π Welcome to DataPulse Privacy
We believe privacy should be simple to understand. This policy explains exactly how DataPulse works, what data we collect, and your rights - in plain English.
Quick Facts:
β
We don't sell your data to anyone
β
You control what data is collected
β
Website visitors can opt-out anytime
β
We comply with GDPR, CCPA, and international privacy laws
1. Who We Are and How DataPulse Works
DataPulse is a privacy-focused website analytics service that sends push notifications to your phone when important events happen on your website - like signups, purchases, or high traffic spikes.
Here's the key thing to understand: When you use DataPulse on your website, you are in control of the data collection. We simply process the data on your behalf to provide analytics and notifications.
π― You (Website Owner)
Data Controller - You decide what to collect and are responsible for privacy compliance
βοΈ DataPulse
Data Processor - We process data according to your instructions and help with compliance
2. What Data We Collect (The Complete Picture)
Transparency is key - here's exactly what data DataPulse collects and why:
π± Your DataPulse Account
When you sign up for DataPulse, we collect the basics needed to provide your service:
Email & Password: For login and account security
Name: To personalize your dashboard
Website Details: Name, URL, domain for tracking setup
Preferences: Dashboard settings, notification preferences
Device Token: To send push notifications to your phone
π₯ Website Visitor Analytics
This is what we track automatically on your website (you control what gets collected):
Automatic Tracking (No Code Required)
π Page Views: Which pages visitors view, page titles, load times
π Scroll Behavior: How far visitors scroll (25%, 50%, 75%, 100% milestones)
β±οΈ Session Activity: Time spent, pages per visit, entry/exit pages
π» Device Info: Browser, operating system, device type, screen size
π Location: Country only (from IP address, can be anonymized)
π Interactions: Button clicks, form submissions (metadata only), link clicks
π Marketing Data: UTM parameters from your campaigns
Manual Events (You Control When These Fire)
π€ User Actions: Signups, logins, logouts, account deletions
π― Custom Events: Any additional data you choose to track
β οΈ Important: You Control Custom Data
Website owners can include unlimited custom data with events. You are fully responsible for what custom data you collect - this could include personal information if you choose to send it. DataPulse doesn't monitor or control this custom data.
2.3 Storage Methods
We use localStorage (not cookies) to store a unique visitor identifier on your device. This identifier helps us track your interactions across multiple visits to the same website.
3. How We Use Information
3.1 DataPulse Account Data
We use your account information to:
π§ Service Provision: Provide and maintain our services
π Analytics: Send you analytics dashboards and reports
π± Notifications: Deliver push notifications about website activity
π³ Payments: Process payments and manage subscriptions
π§ Communication: Communicate with you about service updates
π§ Support: Provide customer support
3.2 Website Visitor Data
Visitor data is processed solely to provide analytics services to our customers. We:
π Reports: Generate analytics reports and dashboards
π Alerts: Send push notifications when specified events occur
π Metrics: Calculate bounce rate, session duration, and page views
π― Patterns: Identify popular pages, referral sources, and user behavior patterns
4. Data Controller vs. Data Processor
For DataPulse Users: We are the data controller for information related to your DataPulse account.
For Website Visitors: We are a data processor. The website owner (our customer) is the data controller who determines what data to collect, how long to retain it, and what privacy settings to apply. Website owners are responsible for:
β
Consent: Obtaining necessary consents from visitors
π Notices: Providing privacy notices to visitors
βοΈ Settings: Configuring appropriate privacy settings (IP anonymization, Do Not Track compliance)
π― Custom Data: Determining what custom data to collect through event properties
βοΈ Compliance: Complying with applicable privacy laws (GDPR, CCPA, etc.)
