← Home

Privacy Policy

Last updated: May 20, 2026

1. Introduction

PulsoEarn (“we,” “us,” or “our”) operates the PulsoEarn ambassador platform at pulsoearn.app. This Privacy Policy explains how we collect, use, share, and protect personal information when you use our platform. By using PulsoEarn, you agree to this Privacy Policy.

2. Data We Collect

We collect information you provide directly:

  • Profile Data: Name, email address, and phone number.
  • Financial Data: Tax identifiers and future disbursement information, collected and processed by approved providers when that phase is enabled. We do not store raw financial account numbers.
  • Contractor Data: Tax form information (W-9) processed via Docuseal.
  • Activity Data: Your referral link performance, sales records, commission history, and platform usage.

We collect automatically:

  • Link Tracking Data: When someone clicks your referral link, we record a click event. We do not store the raw IP address of the person clicking. We store a one-way cryptographic hash (SHA-256) of the IP address for fraud detection and deduplication only.
  • Session Data: Authentication session tokens managed via Supabase.
  • Crash Reports and Diagnostics: We use Sentry to capture error reports when the application encounters a problem. Reports may include browser type, page URL, and error context. We do not send personally identifiable form data to Sentry.
  • Session Replay (Sentry): Approximately 5% of user sessions and 100% of sessions in which an error occurs are recorded as anonymized diagnostic replays. All visible text and all form inputs are masked before transmission — we do not capture what you type, including your email address or login codes. No audio or video of you is ever recorded.

We do not collect:

  • Protected health information (PHI) or medical records of any kind.
  • Social media passwords or private account credentials.
  • Data through advertising trackers, behavioral analytics platforms, Google Analytics, or Meta Pixel.

3. How We Use Your Data

  • To operate the platform and process your ambassador application.
  • To calculate tracked commission records and support future disbursement operations if that phase is enabled.
  • To provide you analytics on your referral link performance.
  • To detect and prevent fraud and platform abuse.
  • To comply with tax reporting obligations (1099-NEC / W-9).
  • To send you transactional communications (sign-in links, application decisions, and account notices).
  • To send you marketing communications only if you have opted in.

4. Data Sharing

We share your data only as follows:

  • Brand Administrators: When you apply to represent a brand, your profile data is shared with that brand's administrator.
  • Supabase: Our database provider. Data is stored in US-East-1. See Supabase Privacy Policy.
  • Disbursement providers: Process future disbursement setup only if that phase is enabled.
  • Docuseal: Processes your contractor agreement e-signature.
  • Resend: Delivers transactional and marketing emails on our behalf.
  • Sentry, Inc.: Receives anonymized crash reports and masked session replay recordings for error diagnostics. All text and inputs are masked before transmission. See Sentry Privacy Policy.

We do not sell your personal information.

We do not sell, rent, or share your personal information with third parties for their own marketing or advertising purposes.

5. Cookies and Tracking

We use cookies only for authentication purposes. These are strictly necessary session cookies managed by Supabase. We do not use advertising cookies, analytics cookies, or any third-party tracking scripts. You cannot opt out of strictly necessary session cookies without losing the ability to log in.

6. Data Retention

  • Profile and activity data: Retained for 3 years after your last activity, then deleted upon request.
  • Commission and financial records: Retained for 7 years to comply with tax reporting obligations.
  • Link tracking events: Retained for 2 years.
  • Deleted accounts: Profile data is anonymized within 30 days of account deletion request. Financial records subject to the 7-year retention minimum remain.

7. Your Rights (California — CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA):

  • Right to Know: You may request disclosure of what personal information we collect, use, disclose, and sell about you.
  • Right to Delete: You may request that we delete your personal information, subject to certain exceptions (e.g., financial record retention obligations).
  • Right to Opt Out of Sale: We do not sell your personal information. No opt-out action is required.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, email us at privacy@pulsoearn.app. We will respond within 45 days.

8. Your Rights (European Union / UK — GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

  • Lawful Basis: We process your data under: (a) contract performance (operating the ambassador program), (b) legal obligation (tax reporting), and (c) legitimate interests (fraud prevention, platform security).
  • Right of Access: You may request a copy of your personal data.
  • Right to Rectification: You may request correction of inaccurate data.
  • Right to Erasure (“Right to be Forgotten”): You may request deletion of your data subject to legal retention requirements.
  • Right to Restriction: You may request we limit processing of your data in certain circumstances.
  • Right to Data Portability: You may request your data in a machine-readable format.
  • Right to Object: You may object to processing based on legitimate interests.

To exercise these rights or to contact our data protection contact, email privacy@pulsoearn.app.

Note: PulsoEarn is a US-based platform. If you are in the EEA/UK, your data will be transferred to the United States. We rely on Supabase's Standard Contractual Clauses for this transfer. An attorney review is required to confirm GDPR transfer mechanism compliance before accepting EU/UK residents.

9. Security

We implement industry-standard technical security measures including row-level security (RLS) on all database tables, rate limiting on all API endpoints, and hashed storage of tracking identifiers. We do not store raw IP addresses of referred consumers.

10. Contact

For privacy requests, questions, or concerns: