Privacy Policy

PulsAPI Inc. ("PulsAPI," "we," "us," or "our") operates the PulsAPI platform at pulsapi.com, which provides unified cloud service status monitoring, incident tracking, and SLA analytics. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

By accessing or using PulsAPI, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our services.

Account Information

When you create a PulsAPI account, we collect your name, email address, and password (stored as a bcrypt hash). If you sign up via GitHub OAuth, we receive your GitHub username, email, and profile avatar URL. We never store your GitHub access token beyond the authentication session.

Usage Data

We automatically collect information about how you interact with PulsAPI, including the services you monitor, dashboard configurations, alert preferences, notification history, and feature usage. This data helps us improve the platform and provide personalized experiences.

Service Monitoring Data

PulsAPI crawls publicly available status pages from cloud providers (e.g., AWS, Stripe, GitHub, Vercel, Cloudflare) to aggregate operational status, incident timelines, and uptime metrics. This data is sourced from public endpoints and is not personal information.

Device & Log Data

When you access PulsAPI, our servers automatically log standard technical information including your IP address, browser type and version, operating system, referring URL, pages visited, and access timestamps.

• Provide, operate, and maintain your PulsAPI dashboard and alert configurations
• Send real-time incident notifications via email, Slack, or Discord based on your alert routing rules
• Calculate and display SLA metrics, MTTR, and uptime percentages for your monitored services
• Process payments and manage subscriptions for Pro and Enterprise plans
• Send account-related communications (password resets, security alerts, plan changes)
• Analyze usage patterns to improve features, performance, and reliability
• Detect and prevent fraud, abuse, and security threats

PulsAPI uses the following types of cookies:

• Essential cookies: Session tokens (JWT) required for authentication. These cannot be disabled.
• Functional cookies: Preferences like your dashboard layout, theme settings, and timezone.
• Analytics cookies: We use privacy-respecting analytics to understand aggregate usage patterns. We do not use third-party advertising trackers.

You can control cookie preferences through your browser settings. Disabling essential cookies will prevent you from logging in.

We integrate with the following third-party services:

• Stripe: Payment processing for Pro and Enterprise subscriptions. Stripe collects and processes payment card data under its own Privacy Policy. We never store your full credit card number.
• GitHub: OAuth authentication. We only access your public profile and email.
• Slack & Discord: Alert delivery via webhooks you configure. We send incident data to webhook URLs you provide.

We retain your account data for as long as your account is active. Incident history and SLA metrics are retained for 90 days on Pro plans and 30 days on Free plans. If you delete your account, we remove your personal data within 30 days, except where retention is required by law (e.g., billing records for tax compliance).

All data transmitted between your browser and PulsAPI is encrypted via TLS (HTTPS). Passwords are hashed using bcrypt. We use JWT-based authentication with short-lived access tokens. Our infrastructure runs on secured cloud environments with regular security audits and monitoring.

While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your account and associated data.
• Portability: Request your data in a machine-readable format.
• Restriction: Request that we limit processing of your personal data.
• Objection: Object to processing based on legitimate interests.

To exercise any of these rights, email us at privacy@pulsapi.com. We respond to all requests within 30 days.

PulsAPI is operated from the United States. If you access our services from outside the US, your information may be transferred to and processed in the US. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws, including GDPR.

PulsAPI is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of PulsAPI after changes constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or our data practices, contact us at:

• Email: privacy@pulsapi.com
• Support: pulsapi.com/support