5. Privacy Controls and Settings
Website owners can configure the following privacy settings:
π IP Anonymization: Remove the last octet of visitor IP addresses
π« Do Not Track: Honor visitors' browser DNT preferences
π― Event Selection: Choose which visitor actions to track
π Custom Data Collection: Define what additional information to collect through event properties
6. Information Sharing and Disclosure
We do not sell, rent, or trade personal information. We may share data in these limited circumstances:
π€ With Website Owners: We provide analytics data to the website owners who installed our tracking code
π§ Service Providers: We may use third-party services for hosting, payment processing, and email delivery
βοΈ Legal Requirements: We may disclose information if required by law or to protect our rights
π’ Business Transfers: Information may be transferred if we are acquired or merge with another company
7. Data Retention
We retain data based on the following criteria:
7.1 DataPulse Account Data
β
Active Accounts: Until you delete your account or request data deletion
π
Inactive Accounts: May be deleted after 3 years of inactivity with 30 days notice
βοΈ Legal Hold: May be retained longer if required by legal obligations
7.2 Website Visitor Analytics Data
π Raw Analytics Data: Retained for 26 months from collection (configurable by customer)
π Aggregated Statistics: May be retained indefinitely in anonymized form
π― Custom Event Properties: Same retention period as other analytics data
βοΈ Customer Control: Website owners can configure shorter retention periods
7.3 Deletion Process
β° Automated Deletion: Data is automatically deleted when retention periods expire
π Manual Deletion: Available upon customer request or when exercising privacy rights
πΎ Backup Recovery: Data may remain in encrypted backups for up to 90 days after deletion
8. International Data Transfers
Our services are hosted in the United States. When you use our services, your data may be transferred to, stored, and processed in the United States.
8.1 Transfer Safeguards
For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we implement appropriate safeguards:
β
Adequacy Decisions: We rely on adequacy decisions where available
π Standard Contractual Clauses (SCCs): We use EU-approved SCCs for data transfers
π Technical and Organizational Measures: We implement supplementary measures including encryption, access controls, and data minimization
8.2 Data Localization
Some jurisdictions may require data to be stored locally. We work with customers to ensure compliance with local data residency requirements where legally required.
9. Your Privacy Rights
Your privacy rights depend on your relationship with DataPulse and applicable laws in your jurisdiction:
9.1 For DataPulse Account Holders
Under GDPR (EU residents):
π Access (Article 15): Request copies of your personal data and information about how it's processed
βοΈ Rectification (Article 16): Correct inaccurate or incomplete data
ποΈ Erasure/Right to be Forgotten (Article 17): Request deletion of your personal data
π¦ Data Portability (Article 20): Receive your data in a structured, machine-readable format
βΈοΈ Restriction of Processing (Article 18): Limit how we process your data in certain circumstances
π« Objection (Article 21): Object to processing based on legitimate interests
β Withdraw Consent: Withdraw consent for processing where consent is the legal basis
Under CCPA (California residents):
π Right to Know: Request information about personal information collected, used, or shared
ποΈ Right to Delete: Request deletion of personal information
π« Right to Opt-Out: Opt-out of sale/sharing of personal information (we do not sell personal information)
βοΈ Right to Non-Discrimination: Not be discriminated against for exercising privacy rights
π Global Privacy Control (GPC): We recognize and honor GPC signals
Under PIPEDA (Canada residents):
π Access: Request access to personal information and how it's used
βοΈ Correction: Request correction of inaccurate personal information
β Consent Withdrawal: Withdraw consent for collection, use, or disclosure
9.2 For Website Visitors
If you are a visitor to a website using DataPulse, the website owner is the data controller responsible for your rights. However, you have these options:
π« Do Not Track: Enable "Do Not Track" in your browser (honored if website owner has enabled DNT respect)
ποΈ Data Deletion: Clear your browser's localStorage to remove our visitor identifier
π’ Contact Website Owner: Exercise your rights directly with the website owner per their privacy policy
π§ Contact DataPulse: Email support@thedatapulseapp.com for assistance or questions
9.3 How to Exercise Your Rights
π§ Email: support@thedatapulseapp.com
β° Response Time: Within 30 days (GDPR), 45 days (CCPA), or as required by applicable law
π Identity Verification: We may request identity verification to protect your personal data
π No Fees: Rights requests are generally free (reasonable administrative fees may apply for excessive requests)
10. Data Security
We implement industry-standard security measures including:
π Encryption: Encryption of data in transit and at rest
π Monitoring: Regular security audits and monitoring
π Access Control: Access controls and authentication mechanisms
π‘οΈ Secure Development: Secure coding practices and vulnerability testing
11. Children's Privacy
Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it immediately.
