Privacy Policy
Last updated: March 27, 2026
1. Introduction
Power Consulting LLC ("Company," "we," "us," or "our") operates the Pulse platform at askpulse.io (the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.
By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, do not use the Service.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Agency or organization name
- Email address
- Password (stored as a bcrypt hash — we never store your plaintext password)
- Subscription plan selection
2.2 Team Member Information
If you invite team members, we collect their name, email address, and role within your agency.
2.3 Billing Information
Payment processing is handled entirely by Stripe, Inc. We do not collect, store, or have access to your credit card number, bank account details, or other payment instrument data. We store only your Stripe customer ID to manage your subscription.
2.4 Third-Party Platform Data
When you connect third-party platforms to the Service, we retrieve and cache performance data from those platforms. This may include:
- Advertising platforms (Google Ads, Meta Ads): campaign spend, impressions, clicks, conversions, cost-per-action, return on ad spend
- Analytics (Google Analytics): sessions, users, pageviews, bounce rate, conversion rate
- Search & SEO (Google Search Console, Semrush, Ahrefs): search queries, keyword rankings, backlink data, domain metrics
- Email marketing (Mailchimp, Klaviyo): campaign open rates, click rates, bounces, subscriber counts
- Social media (Instagram, YouTube, TikTok, LinkedIn, Twitter/X): follower counts, engagement metrics, video views
- Revenue (Stripe, Shopify): subscription counts, charges, orders, monthly recurring revenue
- CRM & support (HubSpot, Intercom): deal pipeline data, conversation and ticket counts
- Other tools (Slack, Calendly, Typeform): notifications, scheduling data, form responses
We access only the data necessary to provide analytics and reporting features. We do not access personal data of your end customers or contacts unless it is part of aggregate metrics provided by the connected platform's API.
2.5 Automatically Collected Information
We collect standard server logs when you access the Service, which may include your IP address, browser type, operating system, referring URL, and timestamps. We use a session cookie ("pulse_session") to maintain your authenticated session. We do not use third-party tracking cookies or advertising pixels.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Authenticate your identity and manage your account
- Process subscription payments and manage billing
- Retrieve and display analytics data from your connected platforms
- Detect anomalies and generate alerts about significant changes in your metrics
- Enable AI-powered querying of your data through MCP-compatible tools
- Send transactional emails (account verification, billing notifications)
- Respond to your support requests and communications
- Comply with legal obligations
We do not sell your personal information. We do not use your data or your clients' data to train AI models.
4. Data Sharing and Third-Party Processors
We share your information only with the following categories of service providers, solely to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Turso (LibSQL) | Database hosting | All stored data (encrypted in transit) |
| Stripe, Inc. | Payment processing | Email, subscription plan, payment details |
| Resend | Transactional email | Email address, verification codes |
| Composio | Platform integration gateway | OAuth tokens, API requests to connected platforms |
| Vercel, Inc. | Application hosting | Server logs, request metadata |
We may also disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
5. Data Security
We implement the following security measures to protect your data:
- All data is transmitted over HTTPS/TLS encryption
- Passwords are hashed using bcrypt with salt rounds
- Session tokens are signed with HS256 (HMAC-SHA256) and expire after 30 days
- Session cookies are HTTP-only, Secure, and SameSite=Lax
- Stripe webhook signatures are verified before processing
- Database access is authenticated with scoped tokens
- API keys are generated using cryptographically secure random bytes
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
6. Data Retention
We retain your data as follows:
- Account data: Retained for the duration of your account and up to 30 days after termination
- Analytics metrics: Retained for the duration of your account to provide historical reporting
- Alerts: Retained for the duration of your account
- Server logs: Retained according to our hosting provider's policies (typically 30 days)
- Email verification codes: Deleted immediately after successful verification
You may request deletion of your account and associated data at any time by contacting us at legal@askpulse.io.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
All Users
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your account and personal data
- Data portability: Request your data in a machine-readable format
- Withdrawal of consent: Disconnect third-party platforms at any time from your account settings
California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To exercise your rights, contact us at legal@askpulse.io. We will not discriminate against you for exercising these rights.
European Economic Area Residents (GDPR)
If you are located in the EEA, our legal basis for processing your personal data is: (a) performance of a contract (providing the Service), (b) legitimate interests (improving and securing the Service), and (c) your consent (connecting third-party platforms). You have the right to lodge a complaint with your local data protection authority. Data is processed and stored in the United States.
8. Cookies
We use a single, essential cookie:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| pulse_session | Authentication session | 30 days | Essential (HTTP-only) |
We do not use analytics cookies, advertising cookies, or third-party tracking cookies. No cookie consent banner is required as we only use essential cookies necessary for the Service to function.
9. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that data.
10. International Data Transfers
Your data is processed and stored in the United States (AWS US West 2 region). If you are located outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Power Consulting LLC
100 N Howard St STE R
Spokane, WA 99201
legal@askpulse.io