Privacy Policy
Effective Date: June 1, 2025
Last Updated: May 16, 2025
This document outlines how PolicyPulse collects, uses, and protects your personal data.
A public archive of prior versions is available at https://app.policypulse.com/privacy-archive.
1. Introduction
Welcome to PolicyPulse ("we," "our," "us," or the "Company"). PolicyPulse, Inc. is a Delaware corporation with its principal place of business at 555 S 1st Street, Harrison, NJ 07029.
We are committed to protecting your privacy and ensuring you have a positive experience when using our services. This Privacy Policy explains how we collect, use, store, protect, and share your personal information when you use our websites, products, and services (collectively, the "Services").
By using our Services, you agree to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@policypulse.co.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions regarding this Privacy Policy. You can contact our DPO at:
- Name: Jane Smith
- Email: dpo@policypulse.co
- Address: 555 S 1st Street, Harrison, NJ 07029
Supervisory Authority
For users in the European Union, the lead supervisory authority for PolicyPulse under the GDPR is the Irish Data Protection Commission. You have the right to lodge a complaint with the Irish Data Protection Commission or any other European supervisory authority. You can contact the Irish Data Protection Commission at:
- 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
- Website: www.dataprotection.ie
- Phone: +353 57 868 4800
2. Information We Collect
Information You Provide to Us
We collect information you provide directly to us, such as:
- Account Information: When you register for an account, we collect your name, email address, and password. Retention period: As long as your account is active plus 3 years following account closure or inactivity.
- Profile Information: Information you add to your profile, such as a profile picture, job title, or organization. Retention period: As long as your account is active plus 3 years following account closure or inactivity.
- Payment Information: When you subscribe to our paid services, we collect payment information, including credit card details or other payment account information. Retention period: As required by law for financial record-keeping (typically 7 years for transaction records).
- Content: Any content you upload to our Services, including policy text for summarization, saved summaries, and any custom datasets. Retention period: As long as your account is active plus 1 year following account closure or inactivity.
- Communications: Information you provide when you contact us for customer support or communicate with us in any other way. Retention period: 3 years from the date of communication.
Information We Collect Automatically
When you use our Services, we automatically collect certain information, including:
- Device Information: Information about the device you use to access our Services, including the hardware model, operating system, unique device identifiers, and mobile network information. Retention period: 14 months.
- Log Information: Information about your use of our Services, such as the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to our Services. Retention period: 12 months.
- Usage Information: Information about your interactions with our Services, such as the features you use, the actions you take, and the time, frequency, and duration of your activities. Retention period: 14 months.
3. Cookies and Other Tracking Technologies
We and our third-party service providers use cookies and similar technologies (e.g., web beacons, pixels, tags, and device identifiers) to recognize you and/or your device(s) on, off, and across different Services and devices. We also allow others to use cookies and similar technologies as described in this section.
Cookie Consent Mechanism
When you first visit our website, you will be presented with a cookie banner that allows you to accept or decline non-essential cookies. This banner provides:
- A clear explanation of the cookies we use and their purposes
- Options to accept all cookies, reject non-essential cookies, or customize your preferences
- A link to this Privacy Policy for more detailed information
You can change your cookie preferences at any time by clicking the "Cookie Preferences" link in the footer of our website. Our cookie preference center allows granular control over different categories of cookies.
We use the following types of cookies:
- Necessary Cookies: These cookies are required for the basic functionality of our website and cannot be turned off. They are usually only set in response to actions you take, such as setting your privacy preferences, logging in, or filling out forms. Retention period: Session to 2 years. Examples: auth_token, csrf_token, session_id.
- Functional Cookies: These cookies enable enhanced functionality and personalization. They may be set by us or third-party providers whose services we use on our pages. If you disable these cookies, some or all of these services may not function properly. Retention period: Session to 1 year. Examples: language_preference, display_settings.
- Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. Retention period: 14 months. Examples: _ga (Google Analytics), _pk_id (Matomo).
- Marketing Cookies: These cookies are used to track visitors across websites to display relevant ads and marketing campaigns. Retention period: 13 months. Examples: _fbp (Facebook Pixel), ads_conversion.
For a complete and up-to-date list of the cookies we use, including the third parties who set these cookies and their retention periods, please visit our Cookie Declaration page.
You can also control cookies through your browser settings and other tools. To opt out of analytics cookies, you can visit the Digital Advertising Alliance's opt-out portal at: http://optout.aboutads.info/.
Please note that if you disable cookies, some features of our Services may not function properly.
4. How We Use Your Information
We use the information we collect for the following purposes and legal bases under the GDPR:
GDPR Lawful Basis Table
| Processing Purpose | Data Categories | Lawful Basis |
|---|---|---|
| Account creation and management | Account Information, Profile Information | Performance of Contract |
| Processing payments and subscriptions | Payment Information, Account Information | Performance of Contract |
| Providing core service functionality (policy summarization, analysis) | Content, Usage Information | Performance of Contract |
| Customer support and communication | Communications, Account Information | Performance of Contract |
| Service improvement and feature development | Usage Information, Device Information, Log Information | Legitimate Interest |
| Marketing communications | Account Information, Profile Information | Consent |
| Security and fraud prevention | Device Information, Log Information, Usage Information | Legitimate Interest |
| Legal compliance | All categories as required | Legal Obligation |
To Provide and Maintain Our Services
Legal basis: Performance of our contract with you.
- Provide, operate, and maintain our Services
- Process transactions and send related information, including confirmations, receipts, and invoices
- Send technical notices, updates, security alerts, and support and administrative messages
- Respond to your comments, questions, and requests, and provide customer service
To Improve and Develop Our Services
Legal basis: Our legitimate interests in improving our Services.
- Monitor and analyze trends, usage, and activities in connection with our Services
- Debug to identify and repair errors in our Services
- Personalize and improve the Services, including providing or recommending content and features
For Marketing Purposes
Legal basis: Your consent and our legitimate interests in promoting our Services.
- Communicate with you about products, services, offers, promotions, and events, and provide other news or information about us and our partners
- Facilitate contests, sweepstakes, or promotions and process and deliver entries and rewards
For Security and Legal Compliance
Legal basis: Our legitimate interests in ensuring the security of our Services and compliance with legal obligations.
- Detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity
- Protect the rights, property, and safety of PolicyPulse, our users, and others
- Comply with applicable laws, regulations, legal processes, or governmental requests
5. How We Share Your Information
We may share information about you as follows:
- With Service Providers: We may share your information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as hosting services (AWS, Google Cloud), payment processing (Stripe), analytics (Google Analytics, Mixpanel), and customer service platforms (Zendesk, Intercom).
- For Legal Reasons: We may share information if we believe disclosure is necessary to comply with any applicable law, regulation, legal process, or governmental request.
- To Protect Rights and Safety: We may share information to protect the rights, property, and safety of PolicyPulse, our users, and others.
- With Your Consent: We may share information with your consent or at your direction.
- Business Transfers: If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
We do not sell your personal information as defined under the CCPA.
Third-Party Processors & Sub-Processors
PolicyPulse uses the following categories of third-party service providers to process data on our behalf. For each provider, we have links to their respective privacy policies:
- Cloud Infrastructure: Amazon Web Services (AWS), Google Cloud Platform
- Payment Processing: Stripe
- Analytics: Google Analytics, Mixpanel
- Customer Support: Zendesk, Intercom
- Email Services: Mailchimp, Twilio SendGrid
- AI Services: OpenAI, DeepSeek
We only share information with these service providers to the extent necessary for them to provide their services to us. They are prohibited from using your personal information for any other purposes and are required to maintain the confidentiality, security, and integrity of the personal information they process on our behalf.
6. Automated Decision-Making & Profiling
PolicyPulse uses automated systems, including artificial intelligence, to process and analyze policy documents. This includes:
- AI-Powered Summarization: We use AI to automatically summarize lengthy legal policies into concise, user-friendly formats.
- Clause Classification: Our system automatically identifies and tags different types of clauses in legal documents (e.g., data sharing, auto-renewal, liability limitations).
- Risk Scoring: We use automated systems to evaluate and score the potential risk level of certain policy provisions.
While these automated systems help us provide our core Services, they may produce legal or similarly significant effects for you, such as assessments of policy risk levels that could influence your decision-making.