12. Legal Basis for Processing (GDPR)
For EU residents, we process personal data based on the following legal grounds:
π Contract Performance (Article 6(1)(b)): To provide our analytics services to you as a DataPulse customer
βοΈ Legitimate Interest (Article 6(1)(f)): To improve our services, ensure security, and conduct business operations
β
Consent (Article 6(1)(a)): For marketing communications and non-essential cookies (where required)
π Legal Obligation (Article 6(1)(c)): To comply with legal requirements such as tax obligations
13. Data Processing Agreement (DPA)
For customers acting as data controllers, this privacy policy incorporates our Data Processing Agreement terms:
π Processor Obligations: We process personal data only on documented instructions from you
π Security Measures: We implement appropriate technical and organizational measures
π Sub-processors: We maintain a list of approved sub-processors and notify you of changes
π€ Data Subject Rights: We assist you in responding to data subject requests
π¨ Breach Notification: We notify you of personal data breaches without undue delay
π Audit Rights: You may audit our compliance with data protection obligations
ποΈ Data Return/Deletion: We return or delete personal data at the end of service provision
14. Breach Notification
In the event of a personal data breach:
π‘οΈ Internal Response: We have procedures to detect, investigate, and respond to breaches
π’ Authority Notification: We notify relevant supervisory authorities within 72 hours where required
π¬ Customer Notification: We notify affected customers without undue delay
π€ Individual Notification: We notify affected individuals when required by law
15. Third-Party Services
We use the following categories of third-party services that may process personal data:
βοΈ Cloud Hosting: For secure data storage and processing
π± Push Notification Services: To deliver real-time notifications to iOS devices
π IP Geolocation Services: To determine country-level location from IP addresses
π³ Payment Processors: For subscription billing and payment processing
π§ Email Services: For transactional and marketing communications
All third-party processors are contractually bound to protect personal data and process it only for specified purposes.
16. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes by:
π Website Updates: Posting the updated policy on our website
π§ Email Notifications: Sending email notifications for material changes
π
Date Updates: Updating the "Last updated" date at the top of this policy
17. Customer Data Collection Responsibilities
IMPORTANT: Website owners using DataPulse have full control over what data they collect through custom event properties. This creates important responsibilities and limitations:
17.1 Customer Responsibilities
βοΈ Legal Compliance: Ensure all data collection complies with applicable privacy laws (GDPR, CCPA, PIPEDA, LGPD, etc.)
β
Consent Management: Obtain necessary consents before collecting personal data through custom properties
π― Data Minimization: Collect only data necessary for legitimate business purposes
π Privacy Notices: Provide clear privacy notices to website visitors about data collection
β οΈ Sensitive Data: Do not collect sensitive personal data (health, financial, biometric, etc.) without explicit consent and legal justification
17.2 DataPulse Limitations
π
No Content Monitoring: We do not monitor or validate the content of custom event properties
βοΈ Customer Liability: Customers are solely responsible for the legality and appropriateness of custom data they collect
π No Legal Advice: DataPulse does not provide legal advice regarding data collection practices
π§ Compliance Support: While we provide privacy tools (IP anonymization, DNT support), customers must ensure their specific use complies with applicable laws
17.3 Prohibited Data Collection
Customers must not use DataPulse to collect:
π³ Payment card information (PCI DSS protected data)
π Government identification numbers (SSN, passport numbers, etc.)
π Biometric data or genetic information
π₯ Health or medical information without proper legal basis
πΆ Data from children under 13 without parental consent
β Any data that violates applicable privacy laws
18. International Compliance
DataPulse supports compliance with major international privacy regulations:
18.1 Supported Regulations
πͺπΊ GDPR (EU/EEA): General Data Protection Regulation
π¬π§ UK GDPR: United Kingdom data protection laws
πΊπΈ CCPA/CPRA (California): California Consumer Privacy Act and amendments
π¨π¦ PIPEDA (Canada): Personal Information Protection and Electronic Documents Act
π§π· LGPD (Brazil): Lei Geral de Proteção de Dados
πΈπ¬ PDPA (Singapore): Personal Data Protection Act
π¦πΊ Privacy Act (Australia): Australian Privacy Principles
18.2 Compliance Features
β
Consent Management: Tools for obtaining and managing visitor consent
π€ Data Subject Rights: Support for access, deletion, and portability requests
π Cross-Border Transfers: Appropriate safeguards for international data transfers
π¨ Breach Notification: Procedures for timely breach notification
π Data Processing Agreements: Built-in DPA terms for controller-processor relationships
19. Contact Information
For privacy-related questions or to exercise your rights:
Response Times:
πͺπΊ GDPR Requests: Within 30 days (may be extended by 60 days for complex requests)
πΊπΈ CCPA Requests: Within 45 days (may be extended by 45 days with notice)
π Other Jurisdictions: As required by applicable law