PulsePulse

Privacy Policy

Effective date: 15/08/2025

This Privacy Policy explains how Pulse Messenger (“Pulse”, “we”, “us”) processes personal data when you use our applications, websites and related services (collectively, the “Service”). We comply with the EU General Data Protection Regulation (GDPR) and Dutch law.

1. Data Controller

The data controller for the Service is Pulse Messenger. Contact: privacy@pulsechat.eu.

2. What We Do Not Collect

  • No phone numbers, email addresses, names, or contact lists.
  • No message content is stored after delivery.
  • No advertising identifiers; no third‑party ad tracking.

3. Data We Process

  • Device/public keys: To authenticate devices and establish secure sessions. Keys are not linked to your real‑world identity.
  • Account/device metadata (minimal): Internal IDs, timestamps, and technical flags strictly necessary to run the Service (e.g., session validity, rate‑limit counters).
  • Undelivered message queue (transient): If a recipient is offline, messages are temporarily stored in encrypted form solely for delivery.
  • Diagnostics (optional): Crash reports, performance metrics and version info, collected only if enabled by you, used to improve reliability.

4. Purposes of Processing

  • Provide and operate secure messaging and device authentication.
  • Protect the Service against abuse (e.g., anti‑spam, rate‑limiting, abuse mitigation).
  • Maintain and improve performance and reliability (diagnostics, if enabled).
  • Comply with legal obligations (security, accounting, lawful requests).

5. Legal Bases (GDPR Art. 6)

  • Performance of a contract (Art. 6(1)(b)) — to provide the Service you request.
  • Legitimate interests (Art. 6(1)(f)) — to secure and maintain the Service (e.g., abuse prevention, service integrity). Balanced against your rights.
  • Consent (Art. 6(1)(a)) — for optional diagnostics or features clearly presented as opt‑in.
  • Legal obligation (Art. 6(1)(c)) — where EU/Dutch law requires retention or disclosure.

6. Security & Encryption

We apply privacy by design and defense in depth:

  • TLS in transit between your device and our servers.
  • Per‑message encryption with a ratcheting mechanism that rotates keys frequently to provide forward secrecy and limit impact of key compromise.
  • Device‑bound authentication keys for access control. You are responsible for protecting your device and secrets.
  • Encryption at rest for server‑side queues and backups.

7. Retention

  • Messages: Deleted from our delivery queue immediately after successful delivery. If undelivered, we attempt redelivery; undelivered items are purged after a short retention window (e.g., 72 hours) or when they expire — whichever comes first.
  • Keys & technical records: Retained while your device uses the Service and removed when you deregister or after extended inactivity.
  • Diagnostics (if enabled): Retained up to 30 days, then deleted or aggregated.

8. Sharing & Disclosure

  • No sale of personal data. No advertising partners.
  • Processors/sub‑processors: We may use reputable EU‑based infrastructure providers under GDPR‑compliant data processing agreements (DPAs). They process data only on our instructions.
  • Legal requests: We assess each request carefully and disclose only if required by law, limited to the minimum necessary.

9. International Transfers

We aim to host and process data in the European Union. If a transfer outside the EEA is necessary, we use appropriate safeguards (e.g., EU Standard Contractual Clauses).

10. Your Rights

Under GDPR you have the right to access, rectify, delete, restrict, or object to processing, and the right to data portability. You can also withdraw consent at any time (for features that rely on consent). To exercise rights, contact privacy@pulsechat.eu.

11. Children

The Service is not intended for children under 16. If you believe a child has provided data, contact us for prompt deletion.

12. Complaints

You may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local EU supervisory authority.

13. Changes

We may update this Policy. Material changes will be communicated in‑app or on our website. Continued use after changes becomes effective constitutes acceptance.

14. Contact

Questions? privacy@pulsechat.eu

← Back to Home