Privacy Policy

Pulse (pulse.pulsecircle.studio) Effective date: July 2, 2026 Last updated: July 2, 2026

This Privacy Policy describes how Pulse (“Pulse”, “we”, “us”) collects, uses, and shares information when you use our website, our analytics platform, our SDKs, and our integrations (together, the “Services”).

Pulse is operated by Pulse Circle L.L.C-FZ, Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E. (the “Company”). For privacy matters, contact us at rost@pulsecircle.studio.


1. Who this policy covers — and our two roles

Pulse is a growth analytics platform for app developers. Because of what the product does, we handle data in two distinct roles:

(a) Pulse as a data controller. For our customers (developers and companies who create a Pulse account) and for visitors of our website, we decide how and why data is processed. Sections 2–4 describe this.

(b) Pulse as a data processor / service provider. Our customers use the Pulse SDK and integrations to analyze their own end users. For that end-user data, our customer is the data controller and Pulse processes the data only on the customer’s instructions, under our data processing terms. Section 5 describes this. If you are an end user of an app that uses Pulse, the privacy policy of that app governs how your data is used; please direct requests to the app’s developer. We will assist our customers in fulfilling such requests.

2. Information we collect as a controller

Account information. Name, email address, company name, and password hash when you create an account; billing details (processed by our payment provider — we do not store full card numbers).

Website usage. When you visit pulse.pulsecircle.studio we collect standard technical data: IP address, browser type, pages viewed, referrer, and approximate (city-level) location derived from IP. We use privacy-respecting, cookie-minimal analytics on the website.

Communications. Messages you send us (support, feedback, waitlist forms) and our responses.

Connected-service data. When you connect third-party services to Pulse, we receive data from those services as described in Section 3.

3. Data received from connected services

Pulse only accesses third-party data after you explicitly connect a service through its official authorization flow (OAuth or API keys you generate). You can disconnect any service at any time, which stops further collection.

Meta (Facebook) Ads. When you connect a Meta ad account, we access advertising data through the Meta Marketing API, including: campaign, ad set, and ad structures and names; spend, impressions, clicks, and conversion metrics; and account currency and settings. We use this data solely to provide you with analytics, insights, and recommendations about your own advertising performance. We do not sell this data, do not use it to build advertising profiles of individuals, and do not share it with other customers.

Google Ads. When you connect a Google Ads account, we access campaign structures, performance metrics (spend, impressions, clicks, conversions), and account settings via the Google Ads API, for the same purposes described above.

Pulse’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we only use Google user data to provide and improve user-facing features of Pulse that are prominent to you; we do not transfer it except as necessary to provide those features, for security, or to comply with law; we do not use it for advertising; and we do not allow humans to read it except with your consent, for security purposes, to comply with law, or when aggregated and anonymized.

RevenueCat. When you connect RevenueCat, we receive subscription lifecycle data for your app: purchases, renewals, cancellations, billing issues, product identifiers, prices and currencies, and RevenueCat app user identifiers.

Apple App Store / Google Play. When you provide App Store Connect API keys or Google Play service-account credentials, we receive transaction and subscription data, sales and download reports, and store notifications for your apps. We store your API credentials encrypted and use them only to fetch this data.

4. How we use information (as controller)

We use the information described in Sections 2–3 to: provide, maintain, and improve the Services; generate analytics, answers, and recommendations you request; detect anomalies and send you alerts and digests you have enabled; provide support; process payments; secure the Services and prevent abuse; and comply with legal obligations.

AI features. Pulse uses large language models to answer your questions and generate recommendations. Your connected data is provided to the model only to answer your queries and produce your insights. We do not permit our AI providers to use your data to train their models. Aggregated, de-identified patterns that cannot be linked to you or your end users may be used to improve Pulse’s recommendation quality.

We do not sell personal information. We do not share your business data (revenue, ad performance, product metrics) with other Pulse customers in any identifiable form.

5. End-user data processed via the Pulse SDK (processor role)

Our customers embed the Pulse SDK in their apps and websites. On the customer’s instructions, the SDK collects: event data (actions defined by the developer, such as screen views or purchases), pseudonymous identifiers (a random anonymous ID and, if the developer sets one, a user ID), timestamps, SDK version, and campaign parameters (UTM tags) present at first visit. The SDK does not collect precise geolocation and does not access contacts, photos, or files.

We process this data solely to provide the Services to the relevant customer, retain it for the duration of the customer relationship (or shorter retention set by the customer), and delete or return it on the customer’s instruction. We impose confidentiality and security obligations on any subprocessors. A list of subprocessors is available on request.

Where GDPR or UK GDPR applies and Pulse acts as controller, we rely on: performance of a contract (providing the Services you signed up for), legitimate interests (securing and improving the Services, business communications), consent (where required, e.g., certain cookies or marketing), and legal obligation (accounting, tax).

7. Sharing

We share information only with: service providers who help us run Pulse (cloud hosting on Google Cloud Platform, payment processing, email delivery, AI model providers), bound by contractual confidentiality and data-protection obligations; authorities, where required by law; and a successor entity in the event of a merger, acquisition, or asset sale (we will notify you of any such change).

8. International transfers

Our infrastructure is hosted on Google Cloud Platform. Where personal data is transferred outside the EEA/UK, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and equivalent mechanisms.

9. Retention

Account data is kept while your account is active and deleted or anonymized within 90 days of account closure, except where longer retention is required by law (e.g., invoices). Connected-service data is refreshed continuously and deleted when you disconnect the service or close your account. Website logs are kept up to 12 months.

10. Security

We use industry-standard measures: encryption in transit (TLS) and at rest, hashed API keys and credentials, network isolation of databases (no public database access), least-privilege access controls, and audit logging. No system is perfectly secure; if we learn of a breach affecting your personal data, we will notify you as required by law.

11. Your rights

Depending on your location, you may have the right to access, correct, delete, or export your personal data, object to or restrict certain processing, and withdraw consent. To exercise these rights, email rost@pulsecircle.studio. We respond within the timelines required by applicable law. EEA/UK residents may also lodge a complaint with their supervisory authority. If you are an end user of a customer’s app, please contact that app’s developer (see Section 1); we will support the developer in fulfilling your request.

12. Cookies

Our website uses strictly necessary cookies and privacy-respecting analytics. We do not use third-party advertising cookies on our website. The Pulse SDK does not set advertising cookies in our customers’ apps.

13. Children

The Services are not directed to children under 16, and we do not knowingly collect personal data from them. Our customers are responsible for ensuring their apps comply with children’s privacy laws applicable to their audiences.

14. Changes

We may update this policy from time to time. Material changes will be announced on this page (and by email for account holders) with an updated effective date. Continued use of the Services after changes take effect constitutes acceptance.

15. Contact

Pulse Circle L.L.C-FZ Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E. rost@pulsecircle.studio