Skip to main content
PulseIntel

Privacy Policy

Your privacy matters. Here's how we collect, use, and protect your data.

Effective Date: February 23, 2026 | Last Updated: March 6, 2026

1. Introduction

Welcome to PulseIntel. PulseIntel (“we,” “us,” or “our”) operates the PulseIntel Chrome extension, web dashboard, meeting recording bot, and related services (collectively, the “Service”). PulseIntel is an AI-powered sales intelligence platform that helps B2B sales professionals research prospects, generate personalised outreach, prepare for meetings, and manage their sales pipeline.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. It applies to all users of the PulseIntel Chrome extension, web dashboard (www.pulseintel.co.uk), meeting recording bot, and any associated APIs or integrations. Please read this policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Account Information

  • Name, email address, and profile information provided during registration
  • Google account information obtained through OAuth authentication
  • Company name, role, and business information
  • Subscription plan and billing information (processed by Stripe; we do not store full payment card details)

2.2 Google API Data

  • Gmail data: Email metadata and content accessed via Gmail API for AI-powered email generation, reply suggestions, and sending emails on your behalf (with your explicit action)
  • Google Calendar data: Calendar events, meeting details, and attendee information accessed for meeting preparation, scheduling intelligence, and calendar sync features

2.3 LinkedIn & Web Data

  • Publicly visible LinkedIn profile data viewed through the Chrome extension (name, title, company, experience, posts)
  • Prospect and company intelligence gathered from publicly accessible web sources
  • Data you input about prospects, companies, and deals within the Service

2.4 Meeting Recordings & Transcripts

  • Audio recordings of meetings when you activate the meeting recording bot
  • AI-generated transcripts and meeting summaries
  • Meeting metadata (participants, duration, platform)

2.5 Knowledge Base & Content

  • Documents, files, and content you upload to your Knowledge Base
  • Company profiles, product information, and sales materials you provide
  • AI-generated embeddings and processed chunks derived from your uploaded content

2.6 Usage & Technical Data

  • Chrome extension usage patterns and feature interactions
  • Dashboard analytics and session data
  • Device information, browser type, and IP address
  • Error logs and performance data

3. How We Use Your Information

We use the information we collect to:

  • Provide AI-powered sales intelligence: Generate prospect research, company insights, and personalised outreach recommendations
  • Email generation and management: Draft, suggest, and send emails through Gmail integration based on your instructions
  • Meeting preparation: Analyse calendar events and attendee information to provide pre-meeting briefs and talking points
  • Meeting recording and analysis: Record, transcribe, and summarise meetings to extract action items and insights
  • Knowledge Base and RAG: Process your uploaded content to provide contextually relevant information during sales activities
  • CRM enrichment: Sync prospect and deal data with integrated CRM platforms (e.g., HubSpot)
  • LinkedIn automation: Assist with connection requests, messaging, and engagement based on your configured settings
  • Service improvement: Analyse usage patterns to improve features, fix bugs, and develop new functionality
  • Account management: Process subscriptions, manage credits, and provide customer support
  • Communication: Send service-related notifications, updates, and support responses

4. Legal Bases for Processing (GDPR Article 6)

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions that require a legal basis for processing, we rely on the following:

  • Consent (Art. 6(1)(a)): When you grant OAuth permissions for Google services, activate meeting recording, or enable LinkedIn automation features. You may withdraw consent at any time.
  • Performance of a Contract (Art. 6(1)(b)): Processing necessary to provide the Service you have subscribed to, including AI-powered sales intelligence, email generation, and knowledge base features.
  • Legitimate Interests (Art. 6(1)(f)): Service improvement, security monitoring, fraud prevention, and analytics, where these interests are not overridden by your data protection rights.

5. Google API Data — Limited Use Compliance

PulseIntel's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5.1 Scopes We Request

  • gmail.readonly — Read email messages and metadata for AI-powered email context and reply suggestions
  • gmail.send — Send emails on your behalf when you explicitly trigger email sending
  • calendar.readonly — Read calendar events for meeting preparation and scheduling intelligence
  • calendar.events — Create and manage calendar events for meeting scheduling features

5.2 Limited Use Commitments

  • We only access Google user data necessary to provide and improve the Service's features
  • We do not use Google user data for advertising purposes
  • We do not sell Google user data to third parties
  • We do not use Google user data to build user profiles for advertising
  • Human access to Google user data is limited to security purposes, compliance with applicable law, or when aggregated and anonymised for internal operations
  • All transfers of Google user data comply with the Google API Services User Data Policy

6. Meeting Recordings

6.1 What Is Recorded

When you activate the PulseIntel meeting bot, it joins your video conference (Google Meet, Zoom, Microsoft Teams) as a visible participant. The bot records the audio of the meeting and may capture screen-shared content. The bot identifies itself as “PulseIntel Notetaker” so all participants are aware of its presence.

6.2 Consent Mechanisms

  • The meeting bot joins as a named, visible participant, providing notice to all attendees
  • You are responsible for informing meeting participants that the meeting is being recorded and obtaining any required consent
  • We recommend announcing the recording at the start of each meeting

6.3 Storage & Retention

  • Meeting recordings are stored in Google Cloud Storage with encryption at rest (AES-256)
  • Transcripts and summaries are stored in our Firebase/Firestore database
  • Recordings are retained for the duration of your subscription unless you delete them earlier
  • Upon account deletion, all recordings and transcripts are permanently deleted within 30 days

7. Data Sharing & Third Parties

We do not sell your personal data. We share information only in the following circumstances:

7.1 AI Processing Providers

We use third-party AI providers (including via OpenRouter) to power our AI features. When processing AI requests, we send contextual business data (prospect information, email content, meeting context) but minimise the transmission of personally identifiable information (PII). AI providers process data according to their data processing agreements and do not use your data to train their models.

7.2 Google APIs

We access Google services (Gmail, Calendar) through authenticated API calls using OAuth tokens you grant. Data flows are governed by Google's Terms of Service and our Limited Use compliance (see Section 5).

7.3 CRM Integrations

When you connect a CRM (e.g., HubSpot), we sync prospect, company, and deal data between PulseIntel and your CRM as configured by you. Data shared is limited to what is necessary for the sync features you enable.

7.4 Infrastructure Providers

We use Google Cloud Platform (Firebase, Cloud Functions, Cloud Storage) to host and operate the Service. These providers act as data processors under appropriate data processing agreements.

7.5 Payment Processing

Stripe processes all payment transactions. We do not store your full credit card details. Stripe's privacy policy governs the handling of your payment information.

7.6 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of PulseIntel, our users, or others.

8. International Data Transfers

PulseIntel is operated from the United Kingdom. Your data may be transferred to and processed in countries outside your country of residence, including the United States and other countries where our infrastructure providers operate.

For transfers from the EEA or UK to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organisational measures where necessary.

Switzerland: For transfers from Switzerland, we rely on the Swiss-US Data Privacy Framework (Swiss-US DPF) and Standard Contractual Clauses as approved under the Swiss Federal Act on Data Protection (nDSG / revised FADP).

APAC Adequacy Assessments: For transfers involving data from Australia, Japan, South Korea, or Singapore, we conduct transfer impact assessments and rely on SCCs, binding corporate rules, or applicable adequacy frameworks where available. Japan holds an EU adequacy decision (December 2018); for other APAC jurisdictions we apply appropriate supplementary safeguards.

9. Data Retention

We retain your data for the following periods:

  • Account data: For the duration of your account, plus 30 days after deletion request
  • Email and calendar data: Cached temporarily during active sessions; not permanently stored beyond what is needed for the features you use
  • Meeting recordings: Until you delete them or your account is terminated, then deleted within 30 days
  • Knowledge Base content: For the duration of your account; deleted within 30 days of account termination
  • AI-generated content: Stored as part of your account data for the duration of your subscription
  • Usage and analytics data: Up to 24 months, then aggregated or deleted
  • Billing records: As required by applicable tax and financial regulations (typically 7 years)

You may request deletion of your data at any time by contacting us at info@pulseintel.co.uk. We will process deletion requests within 30 days, subject to any legal retention obligations.

10. Your Rights

10.1 GDPR Rights (EEA & UK Residents)

Under the General Data Protection Regulation, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data (“right to be forgotten”)
  • Data Portability: Receive your data in a structured, commonly used, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

10.2 CCPA/CPRA Rights (California Residents)

Under the California Consumer Privacy Act and California Privacy Rights Act, you have the right to:

  • Know: Request information about the categories and specific pieces of personal information we collect
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt out of the sale or sharing of personal information (note: we do not sell personal information)
  • Non-Discrimination: Not receive discriminatory treatment for exercising your rights
  • Correct: Request correction of inaccurate personal information
  • Limit Use of Sensitive PI: Limit the use and disclosure of sensitive personal information

10.3 Other Jurisdictions

  • UK GDPR: UK residents enjoy equivalent rights under the UK General Data Protection Regulation and Data Protection Act 2018
  • Brazilian LGPD: Brazilian residents have rights including access, correction, anonymisation, portability, and deletion under the Lei Geral de Proteção de Dados
  • Australian Privacy Act: Australian residents have rights to access and correct personal information under the Privacy Act 1988 and Australian Privacy Principles. You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

10.4 DACH Region (Germany, Austria, Switzerland)

In addition to GDPR rights, residents of the DACH region have specific rights under their national data protection laws:

  • Germany (BDSG): German residents have rights under the Bundesdatenschutzgesetz (BDSG), including enhanced rights relating to automated decisions and profiling. You may lodge a complaint with the Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI) at bfdi.bund.de
  • Austria (DSG): Austrian residents have rights under the Datenschutzgesetz (DSG). You may lodge a complaint with the Datenschutzbehörde (DSB) at dsb.gv.at
  • Switzerland (nDSG): Swiss residents have rights under the revised Federal Act on Data Protection (nDSG / revised FADP), including rights of access, rectification, erasure, and data portability. You may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) at fdpic.ch

