Terms of Service

1. Agreement and Authority

By using DataPulse, you're agreeing to these terms. If you're setting this up for your company, make sure you have permission to agree on their behalf.

Simple as that - if you use our service, these terms apply.

2. What DataPulse Does for You

DataPulse is your website's notification system - we track what happens on your site and send you instant alerts when important events occur.

3. Account Registration and Security

To use our Service, you must create an account and provide accurate, current, and complete information. You are responsible for:

4. Data Collection and Privacy Responsibilities

4.1 Your Role as Data Controller

When you use our Service to track visitors on your website, you act as the data controller and are responsible for:

4.2 Custom Data Collection Responsibilities

CRITICAL: Our Service allows you to include unlimited custom data through event properties. You have complete control and responsibility over this data:

Your Obligations:

• Legal Compliance: Ensure all custom data collection complies with GDPR, CCPA, PIPEDA, LGPD, and other applicable privacy laws
• Consent Management: Obtain explicit consent before collecting personal data through custom properties
• Data Minimization: Collect only data necessary for legitimate business purposes
• Sensitive Data Restrictions: Do not collect sensitive personal data (health, financial, biometric, racial, political, religious) without explicit consent and proper legal safeguards
• Children's Data: Do not collect data from children under 13 (or applicable age in your jurisdiction) without verified parental consent
• Prohibited Data: Do not collect payment card information, government IDs, passwords, or other restricted data types

DataPulse Limitations:

• No Content Monitoring: We do not monitor, validate, or control the content of custom event properties you send to our servers
• No Legal Advice: We do not provide legal advice regarding your data collection practices
• Your Sole Liability: You are solely responsible for the legality, appropriateness, and compliance of all custom data you collect
• Processing Only: We act only as a data processor - you remain the data controller with full responsibility for compliance

4.3 Our Role as Data Processor

We act as a data processor for visitor data collected through your website. We agree to:

• Process visitor data only as instructed by you through our Service
• Implement appropriate technical and organizational security measures
• Assist you in responding to data subject requests when possible
• Notify you of any data breaches affecting your visitor data
• Delete or return visitor data upon termination as requested

5. Acceptable Use Policy

You agree not to use our Service to:

5.1 Prohibited Activities

• Legal Violations: Violate any applicable laws, regulations, or third-party rights
• Unauthorized Tracking: Track visitors on websites you do not own, control, or have permission to monitor
• System Interference: Interfere with, disrupt, or attempt to gain unauthorized access to our Service or servers
• Malicious Activities: Use our Service for fraudulent, harmful, or malicious purposes
• API Abuse: Attempt to bypass our security measures, rate limits, or domain validation
• False Data: Generate fake analytics data or manipulate tracking results
• Spam/Harassment: Send unsolicited communications or use our Service to harass individuals

5.2 Data Collection Restrictions

• No Consent: Collect personal data without proper consent or legal basis
• Sensitive Data: Collect sensitive personal data without appropriate safeguards and explicit consent
• Children's Data: Collect data from children without verified parental consent
• Restricted Data Types: Collect payment card information, government IDs, biometric data, or health information without proper legal authority
• Cross-Site Tracking: Use our Service to track users across multiple websites without consent

5.3 Enforcement

Violation of this policy may result in immediate suspension or termination of your account, data deletion, and potential legal action. We may also report violations to relevant authorities.

6. Intellectual Property Rights

Our Service and all related intellectual property rights remain our property. You are granted a limited, non-exclusive, non-transferable license to use our Service during your subscription period.

You retain ownership of your website data and any custom content you provide to our Service.

7. Payment Terms and Subscriptions

Subscription fees are charged in advance and are non-refundable except as required by law. We may change our pricing with 30 days' notice. If you fail to pay fees when due, we may suspend or terminate your access to the Service.

8. Service Availability and Modifications

We strive to maintain 99.9% uptime but do not guarantee uninterrupted service. We reserve the right to:

• Modify, suspend, or discontinue any part of our Service
• Update these Terms with reasonable notice
• Implement maintenance and security updates
• Change our API or tracking methods with advance notice

9. Data Processing Agreement

This section constitutes our Data Processing Agreement (DPA) for purposes of GDPR and similar privacy laws:

9.1 Processing Details

• Subject Matter: Website analytics and visitor tracking
• Duration: Term of your subscription plus retention period
• Purpose: Providing analytics services and push notifications
• Data Types: Visitor identifiers, behavior data, device information, custom properties
• Data Subjects: Your website visitors

9.2 Security Measures

We implement appropriate technical and organizational measures including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security monitoring and audits
• Employee training on data protection

9.3 International Transfers

Data may be processed in the United States. By using our Service, you authorize such transfers and represent that you have obtained necessary consents from data subjects.

10. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

10.1 Monetary Limitations

• Liability Cap: Our total liability to you shall not exceed the greater of $100 or the amount you paid us in the 12 months preceding the claim
• Damages Exclusion: We are not liable for indirect, incidental, consequential, special, or punitive damages
• Lost Profits: We are not liable for lost profits, revenue, data, or business opportunities

10.2 Data and Privacy Liability

• Custom Data: We are not liable for any consequences arising from custom data you choose to collect through event properties
• Privacy Law Compliance: We are not liable for your failure to comply with GDPR, CCPA, PIPEDA, LGPD, or other privacy laws
• Data Subject Claims: We are not liable for claims by your website visitors regarding data collection practices
• Third-Party Breaches: We are not liable for data breaches caused by your actions, third parties, or factors outside our control
• Data Controller Responsibilities: We are not liable for your data controller obligations or decisions

10.3 Service Limitations

• Service Availability: We are not liable for service interruptions, downtime, or maintenance periods
• Data Accuracy: We are not liable for inaccuracies in analytics data or reports
• Third-Party Services: We are not liable for failures or issues with third-party services we integrate with
• Force Majeure: We are not liable for delays or failures due to circumstances beyond our reasonable control

