Last Updated: 21st February 2025
This Privacy Policy outlines the types of personal information we collect, how it is used, and the steps we take to ensure your data is handled securely and in accordance with your rights.
When a user logs in using their Google account, we initially and periodically collect the following information:
|
Information Collected
|
Detailed
|
|---|---|
| Name | Your name as provided in your Google account. |
| Email Address | Your email address for authentication and communication purposes. |
| Profile Picture | If available, the profile picture associated with your Google account. |
| Google Locations | Details about the locations associated with your Google account. |
| Google Reviews | Reviews attached to each of your Google locations, including their content, ratings, and associated metadata. |
| Media | Media associated with your Google locations, such as photos or videos. |
We want to process as little personal information as possible when you use our website. That's why we've chosen Fathom Analytics for our website analytics, which doesn't use cookies and complies with the GDPR, ePrivacy (including PECR), COPPA and CCPA. Using this privacy-friendly website analytics software, your IP address is only briefly processed, and we (running this website) have no way of identifying you. As per the CCPA, your personal information is de-identified. You can read more about this on Fathom Analytics' website.
The purpose of us using this software is to understand our website traffic in the most privacy-friendly way possible so that we can continually improve our website and business. The lawful basis as per the GDPR is "Article 6(1)(f); where our legitimate interests are to improve our website and business continually." As per the explanation, no personal data is stored over time.
We collect the information detailed above to provide our services, such as managing your locations, reviews, and associated media effectively.
We do not sell, trade, or rent your personal information to third parties. We may share your information with trusted third-party service providers who assist us in operating our website, conducting our business, or serving you, so long as those parties agree to keep this information confidential.
We take the security of your personal information seriously and employ a variety of measures to protect it. Our server is provisioned using Laravel Forge on Digital Ocean, ensuring that we are always running on the latest and most secure versions of software and infrastructure. All sensitive data is transmitted over SSL/TLS encryption protocols to prevent unauthorized access during transmission.
Access to your personal data is strictly controlled. We limit access to authorized personnel and systems that require it to provide our services. Additionally, we perform daily backups of all relevant data, storing multiple copies at any given time to ensure redundancy and protect against data loss. Regular security audits and vulnerability assessments are conducted to identify and mitigate potential risks.
Our servers are further protected by firewalls, intrusion detection systems, and anti-malware software to block unauthorized access or attacks. While we employ strong security measures to protect your information, please understand that no method of data transmission or electronic storage can be considered completely infallible. We continually strive to ensure the highest level of protection for your personal data.
Your privacy and the safety of your personal information are our top priority, and we continuously review and update our security practices to align with industry standards.
You have the right to access, update, or delete your personal information at any time. If you wish to exercise these rights, please contact us directly at privacy@pulsereviews.io.
We will respond to access requests without undue delay and at latest within 30 days, and will provide the information by email or secure link as appropriate.
You can request a copy of your personal data in a portable format (right to data portability) from your Profile using Download my data; we will email you a secure download link when the export is ready (the link expires after a few days).
You also have the right to object to certain processing of your data and to request restriction of processing in specific circumstances. To exercise these rights, contact us at the email address below.
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law. In the UK, you can contact the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.
We keep your data only as long as necessary for the purposes described in this policy:
Account and profile data: until you delete your account, plus a 30-day grace period during which you can log back in to restore it; after that, we permanently delete your data.
Activity logs (e.g. who did what in the app): up to 365 days, after which they are deleted.
Export files (e.g. CSV downloads): 24 hours, after which they are removed from our servers.
Backups: we retain backups for operational recovery; data in backups is overwritten or removed in line with the retention periods above.
We use the following processors to operate the service. Each is bound by contract or adequacy arrangements to protect your data:
|
Processor
|
Purpose
|
Location
|
Safeguards
|
|---|---|---|---|
| Stripe | Payment processing | USA / EU | Contract (DPA), adequacy |
| Sign-in and Google Business Profile data | USA / global | Contract (DPA), adequacy / SCCs | |
| Fathom Analytics | Website analytics (cookie-free) | USA / EU | Contract, minimal data |
| DigitalOcean | Infrastructure and hosting | USA / EU | Contract (DPA) |
| Laravel Forge | Server provisioning and management | USA | Contract |
| Oh Dear | Uptime and monitoring | EU | Contract |
Your data may be stored and processed in the United Kingdom, European Economic Area, and the United States (where our processors operate). Where we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the relevant authorities.
If you have any questions about this policy, please contact us directly at privacy@pulsereviews.io.