10.5 APAC Region

  • Singapore (PDPA): Singapore residents have rights under the Personal Data Protection Act (PDPA), including the right to access and correct personal data and to withdraw consent. The PDPC (Personal Data Protection Commission) oversees compliance at pdpc.gov.sg
  • Japan (APPI): Japanese residents have rights under the Act on the Protection of Personal Information (APPI), including rights of disclosure, correction, addition, deletion, and cessation of use. The Personal Information Protection Commission (PPC) oversees compliance at ppc.go.jp
  • South Korea (PIPA): South Korean residents have rights under the Personal Information Protection Act (PIPA), including rights of access, correction, deletion, and suspension of processing. The Personal Information Protection Commission (PIPC) oversees compliance

To exercise any of these rights, contact us at info@pulseintel.co.uk. We will respond to verified requests within 30 days (or as required by applicable law).

11. California Privacy Notice (CCPA/CPRA)

This section provides additional disclosures required by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

11.1 Categories of Personal Information Collected

  • Identifiers: Name, email address, IP address, account credentials
  • Commercial information: Subscription history, credit usage, billing records
  • Internet or electronic network activity: Extension usage data, browsing activity within the Service, interaction logs
  • Professional or employment information: Job title, company, professional role (as provided by you or from public sources)
  • Audio information: Meeting recordings (when you activate the recording feature)
  • Inferences: AI-generated prospect insights and sales intelligence derived from collected data

11.2 Sale & Sharing of Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising. We have not sold or shared personal information in the preceding 12 months.

11.3 Retention

We retain each category of personal information for the periods described in Section 9 of this Privacy Policy.

12. Cookies & Tracking Technologies

  • Chrome Extension Local Storage: The PulseIntel Chrome extension uses Chrome's local storage APIs (chrome.storage.local and chrome.storage.sync) to store your preferences, cached data, and session information locally on your device
  • Dashboard Cookies: Our web dashboard uses essential cookies for authentication (Firebase Auth session tokens) and functionality. We do not use third-party advertising cookies
  • Analytics: We may use analytics services to understand how users interact with the Service. Analytics data is aggregated and does not identify individual users. Analytics cookies are only loaded after you have provided consent via our cookie banner

For full details of how we use cookies and how to manage your preferences, see our Cookie Policy.

13. Chrome Extension Data Practices

13.1 URL Collection on Active Tabs

The PulseIntel Chrome extension reads the URL of the active browser tab solely to identify the company domain you are visiting. This allows the extension to provide relevant company intelligence and CRM context for sales workflows. The full URL is not stored, transmitted to third parties, or used for any purpose beyond company domain identification. No browsing history is collected or maintained.

13.2 Firebase Authentication

The extension authenticates users through Firebase Authentication to verify identity and authorise access to PulseIntel services. Firebase authentication tokens are stored in the browser's chrome.storage.local and are refreshed automatically when they expire. These tokens are used solely to authenticate API calls to PulseIntel Cloud Functions and are cleared when you sign out of the extension.

13.3 Cloud Function Calls

The extension makes authenticated API calls to PulseIntel Cloud Functions (hosted at europe-west1-pulseintel-eu.cloudfunctions.net) to retrieve company intelligence, CRM account data, AI-generated content, and cadence information. All API calls are authenticated with Firebase ID tokens. No data is transmitted to any third-party service through the extension; all communication flows between the extension and PulseIntel servers.

13.4 Local Data Storage (chrome.storage.local)

The extension stores the following data types locally on your device using Chrome's chrome.storage.local API:

  • Authentication tokens — cleared when you sign out
  • Company profile cache — temporary cache (30-minute TTL) to reduce API calls when revisiting the same company
  • User preferences — your notification settings, AI generation tone, and detection mode
  • Cadence state — active sales cadence progress and step reminders
  • Notification throttle timestamps — prevents duplicate notifications

No data is synced to chrome.storage.sync or shared across devices. All locally stored data is cleared when you sign out using the sign-out option in the extension settings.

14. Data Security

We implement appropriate technical and organisational measures to protect your data:

  • Encryption in transit: All data transmitted between your browser/extension and our servers is encrypted using TLS 1.2 or higher
  • Encryption at rest: Data stored in our databases and cloud storage is encrypted using AES-256 encryption
  • Access controls: Role-based access controls limit data access to authorised personnel only
  • Firebase Security Rules: Granular security rules enforce data isolation between users and companies
  • OAuth token security: Google OAuth tokens are stored securely and refreshed automatically; we do not store your Google password
  • Regular reviews: We periodically review and update our security practices

While we strive to use commercially acceptable means to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

15. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child under 16, please contact us at info@pulseintel.co.uk.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this policy
  • Notify you by email or through a prominent notice on the Service
  • Where required by law, obtain your consent to material changes

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

17. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

If you are in the EEA or UK and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.