
  • No advertising profiles
  • No "anonymized" data sales to insurance companies
  • Just a health app that actually helps

Who Handles Your Data (The Short List)

Unlike apps with 73 tracking partners, ours fits on a napkin:

Core Infrastructure:

  • Railway (USA) - Backend hosting
  • PostgreSQL - Database (our instance)
  • Redis (USA) - Real-time features
  • Apple (USA) - App distribution
  • Vercel (USA) - Website hosting (no analytics, just serving pages)

Intelligence Layer:

  • OpenAI (USA) - Natural language processing

Operations:

  • PostHog (USA) - Anonymous analytics (app)
  • Plausible (EU) - Privacy-first website analytics (no cookies, no tracking)
  • Sentry (USA) - Error tracking
  • Resend (USA) - Transactional emails
  • Supabase (USA) - Marketing email list storage (kept separate from your health data)

That's it. No Facebook Pixel. No Google Analytics tentacles. No data brokers buying your lunch history. We literally chose Plausible for our website because Google doesn't need to know you visited our blog.

Your Privacy Rights (With Actual Features)

Access Your Data

  • How: Email us at privacy@yourpulse.ai
  • What You Get: Complete export in JSON/CSV formats
  • Response Time: Within 48 hours (building in-app export soon)

Delete Your Data

  • In-App: Settings → Data & Privacy → Delete Account
  • What Happens: Complete removal within 24 hours
  • Subscription Note: Cancel separately in App Store

Correct Your Data

  • How: Edit directly in app or email support
  • Response Time: In-app instant, support same day

Control AI Features

  • How: You can't really turn off syncing—that's how the app works
  • Alternative: Don't want cloud sync? This honestly isn't the app for you

Opt Out of Emails

  • How: One-click unsubscribe in every email
  • What Happens: Instant removal

State-Specific Privacy Rights

Privacy laws are popping up faster than food delivery apps. Here are your rights by state:

California (CCPA/CPRA)

  • Right to know what personal information we collect
  • Right to delete personal information
  • Right to opt-out of sales (we don't sell data anyway)
  • Right to non-discrimination
  • Right to correct inaccurate information
  • Right to limit use of sensitive personal information

Other State Rights

Residents of these states have similar rights:

  • Virginia (VCDPA): Effective January 1, 2023
  • Colorado (CPA): Effective July 1, 2023
  • Connecticut (CTDPA): Effective July 1, 2023
  • Utah (UCPA): Effective December 31, 2023

To Exercise Your Rights: Email privacy@yourpulse.ai with your request and state of residence. We'll respond within 30 days (or faster, because we're not jerks).

Data Security (Beyond Theater)

Technical Measures:

  • TLS 1.3 encryption for all transmissions
  • AES-256 encryption for sensitive data at rest
  • Bcrypt password hashing (even though you use magic links)
  • API authentication tokens expire after 30 days
  • Zero-knowledge architecture for sensitive health data where possible

Operational Security:

  • It's just me with production access (benefit of being a team of one)
  • Database credentials stored securely, not in code
  • Security updates applied ASAP
  • If something goes wrong, I fix it immediately (no committees needed)
  • Regular backups because I'm not an idiot

What We DON'T Do:

  • Store payment info (Apple handles it)
  • Log raw AI responses with your data
  • Keep backups longer than 30 days
  • Pretend security through obscurity works
  • Use your data for machine learning training

Data Retention (No Hoarding)

Active Accounts:

  • Profile data: While account exists
  • Health entries: Until you delete them
  • Conversations: Compressed after 20 messages
  • Analytics: Anonymized immediately

Inactive Accounts:

  • 3+ months: Conversations cleaned
  • 6+ months: Embeddings removed
  • 12+ months: Account deletion warning
  • 18+ months: Automatic account deletion

After Deletion:

  • User data: Removed within 24 hours
  • Backups: Purged within 30 days
  • Analytics: Already anonymized
  • No "soft delete" nonsense—deleted means deleted

Contact Us (Humans Respond)

Privacy Questions: privacy@yourpulse.ai

General Support: hi@yourpulse.ai

Response Time: Within 24 hours

Mailing Address:
Pulse, Inc.
9901 Brodie Lane Ste 160 #1323
Austin, TX 78748
USA

The Bottom Line

We built Pulse because we were tired of health apps that treat your data like a commodity. You pay us directly, so we work for you—not advertisers, not data brokers, not insurance companies.

Your health journey is yours. We're just here to help you track it.

If this privacy policy actually made sense and didn't put you to sleep, that's intentional. Privacy policies should be readable by humans, not just lawyers.

Questions? Email privacy@yourpulse.ai

Last Updated: July 15, 2025
Effective Date: July 15, 2025
Version: 1.0