11. Indemnification

You agree to defend, indemnify, and hold harmless DataPulse, its officers, directors, employees, and agents from and against any and all claims, damages, obligations, losses, liabilities, costs, or debt, and expenses (including attorney's fees) arising from:

11.1 Your Use of the Service

• Terms Violations: Your use of our Service in violation of these Terms
• Unauthorized Use: Your unauthorized use of our Service or systems
• False Information: Providing false, inaccurate, or misleading information to us

11.2 Data and Privacy Violations

• Privacy Law Violations: Your violation of GDPR, CCPA, PIPEDA, LGPD, or other applicable privacy laws
• Unlawful Data Collection: Your collection of data without proper consent, legal basis, or authority
• Custom Data Issues: Any issues arising from custom data you collect through event properties
• Sensitive Data: Your collection of sensitive personal data without appropriate safeguards
• Children's Data: Your collection of children's data without proper parental consent

11.3 Third-Party Claims

• Visitor Claims: Claims by your website visitors regarding data collection, privacy violations, or unauthorized tracking
• Regulatory Actions: Investigations, fines, or penalties from data protection authorities
• Class Actions: Class action lawsuits related to your data collection practices
• Intellectual Property: Claims that your use of our Service infringes third-party intellectual property rights

11.4 Indemnification Process

We will notify you of any claims subject to indemnification. You will have the right to control the defense of such claims, provided you acknowledge your indemnification obligations and use counsel reasonably acceptable to us.

12. Termination

Either party may terminate this agreement at any time. Upon termination:

• Your access to our Service will be suspended immediately
• We will stop collecting new data for your websites
• You may request export of your data within 30 days
• We will delete your data according to our retention policy
• Outstanding payment obligations survive termination

We may terminate immediately if you breach these Terms or engage in prohibited activities.

13. Privacy Law Compliance Requirements

As a data controller using our Service, you must comply with all applicable privacy laws. This includes:

13.1 GDPR Compliance (EU/EEA/UK)

• Legal Basis: Establish lawful basis for processing personal data (Article 6)
• Consent: Obtain explicit, informed consent where required
• Privacy Notices: Provide clear information about data collection (Article 13/14)
• Data Subject Rights: Enable rights to access, rectification, erasure, portability, and objection
• Data Protection Impact Assessments: Conduct DPIAs for high-risk processing
• Data Transfer Safeguards: Implement safeguards for international transfers

13.2 CCPA Compliance (California)

• Consumer Rights: Enable rights to know, delete, and opt-out
• Privacy Policy Disclosures: Detailed disclosures about data collection and sharing
• Global Privacy Control: Honor GPC signals from browsers
• Do Not Sell/Share: Provide mechanisms to opt-out of data sales/sharing
• Non-Discrimination: Do not discriminate against consumers exercising rights

13.3 Other Jurisdictions

• PIPEDA (Canada): Meaningful consent and purpose limitation
• LGPD (Brazil): Data protection principles and individual rights
• PDPA (Singapore): Consent and notification requirements
• Privacy Act (Australia): Australian Privacy Principles compliance

14. Audit Rights and Compliance Monitoring

To ensure GDPR compliance and protect both parties:

14.1 Customer Audit Rights

• Annual Audits: You may conduct annual audits of our data processing activities
• Compliance Documentation: We will provide reasonable documentation of our security measures
• Sub-processor Information: We maintain a current list of sub-processors
• Incident Reports: We provide detailed reports of any security incidents

14.2 Compliance Monitoring

• Regular Reviews: We conduct regular reviews of our data processing activities
• Security Assessments: Annual third-party security assessments
• Policy Updates: Regular updates to privacy and security policies
• Training: Ongoing privacy and security training for employees

15. Dispute Resolution

15.1 Informal Resolution

Before initiating formal proceedings, parties agree to attempt informal resolution through direct negotiation for 30 days.

15.2 Arbitration

Disputes that cannot be resolved informally shall be resolved through binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules. The arbitration shall:

• Take place in Delaware, United States
• Be conducted by a single arbitrator knowledgeable in technology and privacy law
• Follow Delaware state law and applicable federal law
• Result in a written decision that may be entered as a judgment in any court of competent jurisdiction

15.3 Exceptions to Arbitration

The following disputes are not subject to arbitration:

• Claims for injunctive or equitable relief
• Disputes related to intellectual property rights
• Small claims court actions (under applicable monetary limits)
• Regulatory investigations or enforcement actions

16. Governing Law

These Terms are governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to conflict of law principles. To the extent not subject to arbitration, any legal actions must be brought in the state or federal courts located in Delaware.

17. Compliance and Certifications

We maintain compliance with industry standards and may obtain certifications such as SOC 2, ISO 27001, or similar security frameworks. You can request information about our compliance status.

18. Changes to Terms

We may modify these Terms by providing 30 days' written notice. Continued use of our Service after changes constitutes acceptance. If you do not agree to changes, you may terminate your account.

19. Severability

If any provision of these Terms is found unenforceable, the remaining provisions shall remain in full force and effect.

20. Contact Information

For questions about these Terms, legal compliance, or to report violations:

• General Inquiries: support@thedatapulseapp.com
• Legal/Compliance: legal@thedatapulseapp.com
• Privacy Officer: privacy@thedatapulseapp.com
• Security Issues: security@thedatapulseapp.com

Response Times:

• General Support: Within 48 hours
• Legal/Compliance: Within 5 business days
• Security Issues: Within 24 hours
• Privacy Requests: As required by applicable law (typically 30-45 days)

Last Updated: July 25, 2025

Effective Date: July 25, 2025