Skip to main content

Privacy Policy

Last updated: 21 March 2026

1. Introduction

Pulse Loop ("we", "us", "our") operates the website at https://www.pulseloop.team and the PulseLoop platform. This Privacy Policy explains how we collect, use, store, share, and safeguard your information — including data obtained through Google APIs — when you use our service.

Pulse Loop's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2. Data We Collect

2.1 Account information

When you sign up we collect your name and email address. If you sign in via Google OAuth, we receive the following data from Google:

  • Google account email address — used as your login identifier
  • Display name — used to personalise your profile
  • Profile picture URL — displayed in the app as your avatar

We do not request access to your Google Drive, Gmail, Calendar, Contacts, or any other Google services beyond basic authentication profile data.

2.2 Organisation & team data

You provide organisation names, team names, team member email addresses, and optional demographic information (country, industry, company size). This data is used solely to deliver the service — sending survey invitations and attributing responses to the correct team.

2.3 Survey responses

Team members submit pulse survey scores and optional comments. When a survey is configured as anonymous, responses are not linked to individual identities in the user interface or API. Named surveys associate responses with the respondent.

2.4 Payment information

We use Stripe to process payments. We never store credit card numbers on our servers. Stripe's privacy policy governs payment data handling.

2.5 Usage data

We automatically collect standard web analytics (page views, browser type, IP address) to monitor and improve the service.

3. How We Use Your Data

3.1 General usage

  • To provide, operate, and maintain PulseLoop
  • To authenticate your identity and manage your account
  • To send survey invitations, reminders, and result notifications via email or Slack
  • To generate AI-powered insights from aggregated, anonymised survey data
  • To process billing and manage subscriptions
  • To communicate service updates and respond to support requests
  • To detect and prevent fraud or abuse

3.2 How we use Google user data

Google user data (email, name, profile picture) received through Google OAuth is used exclusively for:

  • Authentication — to verify your identity and log you in
  • Profile display — to show your name and avatar within the app
  • Email communication — to send you service-related emails (survey invites, reminders, result notifications)

We do not use Google user data for advertising, marketing to third parties, or any purpose unrelated to providing the PulseLoop service.

4. Data Sharing

We do not sell, rent, or trade your personal data — including Google user data — to any third party.

We share data only with the following service providers, strictly for the purpose of operating PulseLoop:

ProviderPurposeData shared
SupabaseDatabase hosting & authenticationAccount data, team data, survey responses
StripePayment processingEmail address, subscription details (no card numbers)
ResendTransactional email deliveryRecipient email address, email content
LLM provider (e.g. Google Gemini)AI-powered survey insightsAggregated scores and anonymous comments only — never names, emails, or PII
Slack (optional)Survey notifications & interactive responsesTeam member Slack user IDs, survey questions (if Slack integration is enabled)
VercelApplication hostingStandard server logs (IP addresses, request data)

Each provider operates under their own privacy policy and data processing agreements. We may also disclose data if required by law, regulation, or legal process.

Google user data is never shared with third parties except as described above for authentication and service delivery purposes.

5. Data Storage & Protection

Your data is protected by the following security measures:

  • Encryption in transit — all data is transmitted over TLS (HTTPS)
  • Encryption at rest — database storage is encrypted at rest
  • Row-level security — database policies ensure users can only access their own organisation's data
  • Role-based access controls — team roles (admin, facilitator, member) restrict access to features and data
  • Secure authentication — passwords are hashed using bcrypt; Google OAuth tokens are managed by Supabase Auth and never stored in our application database
  • No plaintext secrets — all API keys, tokens, and secrets are stored as encrypted environment variables, never in source code

Our infrastructure is hosted on Vercel (application) and Supabase (database), both of which maintain SOC 2 Type II compliance. Data is stored in US data centres.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

6. Data Retention & Deletion

6.1 Retention

  • Account data — retained for as long as your account is active
  • Survey data — retained according to your plan's history limits (free: last survey only; paid plans: 6 months to unlimited)
  • Payment records — retained as required by financial regulations (typically 7 years)
  • Server logs — retained for up to 30 days

6.2 Deletion

You can request deletion of your data at any time by contacting us at info@pulseloop.team. When you request deletion, or when you delete your organisation from the app:

  • All associated data (teams, members, surveys, responses, AI insights, action items, agendas) is permanently deleted within 30 days
  • Your Google user data (name, email, profile picture) is removed from our systems
  • Stripe payment records are retained as required by law but your personal data is anonymised
  • Backups containing deleted data are purged within the same 30-day window

You may also revoke PulseLoop's access to your Google account at any time through your Google Account settings. Revoking access will prevent future Google sign-ins but will not automatically delete data already stored — contact us to request full deletion.

7. AI & Data Processing

We use third-party large language model (LLM) APIs to generate insights from pulse survey results. Only aggregated scores and anonymous comments are sent to the LLM provider — never individual names, emails, or other personally identifiable information. Google user data is never sent to any AI or LLM provider.

8. Your Rights

Depending on your jurisdiction (including under GDPR, UK GDPR, and CCPA) you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your personal data
  • Portability — request an export of your data in a machine-readable format
  • Restriction — request that we limit processing of your data
  • Objection — object to processing of your data for specific purposes

To exercise any of these rights, contact us at info@pulseloop.team. We will respond within 30 days.

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.

10. Children's Privacy

PulseLoop is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or a prominent notice on the site. The "last updated" date at the top of this page reflects the most recent revision.

12. Contact

If you have questions about this privacy policy or how we handle your data, contact us at info@pulseloop.team.