Privacy/Your rights

Your rights

Effective date · 2 June 2026

This page summarizes the rights you can exercise over the personal data PulseSignal holds about you, and how to exercise them. It applies whether you are a PulseSignal user (you have an account) or a third party whose data appears in our system because we mirrored a public source (for example, a director record from a corporate registry).

We honor these rights for everyone, regardless of jurisdiction, even where local law does not require it. Where your jurisdiction provides stronger rights or shorter timelines than what is listed here, those local rules apply.

RightWhat it meansLawsHow to exerciseTimeline
Access (Subject Access Request)Receive a copy of the personal data we hold about you, including the sources, purposes, recipients, retention windows, and the categories of automated processing involved.GDPR Art 15 · UK GDPR · CCPA § 1798.110/.115 · LGPD Art 18(II) · PIPEDA Principle 9 · DPDP § 11 · PDPA s.21 · Privacy Act APP 12Use the in-product Export my data button in Settings → Account, or email privacy@pulsesignal.co from the address on your account.30 days (GDPR/DPDP/PIPEDA) · 45 days (CCPA) · 15 days (LGPD)
Correction (rectification)Have inaccurate personal data corrected, and incomplete data completed.GDPR Art 16 · CCPA § 1798.106 · LGPD Art 18(III) · PIPEDA Principle 9 · DPDP § 12 · PDPA s.22Edit your profile from Settings → Account. For records about you that you do not control (for example, an officer record mirrored from a public registry), email privacy@pulsesignal.co with the correct value and a source that supports it.30 days
Erasure (deletion / right to be forgotten)Have personal data we hold about you deleted, subject to limited exceptions (statutory public-registry mirroring; defense of legal claims; freedom of expression).GDPR Art 17 · CCPA § 1798.105 · LGPD Art 18(VI) · PIPEDA Principle 4.5 · DPDP § 12 · PDPA s.25Submit the structured form at /privacy/erasure-request or email privacy@pulsesignal.co.30 days (GDPR/DPDP) · 45 days (CCPA) · 15 days (LGPD)
PortabilityReceive a copy of personal data you have provided to us in a structured, commonly used, machine-readable format (we use JSON), and the right to have it sent directly to another controller where technically feasible.GDPR Art 20 · CCPA § 1798.130(a)(3)(B)(iii) · LGPD Art 18(V)Use Settings → Account → Export my data, or email privacy@pulsesignal.co.30 days
Restriction of processingPause our processing of your personal data in defined circumstances (contested accuracy, unlawful processing, you object pending balancing test).GDPR Art 18 · LGPD Art 18(IV)Email privacy@pulsesignal.co with the records and the reason. We mark the record “restricted” in the database, which means we will not process it further beyond storage (and any processing required to defend legal claims) until the issue is resolved.30 days
ObjectionObject to processing based on our legitimate interests, including objection to direct marketing (which we will honor unconditionally).GDPR Art 21 · LGPD Art 18(IX)Email privacy@pulsesignal.co and describe the records and the grounds. For marketing, you can also click the unsubscribe link in any email.30 days
Withdraw consentWithdraw any consent you previously gave, at any time, without affecting the lawfulness of processing before the withdrawal.GDPR Art 7(3) · LGPD Art 8 § 5 · DPDP § 6(4) · PDPA s.16Use the cookie banner controls for cookie consent (see /privacy/cookies), or email privacy@pulsesignal.co for any other consent.Immediate
Opt out of sale or share (US state laws)Direct us not to “sell” or “share” personal information for cross-context behavioral advertising. We do not sell or share, and the GPC signal is honored.CCPA / CPRA § 1798.120 · VCDPA · CPA · CTDPA · UCPA · TDPSA · OCPA · othersSend a GPC signal from your browser (we auto-respect it), or email privacy@pulsesignal.co. Because we do not engage in “sale” or “share,” the opt-out is already effective for you by default.Immediate
Limit use of Sensitive Personal InformationDirect us to use Sensitive PI only for the purposes specifically allowed by CCPA § 1798.121(a). Not applicable to us in practice because we do not collect Sensitive PI.CCPA § 1798.121Not applicable in practice; we do not collect CCPA-Sensitive PI. If you believe we hold any, email privacy@pulsesignal.co.Immediate on receipt
No automated decision with legal effectYou will not be subject to a decision based solely on automated processing, including profiling, that produces a legal or similarly significant effect on you. Our automated processing (severity scoring, deduplication, LLM summarization, similarity search) is operational metadata about companies, not decisions about people.GDPR Art 22 · LGPD Art 20 · DPDP § 11(2)(b) · several US state lawsIf you believe we have made such a decision about you, email privacy@pulsesignal.co and we will explain the logic, the significance, and the human-review path.30 days
Complain to a regulatorLodge a complaint with the data-protection authority of your country of residence or place of the alleged infringement.GDPR Art 77 · LGPD · DPDP · PIPEDA · PDPA · Privacy ActSee the regulator list on /privacy/regional. You do not need to contact us first, but we would appreciate the opportunity to fix the issue.Set by the regulator
01

How we verify your identity

We verify identity before acting on access, deletion, portability, or correction requests so that we do not hand over personal data to an impersonator. For requests sent from the email on your PulseSignal account we match the inbound address against our records; that is usually enough. For requests from a different address, requests about an officer record where you are not the account holder, or requests by an authorized agent, we may ask for one or more of: a signed declaration, government-issued ID number plus a redacted copy of the supporting document, or a copy of the written authorization. We will tell you in writing what we need and why, and we will destroy any identity evidence after the request is closed (and after any retention period required by law for our defense of legal claims).

02

Authorized agents and parents/guardians

You may designate an authorized agent in writing to make a request on your behalf. We verify the agent’s authorization by reviewing the written designation. A parent or guardian may submit a request on behalf of a minor child by providing proof of the parental/guardianship relationship.

03

Where we may refuse or charge a fee

We may decline or charge a reasonable fee for requests that are manifestly unfounded or excessive (for example, repetitive identical requests). We may also decline the parts of an erasure request that conflict with: (a) a statutory public registry whose record we are required to mirror (we will redact our copy, and the upstream record will remain public on the registry’s own site), (b) defense of legal claims, (c) compliance with another legal obligation, or (d) freedom of expression and information. Where we decline, we tell you in writing within the standard timeline and explain the next steps, including the right to appeal and the right to complain to a regulator.

04

Right to appeal

If we decline or partly decline your request, you can appeal by replying to our response email within 60 days. A second reviewer (not the original handler) will look at the request afresh and respond within 30 days. The appeal is free. You also have an independent right to complain to your regulator at any time; see /privacy/regional.

05

What we cannot do

We cannot edit or delete records on a primary public registry (UK Companies House, SEC EDGAR, MCA India, etc.). Those records sit with the registry and you must contact the registry directly to ask for redaction or removal there. We can, and on a valid request will, delete our mirror of the record and tombstone it so subsequent ingests do not resurrect it. We cannot guarantee that other downstream re-publishers of the same registry data will follow suit.

06

Contact and escalation

Primary contact for any rights request: privacy@pulsesignal.co.
Erasure flow: /privacy/erasure-request.
Regional regulators: /privacy/regional.
Security disclosures: security@pulsesignal.co.