pulsEva
Sign inGet started

Privacy Policy

Last updated: 24 June 2026

This policy explains how pulsEva, operated by [Legal entity name — operator to fill (D7)](the “controller”), collects and processes your personal data, and your rights under the EU General Data Protection Regulation (GDPR). Controller contact details are on our Imprint.

1. Data we collect

  • Account data — email address and authentication identifiers (managed via Keycloak).
  • Subscription & billing data — plan, status, and payment metadata (processed by Stripe; we do not store card numbers).
  • Usage data — monitors, preferences, and in-app activity needed to operate the service.
  • Email subscription data — the address you give us for the weekly brief or Team waitlist, plus consent and suppression state.
  • Analytics — collected only after you consent (see §6).

2. Legal bases

  • Contract — to provide the service you sign up for.
  • Legitimate interest — service emails to signed-in customers (with one-click unsubscribe on every send), security, and abuse prevention.
  • Consent — the free public email list (strict double opt-in) and product analytics.
  • Legal obligation — tax/accounting retention for billing records.

3. Email: consent & control

Our email handling is built to be GDPR-correct by design:

  • Double opt-in — when you subscribe to the public weekly brief we send a confirmation link; no brief is sent until you confirm. An unconfirmed address receives only that one confirmation email.
  • One-click unsubscribe — every marketing email carries RFC 8058 List-Unsubscribe / List-Unsubscribe-Post headers and a one-click link; unsubscribe is immediate and idempotent.
  • Per-stream suppression — unsubscribing from marketing email does not affect transactional/service email, and vice versa; the two streams are tracked independently.
  • Preference management — signed-in customers can manage their weekly-brief opt-in from their account preferences at any time.

4. How we use data

To deliver and secure the service, process subscriptions, send the emails you opted into, respond to support requests, and improve the product. We do not sell your personal data.

5. Sub-processors

We rely on the following processors, each for a specific purpose:

  • Keycloak — authentication & identity.
  • Stripe (incl. Stripe Tax) — payments and EU VAT handling.
  • Resend — transactional and marketing email delivery.
  • Cloudflare Turnstile — anti-abuse protection on public capture forms.
  • Microsoft Clarity — session replay analytics (loaded only after you consent — see §6).
  • PostHog (EU) — product analytics (loaded only after you consent — see §6).
  • Our EU hosting provider — infrastructure hosting within the EU.

6. Analytics & consent

We use Microsoft Clarity and PostHog (EU) for product analytics only after you consent. You can decline or withdraw consent; declining does not affect your ability to use the service.

7. Your rights

Subject to the GDPR you may request access, rectification, erasure, restriction, portability, and may object to certain processing. To exercise these rights contact [email protected]. For email specifically, use the unsubscribe link or your in-app email preferences. You also have the right to lodge a complaint with your data-protection authority.

8. Retention

We keep account and usage data for as long as your account is active and as needed to provide the service; billing records are retained as required by law; email suppression records are kept to honour your unsubscribe.

9. International transfers

We process data in the EU where possible. Where a processor transfers data outside the EEA, appropriate safeguards (such as Standard Contractual Clauses) apply.

10. Contact

Privacy enquiries: [email protected]. General support: [email protected]. You can manage email preferences in-app or unsubscribe via any marketing email.