Your Rights: Under the GDPR and other applicable laws, you have the right to:
- Obtain human intervention in the automated decision-making process
- Express your point of view regarding an automated decision
- Contest any automated decision
- Request an explanation of how an automated decision was reached
To exercise these rights, please contact us at support@policypulse.co.
6. Transfers of Your Information
PolicyPulse is based in the United States, and the information we collect is governed by U.S. law. If you are accessing our Services from outside the United States, please be aware that information collected through the Services may be transferred to, processed, stored, and used in the United States and other jurisdictions.
When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on one or more of the following legal mechanisms: Standard Contractual Clauses, consent of the individual, and/or binding corporate rules. To learn more about these safeguards, please contact us at privacy@policypulse.co.
7. Data Security
We take the security of your personal information seriously and use appropriate technical and organizational measures to protect your personal information against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include:
- Technical Safeguards: Encryption of personal data both in transit (using TLS) and at rest, regular security assessments, secure development practices, multi-factor authentication, and intrusion detection systems.
- Organizational Safeguards: Regular security training for employees, access controls and permissions based on the principle of least privilege, confidentiality obligations for employees and contractors, and background checks for employees with access to sensitive data.
- Physical Safeguards: Secure data centers with controlled access, surveillance systems, and physical security measures for our offices.
However, no security system is impenetrable, and we cannot guarantee the absolute security of our systems. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us at security@policypulse.co.
Data Breach Procedures
In the event of a data breach that affects your personal information, we will:
- Notify affected users without undue delay, typically within 72 hours of becoming aware of the breach, if the breach is likely to result in a high risk to your rights and freedoms.
- Provide you with information about the nature of the breach, the categories and approximate number of personal data records concerned, the likely consequences of the breach, and the measures taken or proposed to address the breach.
- Notify relevant supervisory authorities as required by applicable law.
8. Your Rights and Choices
Access and Control of Your Information
You may update, correct, or delete your account information at any time by logging into your account. If you wish to delete your account, please contact us at support@policypulse.co.
Marketing Communications
You may opt out of receiving promotional emails from us by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
You may withdraw any consent—such as for cookies or marketing communications—at any time via our Preference Center or by emailing privacy@policypulse.co.
Your Rights Under the GDPR
If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights with respect to your personal data:
- Right of Access: You have the right to request a copy of the personal information we hold about you.
- Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
- Right to Erasure: You have the right to request that we delete your personal information under certain circumstances.
- Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information under certain circumstances.
- Right to Data Portability: You have the right to request that we transfer your personal information to another service provider under certain circumstances.
- Right to Object: You have the right to object to the processing of your personal information under certain circumstances.
- Right to Withdraw Consent: If we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.
To exercise these rights, please contact us at privacy@policypulse.co. We will respond to your request within 30 days. Please note that we may ask you to verify your identity before responding to such requests.
You also have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal information violates applicable law.
Your Rights Under the CCPA
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information. These include:
- Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the personal information, our business or commercial purpose for collecting personal information, the categories of personal information that we have disclosed for a business purpose, and the categories of third parties with whom we share personal information.
- Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
- Right to Opt-Out of Sales: You have the right to opt-out of the sale of your personal information. However, we do not sell your personal information as defined under the CCPA.
- Right to Non-Discrimination: You have the right not to be discriminated against for exercising your CCPA rights.
To exercise your rights under the CCPA, please contact us at privacy@policypulse.co or call us at 617-784-0352. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.
9. Children's Privacy and Parental Consent
Our Services are not directed to children under 16 years of age, and we do not knowingly collect personal information from children under 16. For children under 13, we comply with the Children's Online Privacy Protection Act (COPPA).
Verifiable Parental Consent
In the rare case that our Services would collect information from children under 13, we would:
- Obtain verifiable parental consent before collecting any personal information from a child under 13
- Provide parents with the option to review, modify, or delete their child's information
- Limit the collection of personal information to only what is reasonably necessary for participation in the activity
Methods of Obtaining Parental Consent
To obtain verifiable parental consent, we may use one or more of the following methods:
- Requiring a parent to sign a consent form and return it via email, mail, or electronic scan
- Collecting credit/debit card information from the parent for verification purposes
- Connecting to trained personnel via video conference
- Verifying government-issued ID against databases of such information
Parental Rights
Parents or legal guardians have the right to:
- Review the personal information collected from their child
- Request that we delete their child's personal information
- Refuse to allow further collection or use of their child's information
- Revoke previously given consent at any time
If we learn we have collected personal information from a child under 13 without proper parental consent, we will delete that information as quickly as possible. If you believe we might have any information from or about a child under 13 without proper parental consent, or if you believe that a child under the age of 16 has provided us with personal information, please contact us immediately at privacy@policypulse.co.
