Privacy Policy

The data controller is PulseSignal. You can reach our privacy contact at privacy@pulsesignal.co. General product and billing questions go to hello@pulsesignal.co.

When you sign up, subscribe, or use PulseSignal we collect:

• Account information: email address, display name, password hash.
• Product configuration: saved searches, pinned companies, custom alert rules, digest cadence, webhook URLs, Slack delivery tokens.
• Usage events: which pages you visit inside the product, which features you use, and when. This is kept in aggregate to improve the service.
• Billing information: handled by our payment provider. We store a customer reference and plan metadata, not card numbers.
• Support correspondence: any email or message you send us about the service.

PulseSignal is an intelligence service about SaaS companies. To build that product we observe publicly available information about companies, their products, their filings, and, in narrow cases, their publicly identified officers. We do not profile private individuals. The observations are organised into a set of data modules. Each module is documented with its upstream sources, whether it can touch personal data, the legal basis we rely on, and how long we retain the output. The full module matrix is maintained internally and is available on request at privacy@pulsesignal.co.

In plain English, our modules cover:

• Product and pricing pages published by the company.
• Public job posts and careers-page listings.
• Public funding, product-launch, and changelog announcements.
• Public reviews and aggregate sentiment on G2, Capterra, Trustpilot, the app stores, Comparably, and similar platforms.
• Public DNS, certificate transparency logs, and trust/security page signals.
• Public GitHub, GitLab, Bitbucket, package registry, and developer community footprints.
• Public statutory filings: UK Companies House, SEC EDGAR, MCA India, OFLC H-1B LCA, and related registries.
• Public federal contracting, lobbying, and enforcement disclosures (USAspending, SAM.gov, Senate LDA, FDA, FTC, FCC, CPSC, OSHA, EPA).
• Public court dockets (CourtListener) and WIPO UDRP domain disputes.
• Public certifications: B Corp, FedRAMP, 1% for the Planet, GLEIF LEI, SOC / ISO / HIPAA / PCI badges.
• Publicly listed executive and director profiles (name and role), drawn from the company’s own team pages and from statutory registries.

Where a statutory registry publishes personal data as part of a legal regime (for example, a named director in a corporate filing), we reflect that published record; we do not originate it. If a registry redacts or seals a record, our mirror of that record will be removed or redacted when we next ingest.

• Contract (Article 6(1)(b)) for information collected directly from you to deliver the service: account, saved configuration, alerts, digests, webhook delivery.
• Legitimate interests (Article 6(1)(f)) for information we collect about third-party companies to deliver competitive intelligence about public and commercial activity. Our legitimate interest is operating a professional market-intelligence service; we have weighed this against the rights of data subjects and apply safeguards including restriction to publicly observable information, redaction on valid request, and proportionate retention.
• Legal obligation (Article 6(1)(c)) applies, where relevant, to our mirroring of statutory public registries (company registries, securities filings, court records, enforcement records).
• Consent (Article 6(1)(a)) for optional marketing, including our newsletter. You can withdraw consent at any time via the unsubscribe link or by emailing us.

• To operate the product and show you competitive intelligence about the companies you track.
• To generate daily or weekly digests, per-company briefings, and custom alerts you have configured.
• To detect changes across the modules we ingest, and to power search, export, and API responses.
• To answer support questions, prevent abuse, and keep the service secure.
• To improve the product, in aggregate, using usage telemetry.

We do not sell personal data. We do not use your data to train third-party machine-learning models for purposes unrelated to PulseSignal.

We rely on a small number of service providers to run PulseSignal. The complete list, what each one does, and where they are located is maintained at /privacy/sub-processors. Material additions are announced on that page and by email, at least 30 days before the new provider begins processing customer data.

PulseSignal is operated from the United States and most of our infrastructure providers are also US-based. Where personal data is transferred from the European Economic Area, United Kingdom, or Switzerland to the United States, we rely on the European Commission Standard Contractual Clauses (SCCs) built into each provider’s data processing addendum, together with technical safeguards such as in-transit encryption, at-rest encryption, and access logging.

Where applicable law grants you rights over personal data, you can exercise them by writing to privacy@pulsesignal.co. Those rights typically include:

• Access to the personal data we hold about you.
• Correction of inaccurate personal data.
• Erasure of personal data, subject to exceptions where a statutory public record requires us to continue mirroring upstream. You can submit a structured request via our erasure-request form; we hard-delete the matching officer and leadership records and tombstone them so subsequent ingests cannot resurrect the row.
• Restriction or objection to processing based on legitimate interests.
• Portability of information you have provided directly.
• Withdrawal of consent for marketing, at any time.
• A right to complain to your local data-protection authority. In the EU, that is typically the supervisory authority of your country of residence.

We will respond within 30 days of a verified request. We may ask for proof of identity before we act, to prevent impersonation attacks against the data we hold.

Account data is kept for the lifetime of your PulseSignal account and for up to 30 days afterwards, unless a longer period is required by law (for example, invoicing records). Usage analytics is kept in a rolling 13-month window.

Information about third-party companies is kept for as long as the company is actively tracked by PulseSignal plus up to two years afterwards. Mirrors of statutory public registries follow the retention policy of the upstream registry.

Personal data we hold about named individuals follows two specific retention windows enforced by an automated monthly sweep:

• UK Companies House officers: hard-deleted seven years after the resignation date recorded against the officer, unless the same person still holds a current role on another company we track.
• Leadership profiles: hard-deleted two years after the last verification, when the company is no longer active.

We use cookies and similar storage to keep you signed in, remember your preferences, and run Google Analytics 4 on pulsesignal.co so we can understand aggregate traffic. Google Analytics collects a truncated IP address, user-agent, referrer, and page path. You can block cookies through your browser settings or use a Do Not Track extension. Signed-in use of the product requires a session cookie.

PulseSignal is a product for professional use and is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe we have collected information about a child, contact privacy@pulsesignal.co and we will delete it.

We protect user data with industry-standard controls: encrypted transport, at-rest encryption, least-privilege access, and structured audit logs. No online service can guarantee absolute security; we report any breach that affects you in line with our legal obligations.

We will update this policy as our modules and providers change. The effective date at the top reflects the most recent revision. Material changes are announced through an in-product banner and by email to active customers.

Privacy questions: privacy@pulsesignal.co.
Product and support: hello@pulsesignal.co.