Privacy Policy
Last updated: March 14, 2026
Your privacy matters to us. This policy describes exactly what data we collect, why we collect it, and how you can control it. We have written this in plain language — no legalese where it can be avoided.
1. Introduction
PulseBoard ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.
2. Information We Collect
We collect information you provide directly: name, email address, and password when you register; payment information processed by Stripe (we never store raw card data); organisation and project details you create; and communications you send us. We also collect information automatically: log data (IP address, browser type, pages visited, time spent); device information; usage patterns within the dashboard; and crash and performance data you send via our SDKs on behalf of your end users.
3. SDK Data and Your End Users
When you integrate a PulseBoard SDK into your application, data about your end users (such as device model, OS version, session identifiers, and crash details) is transmitted to our servers. You are the data controller for this information. You are responsible for ensuring your own privacy policy informs your end users that this data is collected and transmitted to a third-party monitoring service. PulseBoard acts as a data processor for this data on your behalf.
4. How We Use Your Information
We use the information we collect to: provide, operate, and maintain the Service; process transactions and send related information; send administrative messages, security alerts, and support responses; send product updates and announcements (only if you opted in); analyse usage to improve the Service; detect and prevent fraudulent or abusive activity; and comply with legal obligations.
5. AI Features and API Keys
If you use the AI insights feature, your AI provider API key is encrypted at rest using AES-256-GCM encryption. Only the last 4 characters are displayed in the dashboard. Your API key is transmitted only to the AI provider you select when generating insights. We do not use your API key for any other purpose and do not share it with any third party other than your chosen AI provider.
6. Data Retention
We retain your account data for as long as your account is active or as needed to provide the Service. Raw event and analytics data is retained according to your plan: 7 days for Starter, 30 days for Pro, and custom retention for Enterprise. After account deletion, we retain your data for 30 days before permanent deletion. Some information may be retained longer where required by law.
7. Sharing of Information
We do not sell, trade, or rent your personal information to third parties. We may share your information with: service providers who assist in operating the Service (such as Stripe for payments, Resend for email, and Redis/PostgreSQL hosting providers) under confidentiality obligations; law enforcement or government agencies when required by law; and business successors in the event of a merger, acquisition, or sale of assets, with prior notice to you.
8. Cookies and Tracking
We use a single authentication cookie (pb_access_token) to maintain your session. We do not use advertising cookies or third-party tracking pixels. We do not use Google Analytics or similar third-party analytics services. Usage analytics are collected first-party and used solely to improve the Service.
9. Security
We implement industry-standard security measures including TLS encryption for data in transit, AES-256-GCM encryption for sensitive credentials, bcrypt hashing for passwords, and JWT-based authentication with short-lived access tokens and rotating refresh tokens. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
10. Your Rights
Depending on your location, you may have rights including: access to the personal data we hold about you; correction of inaccurate data; deletion of your data (right to be forgotten); portability of your data in a machine-readable format; and objection to or restriction of certain processing. To exercise any of these rights, contact us at the email below. We will respond within 30 days.
11. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.
12. International Transfers
Your information may be transferred to and maintained on servers located outside your country of residence. By using the Service, you consent to such transfer. We take appropriate steps to ensure that your data is treated securely and in accordance with this Privacy Policy wherever it is processed.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or via a prominent notice within the Service at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team at privacy@pulseboard.app. We will respond to all legitimate requests within 30 days.
Privacy questions? Email privacy@pulseboard.app
Terms and Conditions →