10. Detailed Data Retention Schedule
We retain different types of personal information for different periods of time based on our legitimate business purposes and legal obligations. Here is our detailed retention schedule:
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Account Information | Active account + 3 years following closure | Business continuity, reactivation potential |
| Profile Information | Active account + 3 years following closure | Business continuity, reactivation potential |
| Payment Information | 7 years from transaction date | Financial record-keeping, tax compliance |
| Content (policy text, summaries) | Active account + 1 year following closure | Service functionality, customer request handling |
| Communications | 3 years from date of communication | Support resolution, training, quality assurance |
| Device Information | 14 months from collection | Security, fraud prevention, service improvement |
| Log Information | 12 months from collection | Security, technical troubleshooting |
| Usage Information | 14 months from collection | Service improvement, analytics |
| Necessary Cookies | Session to 2 years | Essential website functionality |
| Analytics Cookies | 14 months | Service improvement, user experience optimization |
| Marketing Cookies | 13 months | Marketing effectiveness |
At the end of the applicable retention period, we will securely delete or anonymize your personal information. If it is not possible to delete or anonymize certain information (for technical reasons or due to backup systems), we will isolate such data from further processing until deletion is possible.
11. Notice at Collection & "Do Not Sell" Rights
We collect the following categories of personal information at these different touchpoints:
Account Registration
- Identifiers (name, email, username)
- Account login credentials
Subscription Purchase
- Payment information
- Transaction history
Service Usage
- Content uploaded for summarization
- Usage patterns and preferences
- Device and browser information
Customer Support
- Communications content
- Support request details
For each of these categories, the primary purpose of collection is to provide, improve, and personalize our Services as described in this Privacy Policy.
Your Right to Opt Out: Under California law, you have the right to opt out of the "sale" or "sharing" of your personal information. PolicyPulse does not sell your personal information as defined by the CCPA. However, to exercise your right to limit the use of your information for cross-context behavioral advertising or to opt out of targeted advertising, please click on Do Not Sell or Share My Personal Information.
12. Governing Law & Jurisdiction
This Privacy Policy is governed by and construed in accordance with the laws of the State of New Jersey, without giving effect to any principles of conflicts of law. Any legal action or proceeding relating to this Privacy Policy shall be brought exclusively in the state or federal courts located in Hudson County, New Jersey, and you consent to the jurisdiction thereof.
If you are a resident of the European Union, European Economic Area, or United Kingdom, you may have additional rights under the GDPR, and your personal data will be processed in accordance with the GDPR. In the event of any conflict between this Privacy Policy and the GDPR or other applicable data protection laws with respect to the personal data of individuals from those regions, the GDPR or such other laws shall prevail.
Nothing in this Privacy Policy is intended to limit any legal rights you may have under applicable law.
13. Changes to this Privacy Policy
We may change this Privacy Policy from time to time. If we make material changes, we will notify you by:
- Sending an email to the email address associated with your account
- Displaying a prominent notice on our website
- Updating the "Last Updated" date at the top of this Privacy Policy
We encourage you to review the Privacy Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.
Prior versions of this Privacy Policy are archived and available through our public archive link at the top of this page. To request specific previous versions not available in the archive, please contact us at privacy@policypulse.co.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: privacy@policypulse.co
Mail:
Privacy Team
PolicyPulse, Inc.
555 S 1st Street
Harrison, NJ 07029
United States
Phone: 617-784-0352
Change Log
You can view all prior versions of our Privacy Policy in our privacy policy archive.
- June 1, 2025: Major update to include DPO information, GDPR lawful basis table, Cookie consent mechanism, Automated decision-making details, Third-party processors list, Enhanced COPPA compliance, Detailed retention schedule, and "Do Not Sell" rights.
- May 16, 2025: Updated with enhanced GDPR and CCPA compliance, added cookie details, data retention periods, and international data transfer information.
- January 1, 2025: Initial version of Privacy Policy.